Mass mail (spam) is a very common malware in any cPanel/WHM based web server. It always send massive emails like monster and then causes our web server's IP being blocked and so we couldn't send (real) email. The question is : how to find the source of spam email malware in our web server? Luckily, Linux is built with many useful and powerful tools. We could use cat and grep to seek the malware source. Here are the steps : 1. Find out the users who send mass mail. Command : grep 'cwd=/home' /var/log/exim_mainlog | awk -F/ '{print $3}' | sort | uniq -c | sort -n -k 1 We will get the list of users who send mass mail in a day, like this : 2. Seek the source script. Command : cat /var/log/exim_mainlog | grep user | grep 'date' Example : cat /var/log/exim_mainlog | grep forumriau | grep ' 2015-12-31 ' We will get the output like this : As shown in the output, we get the malware path
Linux Desktop, Everyday