Tuesday, January 26, 2016

Find Files Sending SPAM On DirectAdmin Exim Server

This will check your exim_mainlog and dump the paths from which mail has been sent along with the number. Check the listed directory for malware, shells, etc:
grep cwd /var/log/exim/mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n