Background:
We scanned the system and the Malware Detection SW did not find any thing it
could identify. It took most of the night to finish a couple T bye size
disks.
It flagged one file in a users directory as suspect but when we examined it
was a lot C code for data reduction.
The users & app files were on another disk. It was unplugged and we reloaded
5.10 and that caused a little bit of problem. Undocumented as to what it
was. Reloaded 5.5 and then upgraded it to 5.10 - worked.
It has been a pain to get the analysis and cad programs that needed special
libs to function back on line.
Our book keeping was inadequate and we had to resort to the braille method.
One we reloaded the box and plugged the user disk and data disks back in
things are starting to function pretty well.
One thing we did was to put all application tar files on a directory on
separate disk from the OS. Now we have a copy of "var" In hindsight we
should have put /usr/local on a separate disk along with /opt.
Not being able to find a finger print sort of left us very gun shy about what
we allow in plant.
Since this was an open server and it grew like a bad weed and we knew it was
going to happen but never in a bad dream would we have guessed what it was
doing. We will never know what it sent or received.
Thank for the advice and expert help.
This problem took a lot of time to fix and recover data.
Everything on this box was saved on "CrashPlan" - I think we need to dump
data in back up and start over. Back up may have the same problem and you
get it back when you restore files.
Larry Linder