Hi Guys,
I think i got hit by CVE-2023-20032 [1], anyone knows how to indentify
if yes, and how to remove it?
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
I have a lot of data passing clamsmtp that started two days ago, and i
have thousands of this every minute, but still didn't figured out where
it is being executed.
Thanks in advanced,
Fri Sep 1 11:50:51 2023 -> /var/spool/clamsmtp/clamsmtpd.bRD1ml:
sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL(59b7bfb602fb2d583ffac90d71155fe0:618)
FOUND
Fri Sep 1 11:50:51 2023 -> /var/spool/clamsmtp/clamsmtpd.yhhE0l:
sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL(144eec09fe09ec3ecb66c5c1daab6da0:618)
FOUND
Fri Sep 1 11:50:51 2023 -> /var/spool/clamsmtp/clamsmtpd.Hsneas:
sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL(5c452a43ebfb8b4a5a3f67310d64e1f3:618)
FOUND
Fri Sep 1 11:50:51 2023 -> /var/spool/clamsmtp/clamsmtpd.72Tre8:
sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.720.UNOFFICIAL(39a30e65fe97a7b95352f20f1fa2dbfc:618)
FOUND
Links:
------
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
