I found the 'c99madshell' trojan in Catalina\localhost?

Our antivirus scanner just found a trojan in a 'multPartReq1234.tmp' file in the \work\Catalina\localhost\_\ folder.  The file is dated Nov 2014 and the infection is identified as "PHP/WebShell.NBS (trojan)"

Is this a live file?  or is it a sign that someone tried (and hopefully failed) to upload an infected attachment?

1 answer

0 vote

It is very likely to be an uploaded file.  You'd need to check the virus scanner logs to know if it blocked upload (JIRA doesn't have a scanner in it)

Unfortunately our old anti-virus had a file-type exclusion for "tmp" files so it never got scanned until now; we have a new antivirus and it does full-system scans as it is rolled-out. There were no other 'infected' files detected so I am hopeful that the default permissions in JIRA (Apache?) blocked it's activation. Really, I am looking for specific advice about the purpose of this folder (and these 'tmp' files) and if there's anything else I need to check. For instance, which log file should I check? I'm pretty sure we still have the logs from a year ago.

Well, it won't have executed anything on the server - JIRA simply stores uploads and sends them back to the users if they try to read/download them. There's no permissions involved there, it's just a static binary object. The purpose of the folder is "anything Tomcat wants to store temporarily, usually because it's too big for memory, or simply not needed in memory at all". The second applies to upload/download. If your old scanner wasn't set up to scan tmp files, then there's no need to worry about logs - it will have ignored it anyway.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Monday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

580 views 6 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you