Cpanel's Backup File

[Samrc]

Last month I had CPanel create a backup file for my personal site.

I downloaded the monster file to my backup hard drive.

 

Tonight while doing a routine scan of my backup drive, I got a VIRUS DETECTED alert on the backup-9.19.2005_18-54-17_samisit.tar.gz backup file. According to McAfee, the file is infected with virus detected: Exploit-MIME.gen.exe and can not be cleaned. It is the ONLY file on the backup drive that came back suspicious. My main hard drive scans clean also.

 

How did it get infected? It went directly from my website to my backup.

Should I delete it? If so, then how do I maintain a monthly backup of the full site?

Is it a mistake, similar code misinterpreted by McAfee?

 

Advice would be appreciated.

[TCH-Dick]

I have ran into this problem before and the cause will be an email that contains a virus.

[TCH-Thomas]

Yep. I have ran in to same thing and it was infected email(s) for me too. In my case it was an email that have ended up in my "default" address. It was before I started using the :fail: thing though, which I assume you use.

[Samrc]

In my case it was an email that have ended up in my "default" address. It was before I started using the :fail: thing though, which I assume you use.

 

I have the default email sent to :fail:

Are you both saying that there is an infected email on my website account somewhere?

How do I clean that out? I do not have any emails there that I can find.

I have Spam Assassin enabled but have not enabled the spam box. Maybe I should so the emails will not be sent on to me but I find it easier to check my "spam email" in one folder....I use Spam Killer on my home machine and it has it's own spam folder that captures the files that spam assassin forwards.

 

I did notice that when I go into manage the email accounts 2 show 0 quota used, one shows 0.43 Meg quota and one shows 0.4 Meg quota used. When I send and receive nothing comes in and those quotas do not change. Is there something I need to clean on the server to clear those out?

 

I have my set email program in my computer to dump any @samisite.com that does not match my addresses in case anything does get through.

And I have no other virus alerts.....only this one. I deleted the file. No emails on my computer come back with the virus.

 

Before I create another backup, I want to make sure I will not have another problem.

Anything else I should do before I do that?

Edited October 22, 2005 by Samrc

[TCH-Bruce]

I had the same problem. Dick showed me a trick. Go into cPanel, select Manage Accounts then select Read Webmail for the Main account. Choose to read with Horde. This will allow you to access all mail folders for your domain. You can delete the offending email that way.

 

What I had found was an email box for myself and then another under my domain name folder. Apparently what happens is cPanel creates mail boxes without creating a domain folder and then when you add a subdomain it creates the domain folder and new mail boxes.

 

HTH

[Samrc]

TCH-BRUCE YOU ARE THE MAN!!!!!!!!!!

 

I have used squirrelmail on a regular basis to check one of the email addresses directly from my website interface. Never tried HORDE. Went in and found MANY emails stored under the standard folders (none that did not belong) from June of this year when I had major problems with my OUTLOOK. Found no wacky emails (something obviously to be wary of) and some responses I expected but never received. Checked every folder and cleared all.

 

Strange that I could find the emails in HORDE but not in SQUIRRELMAIL when the messages were definitely stored in the email address folders I set up a couple years ago. Will set it on my schedule to check HORDE periodically to make sure everything is clear.

 

REALLY appreciate the heads up!!!

 

Now I should be able to make another clean backup as I planned to do this weekend. (fingers crossed)

Edited October 22, 2005 by Samrc

[TCH-Bruce]

When you use Squirrel Mail it will only access a single accounts email folders. using Horde after selecting the main account and you can see every email folder created in your domain and subdomains.