[clamav-users] Installing question

SCOTT PACKARD Scott.Packard at raytheon.com
Wed Mar 27 13:57:23 EDT 2019


There's almost nothing going on on your web site http://tucson-az-cpa.com/.  It should be an easy job to restore it from whatever offline source you have.
If all you're worried about is "visitors to your site they get a message that the site is unsecured", I think getting https:// going is what you're after.
Maybe go and read https://letsencrypt.org/ .

Regards, Scott

From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of MOHAMED OMAR MAKRAM via clamav-users
Sent: Wednesday, March 27, 2019 10:32 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Cc: MOHAMED OMAR MAKRAM <adamupaccounting at gmail.com>; J.R. <themadbeaker at gmail.com>
Subject: [External] Re: [clamav-users] Installing question

I've had this for few months. The only thing i was able to do is to pay for virus protection but it is so expensive.
Is there a way to find those hidden files? Do you think they are in the db or in the files?
I am moving out to another server right now. Is there a good process to do this without copying the virus along with the files?

Thanks for your help
[Image removed by sender.]

On Wed, Mar 27, 2019 at 10:13 AM J.R. via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
> I do not know if the virus is on the server, in the files, or in the db.
> Here is what I know:
> Under each folder of each site, files appear with a name such as:
> f68z319m.php
> When visitors go to my websites, they get a message that the site is
> unsecured
>
> Does this information help identify the issue, or where to look for the
> virus?

Did you look at the contents of those files? Sounds like someone is
exploiting code to upload files which could then be used to do all
sorts of nasty things. That could be an issue with drupal or packages
on your system being out of date. Often that is just the first step
and once they upload one file they use it to upload a lot more in
hidden directories and modifying files and such...

I hope you have a recent backup...

_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Mohamed Omar Makram, CPA
Osiris CPA, PLLC<http://tucson-az-cpa.com/>
Tele: (520) 906-1863
Fax: (520) 448-0706

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190327/e1a70252/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190327/e1a70252/attachment.jpg>


More information about the clamav-users mailing list