Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2012
    Posts
    265

    My virus scanner found a trojan in the backup files of one of my sites

    The trojan was found in the directory I backed up one of my websites:

    C:\blah\blah\domain\_\mail\new\somenumbers-hostname-someletters

    This is very strange to me because I don't use mail on that domain.

    Why is there a mail folder if I have not configured an email?

    Why are there lots of files in the mail folder if I don't use mail?

  2. #2
    Join Date
    Dec 2011
    Location
    Netherlands
    Posts
    831
    Usually (at least for cpanel) every account created, has a 'domain mail' which is just their username - this might from time to time receive emails (e.g. if catch-all is enabled).
    Since many spam emails contain things like trojans etc, it might very likely just be this.

    You can cat the file (Don't know how to do that on windows ), see which email it was sent to, and from, it should contain the headers.

  3. #3
    Join Date
    May 2004
    Location
    Corona, CA USA
    Posts
    384
    Quote Originally Posted by notaninja View Post
    This is very strange to me because I don't use mail on that domain.

    Why is there a mail folder if I have not configured an email?

    Why are there lots of files in the mail folder if I don't use mail?
    The default behavior of every webserver control panel I have used is to create empty mail folders and support for mail on each new account.

    The mailbox is full of crap because the account is not configured to reject email for non-existent users. Every address a spammer guesses at is accepted. You should configure the account to reject email for non-existent addresses.
    Skeptic Hosting
    Promoting a reality-based lifestyle choice
    Hosting by invitation only, nothing for sale

  4. #4
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    We actually wipe the cPanel username 'mail folder' daily network wide because people aren't aware it exists and, as such, never check it or empty it.

    The first time we did this - we saw disk usage drop by several hundred gigabytes network wide. All cruft that nobody missed because nobody uses the 'default' mail account.

    The very few that have complained - we've advised them how to configure the 'default' email address for the account so that the messages are directed to an actual email account they check/monitor/maintain.

    If you want to see what's there - log into webmail using your cPanel username and password .
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  5. #5
    If you haven't created a mail folder and aren't able to identify the source of the infection, your best bet is to contact the host and let them know about it. I am sure they will help you clean it up.

    Good to know about the default mail folder. I wasn't aware it existed and can't wait to see what's inside. Maybe someone sent me some cash!!!

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by Arthur Burlo View Post
    Good to know about the default mail folder. I wasn't aware it existed and can't wait to see what's inside. Maybe someone sent me some cash!!!
    I hear you've won at least 30 Nigerian Lotteries and you're the heir to about 45 different rich decedents... Better check that mail fast!
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

Similar Threads

  1. Replies: 3
    Last Post: 06-19-2012, 10:21 PM
  2. Cpanel Trojan Scanner - 8 Detected
    By kingspice in forum Hosting Security and Technology
    Replies: 9
    Last Post: 09-26-2005, 05:39 AM
  3. Trojan Scanner
    By WebHostingNeeds in forum Hosting Security and Technology
    Replies: 5
    Last Post: 02-19-2004, 02:24 PM
  4. trojan scanner on cpanel 6 ..does it work?
    By Mr.Biggles in forum Hosting Security and Technology
    Replies: 5
    Last Post: 03-25-2003, 08:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •