----------- SCAN REPORT ----------- TimeStamp: Mon, 20 Dec 2021 11:38:14 +0000 (/usr/sbin/cxs --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/youmedi1/public_html/scanDec20.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra /home/youmedi1/) Scanning /home/youmedi1: '/home/youmedi1/access-logs' # Symlink to [/etc/apache2/logs/domlogs/youmedi1] '/home/youmedi1/www' # Symlink to [public_html] '/home/youmedi1/.cagefs/opt/alt/php73/link/conf' # Symlink to [/opt/alt/php73/etc/php.d] '/home/youmedi1/.cagefs/tmp/.s.PGSQL.5432' # Symlink to [/var/run/postgres/.s.PGSQL.5432] '/home/youmedi1/.cagefs/tmp/mysql.sock' # Symlink to [/var/lib/mysql/mysql.sock] '/home/youmedi1/.cagefs/var/cache/php-eaccelerator' # World writeable directory '/home/youmedi1/.cagefs/var/php/apm/db' # World writeable directory '/home/youmedi1/.cagefs/var/run/screen' # World writeable directory '/home/youmedi1/.cphorde/meta/latest' # Symlink to [horde.backup.sql.20210110] '/home/youmedi1/brynllanleisure.com/wp-content/plugins/seo-by-rank-math/includes/admin/class-serp-preview.php' # Universal decode regex match = [universal decoder] '/home/youmedi1/cheshireprestige.youmediatest4.co.uk/wp-content/uploads/js_composer' # World writeable directory '/home/youmedi1/etc/brynllanleisure.com/bookings.rcube.db.latest' # Symlink to [bookings.rcube.db.1638492669] '/home/youmedi1/etc/brynllanleisure.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1638492669] '/home/youmedi1/etc/freshsalt.co.uk/sales.rcube.db.latest' # Symlink to [sales.rcube.db.1638492669] '/home/youmedi1/etc/oathillsdevelopments.com/info.rcube.db.latest' # Symlink to [info.rcube.db.1638492669] '/home/youmedi1/etc/ravera.co.uk/sales.rcube.db.latest' # Symlink to [sales.rcube.db.1602039443] '/home/youmedi1/freshsalt.co.uk/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/youmedi1/mail/.bookings@brynllanleisure_com' # Symlink to [brynllanleisure.com/bookings] '/home/youmedi1/mail/.info@brynllanleisure_com' # Symlink to [brynllanleisure.com/info] '/home/youmedi1/mail/.info@freshsalt_co_uk' # Symlink to [freshsalt.co.uk/info] '/home/youmedi1/mail/.info@oathillsdevelopments_com' # Symlink to [oathillsdevelopments.com/info] '/home/youmedi1/mail/.mark@ravera_co_uk' # Symlink to [ravera.co.uk/mark] '/home/youmedi1/mail/.sales@freshsalt_co_uk' # Symlink to [freshsalt.co.uk/sales] '/home/youmedi1/mail/.sales@ravera_co_uk' # Symlink to [ravera.co.uk/sales] '/home/youmedi1/mail/freshsalt.co.uk/info/.spam/new/1627533225.M119832P20491.cp7.uk.netnerd.com,S=1033348,W=1047542' # ClamAV detected virus = [Win.Trojan.Filerepmalware-9882244-0] '/home/youmedi1/www.distributorltd.co.uk' # Suspicious directory '/home/youmedi1/www.steelforceuk.co.uk' # Suspicious directory ----------- SCAN SUMMARY ----------- Scanned directories: 21386 Scanned files: 173685 Ignored items: 598 Suspicious matches: 27 Viruses found: 1 Fingerprint matches: 0 Data scanned: 9520.71 MB Scan peak memory: 273216 kB Scan time/item: 0.021 sec Scan time: 4055.560 sec