----------- SCAN REPORT ----------- TimeStamp: Tue, 28 Sep 2021 14:07:01 +0000 (/usr/sbin/cxs --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/youmedi1/public_html/scan.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra /home/youmedi1) Scanning /home/youmedi1: '/home/youmedi1/access-logs' # Symlink to [/etc/apache2/logs/domlogs/youmedi1] '/home/youmedi1/www' # Symlink to [public_html] '/home/youmedi1/.cagefs/opt/alt/php73/link/conf' # Symlink to [/opt/alt/php73/etc/php.d] '/home/youmedi1/.cagefs/tmp/.s.PGSQL.5432' # Symlink to [/var/run/postgres/.s.PGSQL.5432] '/home/youmedi1/.cagefs/tmp/mysql.sock' # Symlink to [/var/lib/mysql/mysql.sock] '/home/youmedi1/.cphorde/meta/latest' # Symlink to [horde.backup.sql.20210110] '/home/youmedi1/brynllanleisure.com/wp-content/plugins/seo-by-rank-math/includes/admin/class-serp-preview.php' # Universal decode regex match = [universal decoder] '/home/youmedi1/distributorltd.co.uk/wp-includes/wp-vcd.php' # Known exploit = [Fingerprint Match] [WP Exploit [P1403]] '/home/youmedi1/etc/brynllanleisure.com/bookings.rcube.db.latest' # Symlink to [bookings.rcube.db.1630284848] '/home/youmedi1/etc/brynllanleisure.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1630284848] '/home/youmedi1/etc/freshsalt.co.uk/sales.rcube.db.latest' # Symlink to [sales.rcube.db.1630284848] '/home/youmedi1/etc/oathillsdevelopments.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1630284848] '/home/youmedi1/etc/ravera.co.uk/sales.rcube.db.latest' # Symlink to [sales.rcube.db.1602039443] '/home/youmedi1/freshsalt.co.uk/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/youmedi1/freshsalt.co.uk/wp-includes/wp-vcd.php' # Known exploit = [Fingerprint Match] [WP Exploit [P1403]] '/home/youmedi1/mail/.bookings@brynllanleisure_com' # Symlink to [brynllanleisure.com/bookings] '/home/youmedi1/mail/.info@brynllanleisure_com' # Symlink to [brynllanleisure.com/info] '/home/youmedi1/mail/.info@freshsalt_co_uk' # Symlink to [freshsalt.co.uk/info] '/home/youmedi1/mail/.info@oathillsdevelopments_com' # Symlink to [oathillsdevelopments.com/info] '/home/youmedi1/mail/.mark@ravera_co_uk' # Symlink to [ravera.co.uk/mark] '/home/youmedi1/mail/.sales@freshsalt_co_uk' # Symlink to [freshsalt.co.uk/sales] '/home/youmedi1/mail/.sales@ravera_co_uk' # Symlink to [ravera.co.uk/sales] '/home/youmedi1/mail/freshsalt.co.uk/info/.spam/new/1627533225.M119832P20491.cp7.uk.netnerd.com,S=1033348,W=1047542' # ClamAV detected virus = [Win.Trojan.Filerepmalware-9882244-0] '/home/youmedi1/www.distributorltd.co.uk' # Suspicious directory '/home/youmedi1/www.steelforceuk.co.uk' # Suspicious directory ----------- SCAN SUMMARY ----------- Scanned directories: 19262 Scanned files: 161733 Ignored items: 621 Suspicious matches: 25 Viruses found: 1 Fingerprint matches: 2 Data scanned: 8872.96 MB Scan peak memory: 268356 kB Scan time/item: 0.022 sec Scan time: 3976.906 sec