ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

dcc

https://forum.configserver.com/viewtopic.php?t=2444

Page 1 of 1

dcc

Posted: 03 May 2009, 00:33
by wgalafassijr
Hello to all,

I'm receiving emails with subject: Suspicious process running under user nobody

The executable is: /var/dcc/libexec/dccifd

Command Line (often faked in exploits):

/var/dcc/libexec/dccifd -Inobody -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID


Thanks,
Wilson

Posted: 07 May 2009, 21:52
by Sarah
dccifd should not be running, it is not used in the default MailScanner installation unless you have altered the configuration. You can try stopping it by killing the process and then removing the binary (/var/dcc/libexec/dccifd). It seems to keep running on some servers even though it is not called by MailScanner.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited