----------- SCAN REPORT -----------
TimeStamp: Sat, 24 Jun 2023 14:54:30 -0400
(/usr/sbin/cxs --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/abuexvdx/scanreport-abuexvdx-2023-06-24T18:54:29.251984.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user abuexvdx --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/abuexvdx:

'/home/abuexvdx/access-logs'
# Symlink to [/usr/local/apache/domlogs/abuexvdx]

'/home/abuexvdx/.nc_plugin/hidden'
# World writeable directory

'/home/abuexvdx/logs/abue.io-Apr-2023.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/abue.io-May-2023.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/abue.io-Nov-2019.gz'
# ClamAV detected virus = [{HEX}php.malware.magento.611.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Apr-2021.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Aug-2020.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Dec-2021.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Feb-2021.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Jan-2021.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Jul-2020.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Jul-2022.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Jun-2022.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Mar-2022.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-May-2021.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/sync.abue.io-Sep-2020.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/logs/syncedition.abue.io-Apr-2023.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/abuexvdx/public_ftp/incoming'
# World writeable directory
# Scan Timeout (30 secs) while processing:
'/home/abuexvdx/public_html/p/virtualenv-20.0.15.tar.gz'

'/home/abuexvdx/public_html/p/virtualenv-20.0.15/src/virtualenv/seed/embed/wheels/setuptools-43.0.0-py2.py3-none-any.whl'
# (compressed file: setuptools/cli-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/cli-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/cli.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]

'/home/abuexvdx/public_html/p/virtualenv-20.0.15/src/virtualenv/seed/embed/wheels/setuptools-44.1.0-py2.py3-none-any.whl'
# (compressed file: setuptools/cli-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/cli-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/cli.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]

'/home/abuexvdx/public_html/p/virtualenv-20.0.15/src/virtualenv/seed/embed/wheels/setuptools-46.1.3-py3-none-any.whl'
# (compressed file: setuptools/cli-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/cli-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/cli.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]
# (compressed file: setuptools/gui.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec]

'/home/abuexvdx/public_html/p/virtualenv-20.0.15/tests/unit/seed/greet/greet2.c'
# Suspicious file type [application/x-c]

'/home/abuexvdx/public_html/p/virtualenv-20.0.15/tests/unit/seed/greet/greet3.c'
# Suspicious file type [application/x-c]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/AmplifyBackendClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/Exception/AmplifyBackendException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/ApiGatewayManagementApiClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/Exception/ApiGatewayManagementApiException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/ApiGatewayV2Client.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/Exception/ApiGatewayV2Exception.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/CodeArtifactClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/Exception/CodeArtifactException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/NimbleStudioClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/Exception/NimbleStudioException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/ServerlessApplicationRepositoryClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/Exception/ServerlessApplicationRepositoryException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/kendraClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/public_html/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/Exception/kendraException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/backups-dup-lite/installer/original_files_72c5ce5-27204616'
# World writeable directory

'/home/abuexvdx/syncedition.net/wp-content/plugins/duplicator/classes/class.constants.php'
# Universal decode regex match = [universal decoder]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/AmplifyBackendClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/Exception/AmplifyBackendException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/ApiGatewayManagementApiClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/Exception/ApiGatewayManagementApiException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/ApiGatewayV2Client.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/Exception/ApiGatewayV2Exception.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/CodeArtifactClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/Exception/CodeArtifactException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/NimbleStudioClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/Exception/NimbleStudioException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/ServerlessApplicationRepositoryClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/Exception/ServerlessApplicationRepositoryException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/kendraClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/syncedition.net/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/Exception/kendraException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/abuexvdx/tmp/awstats/awstats042021.sync.abue.io.txt'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

----------- SCAN SUMMARY -----------
Scanned directories: 4680
Scanned files: 21054
Ignored items: 186
Suspicious matches: 71
Viruses found: 16
Fingerprint matches: 0
Data scanned: 1873.07 MB
Scan peak memory: 298024 kB
Scan time/item: 0.036 sec
Scan time: 924.920 sec

• [D] .cache
• [D] .cagefs
• [D] .caldav
• [D] .cl.selector
• [D] .clwpos
• [D] .cpanel
• [D] .cphorde
• [D] .htpasswds
• [D] .matplotlib
• [D] .nc_plugin
• [D] .pip
• [D] .pki
• [D] .softaculous
• [D] .ssh
• [D] .subaccounts
• [D] .trash
• [D] access-logs
• [D] apod.li
• [D] backend.apod.li
• [D] etc
• [D] logs
• [D] lscache
• [D] lscmData
• [D] mail
• [D] perl5
• [D] prjs
• [D] public_ftp
• [D] public_html
• [D] softaculous_backups
• [D] spokenmatter.net
• [D] ssl
• [D] sync.abue.io
• [D] syncedition.net
• [D] tmp
• [D] virtualenv
• [D] wp-admin
• [D] wp-includes
• [D] www
• [F] .bash_history
  Delete
• [F] .bash_logout
  Delete
• [F] .bash_profile
  Delete
• [F] .bashrc
  Delete
• [F] .contactemail
  Delete
• [F] .cpanel-logs
  Delete
• [F] .ftpquota
  Delete
• [F] .gemrc
  Delete
• [F] .htaccess
  Delete
• [F] .imunify_patch_id
  Delete
• [F] .last.inodes
  Delete
• [F] .lastlogin
  Delete
• [F] .myimunify_id
  Delete
• [F] .zshrc
  Delete
• [F] backup-11.1.2025_17-48-35_abuexvdx.tar.gz
  Delete
• [F] backup-6.24.2023_15-04-55_abuexvdx.tar.gz
  Delete
• [F] backup-9.8.2023_04-48-26_abuexvdx.tar.gz
  Delete
• [F] cpbackup-exclude.conf
  Delete
• [F] scanreport-abuexvdx-2023-06-24T18:54:29.251984.txt
  Delete
• [F] wget-log
  Delete
• [F] wp-blog-header.php
  Delete
• [F] wp-cron.php
  Delete