On Wed, 2006-01-04 at 14:50:01 +0000, Gaby vanhegan proclaimed... > To begin, I'm running OpenBSD trim.chrispyfur.net 3.6 GENERIC.MP#173 > i386. > > I have some suspect files in /tmp, and I'm fairly sure that they > shouldn't be there. Only thing I can't twig is what method the > attackers used to get the files into that directory. The files are:
Is this doing any A/V scanning? You have told us nothign about the host in question: is it an email gateway? DNS server? etc.
