These eml files are surly part of the nimda deal due to the readme.exe trying to pass as a wav file. The question is what causes the ablility to write to my server for that matter all over my server, I got 461 .eml files on my machine. Now this is just a server with no squid which is how they recommend fixing this. Any other way? What would cause the ablility to write to a webserver? Or how can I find more information on this deal. This is disturbing. The one thing I dont want is my server going around and spreading this to anyone? What do I need to do till i find the cause or a patch set a cron to run every minute and recurse thru the directorys and delete them every minute? Matt ----- Original Message ----- From: Patrick Duane Dunston <duane@sukkha.homeip.net> To: <security-discuss@linuxsecurity.com> Sent: Saturday, November 10, 2001 9:13 PM Subject: Re: Question about .eml files I am finding > > I am finding files on my filesystem mostly where apache has access and I have no clue why they are showing up on my server nor can I find any information in my logs > > > > Here is the Directory Listing > > > Here are a couple of emails I found. Does this apply to your setup? > > > I found this info on the web: > > http://lugwash.washtenaw.cc.mi.us/linux-users/2001-09/msg00123.html > http://www.mandrakeforum.com/article.php?sid=1205&lang=en > > If not then start preparing to audit your machine for a potential > intrusion attempt. > > http://www.cert.org/tech_tips/intruder_detection_checklist.html > http://www.cert.org/tech_tips/root_compromise.html > > > -- > duane > > > -- > > GnuPG Public Key: http://sukkha.homeip.net/pgp.html > > -- > > Fun reading: 8-) > http://linuxtoday.com/search.php3?author=Duane:Dunston > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
