Our antivirus scanner just found a trojan in a 'multPartReq1234.tmp' file in the \work\Catalina\localhost\_\ folder. The file is dated Nov 2014 and the infection is identified as "PHP/WebShell.NBS (trojan)"
Is this a live file? or is it a sign that someone tried (and hopefully failed) to upload an infected attachment?
Unfortunately our old anti-virus had a file-type exclusion for "tmp" files so it never got scanned until now; we have a new antivirus and it does full-system scans as it is rolled-out. There were no other 'infected' files detected so I am hopeful that the default permissions in JIRA (Apache?) blocked it's activation. Really, I am looking for specific advice about the purpose of this folder (and these 'tmp' files) and if there's anything else I need to check. For instance, which log file should I check? I'm pretty sure we still have the logs from a year ago.
Well, it won't have executed anything on the server - JIRA simply stores uploads and sends them back to the users if they try to read/download them. There's no permissions involved there, it's just a static binary object. The purpose of the folder is "anything Tomcat wants to store temporarily, usually because it's too big for memory, or simply not needed in memory at all". The second applies to upload/download. If your old scanner wasn't set up to scan tmp files, then there's no need to worry about logs - it will have ignored it anyway.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot