Scan for malicious code on server

Hi ,one of the users on our server is sending spam from our server thru php or cgi script.
Because in our log it only shows that apache has sent an email.

How can I find out which user is sending it or is there some programs or scripts that will allow me to scan for malicious mail sending scirpts?

Who is Participating?

Improve company productivity with a Business Account.Sign Up

webtransConnect With a Mentor Commented:
use this to analyse ur apache log file
it will give u a clue
first u have to find out which script is sending the email
then check the log for which ip is requesting this folder
basara55Author Commented:
Well yes thats the problem I am having , How can I find out there is trizillion scripts and users on the server.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

what server side scripting language are avilable on the server?
basara55Author Commented:
php , jsp , cgi (perl)
The apache logfile in /var/log will show you which user accessed what by their ip addresses.
_GeG_Connect With a Mentor Commented:
get a spam mail with headers. Now check for the sending date and time. Next check the apache log for all php/cgi/jsp request a little before this time. Then check which of those scripts can send mail. Last find the IP for this request and if it is (hopefully) a static IP send it a virus :(
My guess: look in apache logs for formmail ;)
ahoffmannConnect With a Mentor Commented:
find /path/to/files -type f -exec egrep -i 'smtp|telnet|mail|socket' {} \; -print
> This question has been classified as abandoned because there are no comments in the last 21 days.
lol, last post from May 2004

BTW I think my answer provided a usable solution....

>>lol, last post from May 2004
Well... it is at least 2004 :)) Not older :)
> BTW I think my answer provided a usable solution....
so I do ...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.