I downloaded from my DA server a batch of user backup files to a local computer running a current version of ESET (Internet security program). ESET scanned the contents of the downloaded tar.gz files and reported that a single file was a "PHP/PhpShell.NBD trojan". The location of that file was /home/<user>/domains/<userdomain>/stats/. The name of the file was "defauls.php". I located the file on the DA server and isolated it.
My question is... how do I know what this file is and what it was doing on my server? Is it a false-positive, or a real issue?
I don't want to post the file's contents here for fear of being wrist-slapped. Can anyone assist?
My question is... how do I know what this file is and what it was doing on my server? Is it a false-positive, or a real issue?
I don't want to post the file's contents here for fear of being wrist-slapped. Can anyone assist?