jonathanbrickman0000 0 Posted April 11, 2019 Share Posted April 11, 2019 A new Windows cloud-hosted server instance, with ESET File Security 7.0.12018.0 installed and updated, is being reported by ESET as having CVE-2017-5638.Struts2 "Detected". The server has neither Java nor Apache software of any sort, it runs IIS as a web server with PHP Manager for IIS and Microsoft Windows Cache Extension for PHP, MySQL 5.7 as database. This looks a whole lot like the following archived thread: https://forum.eset.com/topic/18343-threat-log-question/ Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted April 12, 2019 ESET Moderators Share Posted April 12, 2019 Hello @jonathanbrickman0000 so I would advise to proceed as Marcos advised in the mentioned thread: https://forum.eset.com/topic/18343-threat-log-question/?do=findComment&comment=90087 "Have you ruled out the possibility that the remote machine is infected? If so, please enable network protection advanced logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging and provide me with logs gathered by ESET Log Collector. As for the action, "detected" actually means detected and blocked. If I remember correctly, there were plans to change the wording to make it clear to users." Link to comment Share on other sites More sharing options...
jonathanbrickman0000 0 Posted April 16, 2019 Author Share Posted April 16, 2019 The resultant efsw_logs.zip file, is 928 megabytes in size. Do you really want that whole file? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted April 17, 2019 ESET Moderators Share Posted April 17, 2019 Well if you want us to check it, we need it for the start,... P.R. Link to comment Share on other sites More sharing options...
jonathanbrickman0000 0 Posted April 17, 2019 Author Share Posted April 17, 2019 OK. What is the recommended method of sending a 928 megabyte file? I cannot attach it to this reply, the max is 100M. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted April 18, 2019 ESET Moderators Share Posted April 18, 2019 you can upload it to a safe location and send the download details to me and Marcos via a private message to check. Peter Link to comment Share on other sites More sharing options...
jonathanbrickman0000 0 Posted April 19, 2019 Author Share Posted April 19, 2019 (edited) OK. I will be using OneDrive. Can you send your email addresses to ... ? Edited April 25, 2019 by Marcos Email address removed to protect your privacy Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 25, 2019 Share Posted April 25, 2019 On 4/19/2019 at 7:20 PM, jonathanbrickman0000 said: OK. I will be using OneDrive. Can you send your email addresses to ... For security reasons, edit this posting to remove your e-mail address. Link to comment Share on other sites More sharing options...
Recommended Posts