strange file contents in var/log/mail/statistics

dmdickie · 11-08-2011, 03:15 AM

hi .. i am a newbie .. 5 weeks into setting up and securing VPS
rhel centos 5.7 running plesk 9.5

file under scutiny is
/var/log/mail/statistics

ls -l gives
-rw------ 1 root root 1448 May 28 2010 statistics

if i do

[root@server mail]# cat statistics

i get

Þ±âCñK¨[root@centos-plesk mail]# PuTTY

Not sure what this means, if anything

why isn't [root...] on new line
why is PuTTy after #

i can delete PuTTy and use CLI after # as normal

i did a search for Þ±âCñK¨ and got some google hits for 'spambot killer'

nano statistics gives

Þ±^A^@^D^@^@^@ï¿½Cï¿½K^@^@^@^@ï¿½^E^@^@^@^@^@^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^ @^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^ @^@$

should i be worried at all

thanks for looking
richard

Noway2 · 11-08-2011, 07:23 AM

Here might be a good place to start. It offers one explanation, at least: http://linux.die.net/man/8/mailstats The file /var/log/mail/statistics is normally the statistics file for sendmail. The Unix and by extension, Linux philosophy is that data should be textual when possible and binary formats should be avoided, but this isn't always adhered to. The data you have displayed looks like binary data with some blank fields to me. Machine code would be binary by its nature, but the file is not executable, which says that it is not this. Unless you have other evidence of a compromised system, this alone doesn't appear to be a problem. To confirm that it is a statistics file, I would try to read it with the utility mentioned in the link.

My guess is that the PuTTY is a reference to the Putty SSH or telnet client. Looking at the line, it appears that you may be logging in as root remotely. This is not a good practice. Instead, log in via a normal user account and then elevate to root, or better yet use SUDO, for the operations required.

dmdickie · 11-08-2011, 12:17 PM

thanks very much noway2 for your reply

i tried
mailstat /var/log/mail/statistics and it gave me ->

Total Number Folder
----- ------ ------
0 1 ## Þ±âCñK¨
----- ------
0 1

I'm afraid it doesn't mean much to me!

i disabled PermitRootLogin and login as another user
then do sudo su - to give me root priviledges .. not sure if i am doing that the right way

I still don't understand why PuTTy text would come out of nowhere though ..

thanks again for your time to reply and suggestions
richard

ps to all .. i meant scrutiny not scutiny .. serves me right for trying to use a 'big' word eh
bloomin newbies