This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

/usr/local/bin/dataupload.plx, what is it and what is it doing?

What is /usr/local/bin/dataupload.plx doing and why?

 

I noticed an unexpected email from my UTM software appliance (home use).

Current software version...: 9.703003
# crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall. # (- installed on Mon Aug 24 20:36:33 2020) # (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $) 0 1 * * * /usr/local/bin/dataupload.plx > /dev/null #
# ls -l /usr/local/bin/dataupload.plx
-rwxr-xr-x 1 root root 93292 Aug 24 21:39 /usr/local/bin/dataupload.plx

 

I almost certainly would not have noticed this had standard error been redirected too.

 

A few notes:

u2d-ohelp9-9.1086 ?

/var/log/webadmin/*/*/*

/tmp/*/*.eip & /tmp/*/*.tar.gz

ip addresses, what more?

upload to something fronted by cloudfront?

 

 

Edit:  Note, incomplete answers will not be considered as an accepted answer.  Details on what the plx is doing, why it is doing so and why this appears to have been silently rolled out are not insignificant to the post.  Further questions in the replies are also important.



This thread was automatically locked due to age.
Parents
  • Do you have the SophosLabs feedback option enabled?  Probably part of that.  You can find this setting under Management/System Settings/Scan Settings tab.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • Do you have the SophosLabs feedback option enabled?  Probably part of that.  You can find this setting under Management/System Settings/Scan Settings tab.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children