I found the 'c99madshell' trojan in Catalina\localhost?

Our antivirus scanner just found a trojan in a 'multPartReq1234.tmp' file in the \work\Catalina\localhost\_\ folder.  The file is dated Nov 2014 and the infection is identified as "PHP/WebShell.NBS (trojan)"

Is this a live file?  or is it a sign that someone tried (and hopefully failed) to upload an infected attachment?

1 answer

0 votes

It is very likely to be an uploaded file.  You'd need to check the virus scanner logs to know if it blocked upload (JIRA doesn't have a scanner in it)

Unfortunately our old anti-virus had a file-type exclusion for "tmp" files so it never got scanned until now; we have a new antivirus and it does full-system scans as it is rolled-out. There were no other 'infected' files detected so I am hopeful that the default permissions in JIRA (Apache?) blocked it's activation. Really, I am looking for specific advice about the purpose of this folder (and these 'tmp' files) and if there's anything else I need to check. For instance, which log file should I check? I'm pretty sure we still have the logs from a year ago.

Well, it won't have executed anything on the server - JIRA simply stores uploads and sends them back to the users if they try to read/download them. There's no permissions involved there, it's just a static binary object. The purpose of the folder is "anything Tomcat wants to store temporarily, usually because it's too big for memory, or simply not needed in memory at all". The second applies to upload/download. If your old scanner wasn't set up to scan tmp files, then there's no need to worry about logs - it will have ignored it anyway.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,102 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you