Virus/Trojan?

I just recently got a Cpanel box, decided it was time I learn it along with the Ensim boxes I already have.

Odd thing though, maybe I'm just not familiar with Cpanel or something funny is up. Excerpt from logwatch follows:

==========
Service: 418 (udp/418) (** OUT_UDP DROP **,none,eth0) - 1 packet
From 69.61.67.140 - 315 packets
To 24.14.49.37 - 1 packet
Service: 17853 (tcp/17853) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 24.43.116.232 - 1 packet
Service: 1135 (tcp/1135) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 24.228.45.213 - 1 packet
Service: 1410 (tcp/1410) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 60.240.47.22 - 1 packet
Service: 4905 (tcp/4905) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 61.10.224.50 - 1 packet
Service: 1453 (tcp/1453) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 61.51.41.49 - 1 packet
Service: 3781 (tcp/3781) (** OUT_TCP DROP **,none,eth0) - 1 packet
To 61.74.30.149 - 1 packet
Service: 1032 (tcp/1032) (** OUT_TCP DROP **,none,eth0) - 1 packet
==========

Etc etc, it goes on a lot more. IN_tcp drop I'm used to seeing, but OUT is not something I've seen coming from one of my boxes. Rkhunter/chkrootkit find nothing, so I ran Clamscan on the entire box, and it comes back with:

==========
//root/clamav-0.84.tar: ClamAV-Test-File FOUND
LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: Multipart MIME message contains no boundaries
LibClamAV Warning: Multipart MIME message contains no boundaries
//usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.5p1/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
LibClamAV Warning: Multipart MIME message contains no boundaries
//usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.5/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
LibClamAV Error: cli_untar: only standard TAR files are currently supported
//usr/local/cpanel/3rdparty/mailman/tests/msgs/nimda.txt: Exploit.IFrame.Gen FOUND
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Warning: HQX8 messages not yet supported - if you believe this file contains a virus, report it to bugs@clamav.net
LibClamAV Warning: Corrupt BinHex file, claims it is 1748264259 bytes long in a message of 9685 bytes
LibClamAV Warning: HQX8 messages not yet supported - if you believe this file contains a virus, report it to bugs@clamav.net
LibClamAV Warning: Corrupt BinHex file, claims it is 1748264259 bytes long in a message of 9685 bytes

----------- SCAN SUMMARY -----------
Known viruses: 34297
Engine version: 0.84
Scanned directories: 8774
Scanned files: 87341
Infected files: 8
Data scanned: 4004.17 MB
==========

The Test file found I understand.. What the heck is the rest of this?

Thanks for any info/help/

 

 

 

 

Top