Our antivirus scanner just found a trojan in a 'multPartReq1234.tmp' file in the \work\Catalina\localhost\_\ folder. The file is dated Nov 2014 and the infection is identified as "PHP/WebShell.NBS (trojan)"
Is this a live file? or is it a sign that someone tried (and hopefully failed) to upload an infected attachment?
It is very likely to be an uploaded file. You'd need to check the virus scanner logs to know if it blocked upload (JIRA doesn't have a scanner in it)
Unfortunately our old anti-virus had a file-type exclusion for "tmp" files so it never got scanned until now; we have a new antivirus and it does full-system scans as it is rolled-out. There were no other 'infected' files detected so I am hopeful that the default permissions in JIRA (Apache?) blocked it's activation. Really, I am looking for specific advice about the purpose of this folder (and these 'tmp' files) and if there's anything else I need to check. For instance, which log file should I check? I'm pretty sure we still have the logs from a year ago.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, it won't have executed anything on the server - JIRA simply stores uploads and sends them back to the users if they try to read/download them. There's no permissions involved there, it's just a static binary object. The purpose of the folder is "anything Tomcat wants to store temporarily, usually because it's too big for memory, or simply not needed in memory at all". The second applies to upload/download. If your old scanner wasn't set up to scan tmp files, then there's no need to worry about logs - it will have ignored it anyway.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.