My Experiments for Truth.

It will be very difficult to delete all the files of the result of Clamscan. In some cases the infected files will be more than 2000. The command for clamscan is # clamscan -r -i /home/username/public_html/ -l clamscan_username.txt # cat clamscan_username.txt Will show the content as : /home/username/public_html/.guestbook/baru.txt: Exploit.E107-1 FOUND /home/username/public_html/newlog/hideme: Hacktool.Fakeproc FOUND /home/username/public_html/newlog/.log/hideme: Hacktool.Fakeproc FOUND /home/username/public_html/newlog/.log/t3394: Linux.RST.B FOUND /home/username/public_html/newlog/.log/guard: Linux.RST.B FOUND You can delete all the files listed there by using the below command in a split of second. # for i in `cat /root/clamscan_username.txt | gawk -F ': ' '{print $1}'`; do rm -rf $i; done Make sure that you have got confirmation from the customer before deleting all his infected files. :-)

#!/bin/bash for i in `cat domains.lst`; do FileName=$i.db; FileBack=$FileName"_bk"; if [ -f $FileName ]; then find . -maxdepth 1 -type f -name $FileName | xargs sed 's/.*MX.*/'"$i."' 14400 IN MX 10 mx.spamexperts.com.\n'"$i."' 14400 IN MX 20 fallbackmx.spamexperts.eu.\n'"$i."' 14400 IN MX 30 lastmx.spamexperts.net./g' > $FileBack; mv -f $FileBack $FileName else echo $FileName " Doesnt Exists...................!!!!! "; fi done Note: Where domains.lst contains the domain names that needs to be replaced the MX entries with SpamExperts MX entries.