Hallo,
habe heute in den Logs das hier entdeckt:
Hab ich eine ein bösen code der mir meine DB ändert ? Ich verstehe dieses fd[10] nicht...
habe heute in den Logs das hier entdeckt:
Code:
Thu Jan 28 00:00:17 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 00:43:14 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 00:43:14 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 00:43:28 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 01:43:33 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 01:43:33 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 01:43:49 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 02:43:49 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 02:43:50 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 02:44:06 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 03:10:01 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 03:10:02 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 03:10:02 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 03:10:03 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 03:44:08 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 03:44:10 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 03:44:27 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 04:44:46 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 04:44:46 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 04:44:59 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 05:45:02 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 05:45:03 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 05:45:20 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 06:00:31 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 06:00:31 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 06:00:31 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 06:00:32 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 06:28:41 2021 -> /var/lib/amavis/tmp/amavis-20210128T061106-31297-pbDTJYy2/parts/p001: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(5f9170061bada6bdb78859e3b97db8ab:2965) FOUND
Thu Jan 28 06:45:33 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 06:45:36 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 06:45:55 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 07:46:07 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 07:46:08 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 07:46:21 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 08:46:23 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 08:46:24 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 08:46:36 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 09:00:52 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 09:00:53 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 09:00:53 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 09:00:54 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 09:46:50 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 09:46:52 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 09:47:34 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 10:47:35 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 10:47:36 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 10:47:48 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 11:47:50 2021 -> SelfCheck: Database modification detected. Forcing reload.
Thu Jan 28 11:47:51 2021 -> Reading databases from /var/lib/clamav
Thu Jan 28 11:48:05 2021 -> Database correctly reloaded (8723675 signatures)
Thu Jan 28 12:00:59 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 12:00:59 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Thu Jan 28 12:01:00 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(306e3f6d02bc292209d96aa088da4a5c:3080223) FOUND
Thu Jan 28 12:01:00 2021 -> fd[10]: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL(6246e02f12d69ce72105e6c73e62d0ad:13744149) FOUND
Hab ich eine ein bösen code der mir meine DB ändert ? Ich verstehe dieses fd[10] nicht...