Install Irfanview and resize images easily

Here’s a quick tutorial how to resize images quickly and easily using a great free program called Irfanview.

First, if you haven’t already, download and install Irfanview from http://www.irfanview.com

When starting the program for the first time go to the top menu and select:
Options > Set file associations > Images only > OK
Now all images will open in this nifty program, it’s good and fast.

Note that with the latest Windows 10 updates, you need to go to Settings > Default Apps and set IrfanView as your default viewer. Some Windows updates are known to actually remove IrfanView altogether!

Resizing an image with Irfanview

Resizing images really depends on what you want to achieve as an end result. There are a few common scenarios here:

  1. You want to resize pictures to keep the file size down because you are sending by email. This option is usually when sending family pictures or work images to a colleague.
  2. You want to create an avatar, logo or smaller image from the original image.
  3. You want to crop a section of the image and resize it afterwards.

In each of these cases, we shall be using the resize dialog box so let’s see how to open this now.

Open Irfanview from the shortcut or All Programs menu, and click on File > Open.

In the box that opens, navigate to the image you want to resize. Double click it or click on the Open button.

The image will open up in the main Irfanview window.

Irfanview resize image tutorial

From the toolbar menu at the top, click Image and select Resize/Resample. This will open the Resize/Resample image dialog box which is where you will select the settings that will be applied to your final image.

Now we want to either use some of the handy presets you see to the right side or manually add our image sizes. Think of 800 x 600 pixels as a landscape orientation, postcard sized image and you won’t be far wrong. This is an ideal size to send pics to family and friends by email and not have them clogging up their inbox. Most digital cameras now have extremely high pixel count so your original could be something like 2992 x 2000. This is obviously a landscape image because the first figure quoted is always the width, the second being the height. Resizing this image to 800 x 600 would work as landscape photos are generally close to a 4:3 ratio (although that example of 2992 x 2000 is not quite 4:3). Because some stretching of the image would occur in that case, we can actually check the box preserve aspect ratio. Now, typing in your desired width should alter the height accordingly and vice versa, resulting in a non-stretched image. It’s up to you if you want to apply sharpen after resample, this is generally better when going to a very small image such as used for icons and avatars, so I would generally avoid it for larger photos. For images on web pages such as WordPress powered sites, a width of 500 pixels (px) is usually sufficient for the content areas, going down to 150 px where we are wrapping text around the image.

In the Size Method box, put a tick next to Resample (better quality), and using the dropdown arrow, select Lanczos filter (slowest). What we are doing when resizing is effectvely getting rid of pixels, so the image needs to have a degree of loss applied to it that the human eye can’t see that well. The jpeg format is called a ‘lossy’ format for this reason. When you see a pixellated image, this is generally because it has been compressed a bit too much and too many critical pixels have been lost.

When you have the settings the way you want them, click on the OK button. Irfanview renders the image in its new size, although it may still be zoomed in or out. Use the + or – magnifying glass on the toolbar to zoom in or out until you see 100% displayed on the lower toolbar of Irfanview. This is your actual image size, as rendered by your monitor.

IMPORTANT NEXT STEP

You currently have the resized file in the main Irfanview window but it isn’t saved. Most photographs are better quality when they are original and making them smaller reduces quality, so we generally don’t save the image at this point. We do a File > Save As. Think of this as duplicating the file and you won’t go wrong, we are saving another copy of the image but in a different size. You have the chance to navigate to a new folder (I usually create one called Resized) and save the image with a descriptive name, something like:

dave-birthday-party-may-2014.jpg

I like to keep all filenames lowercase and separate words with hyphens as it’s much better for search engines and for web server semantics when uploaded to the web.

Saving in Jpeg format is generally good for photos, it results in smaller file sizes. Slide the quality slider up to 100 for best quality though.

Resize image irfanview jpeg quality

Now all that remains is to click on Save and you are done.

I hope that helped to clear up a bit of resizing mystery, please drop me a comment below if you have any questions or just to let me know it helped.

 


Kaspersky Internet Security licence renewal instructions

These are the instructions to follow when renewing the licence on Kaspersky Internet Security. I’ll presume that you have a new licence key to hand from a recent version and that the product is the same (eg not Kaspersky Pure etc). If you don’t have a new licence yet, you’ll find them for sale at discounted prices here [Hint: search for ‘kaspersky internet security 3 user’ or however many computers you need to protect]

You can buy the new licence in advance of your current product expiring, but you don’t need to wait until the existing licence has expired to install it any more. Kaspersky now seems to add on the remaining days from your current licence to your new licence, providing the product is the same.

First, open Kaspersky. The quickest way is to double click the icon in your system tray (bottom right of your desktop screen). If you can’t see it there, use the little arrow on the left to expand the icons and find it. It’s a red letter K like this one below:

 

kaspersky-internet-security-1

 

 

Now, look in the bottom right of the Kaspersky window and click on ‘License: xx days remaining’ (where xx is your actual days remaining).

 

kaspersky-internet-security-2

 

 

Now click on the ‘Enter activation code’ button.

 

 

kaspersky-internet-security-3

 

 

Finally, type in your activation code, or copy and paste it if you received it by email. Be careful to get EXACTLY the right code as some letters do look similar! You can copy and paste the whole of the new licence key into the first entry field, it will separate them for you.

 

 

kaspersky-internet-security-4

 

 

Press the ‘Save activation code’ button and you’re done. Give the PC a restart, open Kaspersky again and you should be able to see your licence has the correct amount of days remaining.

I sell full versions in my shop here at discounted prices that are often much cheaper than renewal. Grab the code from those and you won’t need to install anything, just follow the method above.

 


Avgidseh.sys error when starting Windows

avgidsehSince I wrote the original avgidseh.sys fix article, there have been lots of other affected PCs that have passed through our workshop. This is not a rogue update fault now as it was back in late 2010, rather an issue that is, as yet, untrackable to a single problem. AVG are getting the blame for many bad startup errors as the users only see the last driver to load which is often AVGIDSEH.SYS. I have, however, noted that applying an AVG-specific fix works in many cases.

To resolve issues that are AVG related, follow the steps below.

Boot your PC with a boot CD. I recommend UBCD4WIN which is an excellent tool to have in your armoury for PC repair. Download the program and install onto your computer. Build an image from your Windows XP CD (required). If you don’t have a Windows XP disc then you can download the AVG boot disc from here. Please make reference to my original avgidseh.sys fix article for creation and method. Use my updated folder renaming fix listed below in both cases.

What we shall be doing is renaming the AVG folders so they are not loaded on startup. For UBCD4Win, start the computer with the disc inserted and boot from it. This may involve changing the boot order that your PC or laptop uses. Once we have a new ‘environment’ – that is the computer is running from the CD – then we can start a file explorer such as A43, Agent Ransack, Xplorer2 or Free Commander. This will give us access to the files on the hard drive. Folders to rename are as follows:

Windows XP and 2000 (Note: AVG2011 does not run on Windows 2000 so forget a reinstall afterwards!)

  1. C:\Program Files\AVG  –  This is also named C:\Program files(x86)\AVG  when you have a 64bit operating system
  2. C:\Documents and settings\All users\Application data\AVG8
  3. C:\Documents and settings\All users\Application data\AVG9
  4. C:\Documents and settings\All users\Application data\AVG10

Windows Vista, 7, 8 and 10

  1. C:\Program Files\AVG  –  This is also named C:\Program files(x86)\AVG  when you have a 64bit operating system
  2. C:\ProgramData\AVG8
  3. C:\ProgramData\AVG9
  4. C:\ProgramData\AVG10
  5. C:\Users\<user>\AppData\Roaming\AVG8
  6. C:\Users\<user>\AppData\Roaming\AVG9
  7. C:\Users\<user>\AppData\Roaming\AVG10

Example:

rename C:\Program Files\AVG to C:\Program Files\OLDAVG

Once renamed, they will no longer load on startup.

 


Avgidseh.sys is not the only possible cause…

Now I like to run a CHKDSK while still in this ‘running from cd’ environment as it fixes any errors on the hard drive. These are often caused by the PC being shut down while writing to the drive and can also be the main reason the computer failed to start, don’t always blame AVG because the avgidseh.sys driver was the last thing to load! In UBCD4Win we would run Disk Check which does a full scan and repair of the sectors on the hard drive. Just fire it up, tell it your target drive (usually c:) and let it run. Have a cuppa as this takes a while.

The professional method

If you want to do a complete scan and repair of your disk using a professional repair tool that we use in our workshop and lab, you should investigate HDD Regenerator. We have carried out a full review of HDD Regenerator here. It has fixed the majority of the faulty drives we see that cause constant ‘looping’ of the Windows boot procedure and it’s in daily use in our workshop. It’s not too expensive and is a better solution than the free methods we list above for many people as it is much easier to use. It also blows CHKDSK into the weeds for being able to recover data and salvage your hard drive. Where CHKDSK marks the sector as bad, HDDRegenerator actually recovers the data from it and moves it to a new, good sector. As mentioned, this tool isn’t free (it does give you a free trial) but you can buy it once and fix as many drives as you want with it. It also creates a simple to use bootable USB drive or CD/DVD disk for you. Any self-respecting PC geek or computer repair shop shouldn’t be without it in the toolkit.

Check out HDDRegen here

As mentioned in other articles, despite AVG being a capable free antivirus, I heartily recommend the brilliant Kaspersky Pure as a set and forget internet security solution. Here is my method to get the cheapest Kaspersky Pure and be fully protected against viruses and malware.

Finally, let me know by commenting below if this avgidseh.sys fix works for you and please leave any other information you can share with the community.


Four ways to execute a shell script

shebang script explainedIf you need to execute a shell script and can’t get your head around the conflicting information out there, I’ll try to clear things up. There are quite a few ways to execute a shell script and each has its pros and cons. If you are coming from a Windows environment where the file extension dictates how we handle the file, then try not to think like this. A script can have no extension but still be run. So, let’s take a look at our four ways to execute a shell script.

 

Execute shell script by calling the filename (Method 1)

This method simply changes into the script’s containing directory and calls the script’s file name to execute it.

We can change into the directory first
[crayon-5b7c592b3e607558063970/]
 

and then call the script thus:
[crayon-5b7c592b3e60f394300653/]
 

Now, my preferred method is to consolidate these 2 lines into 1 , calling it from any directory by simply adding the full path to the file:
[crayon-5b7c592b3e611354986716/]
 

If you have the shebang at the start of this script, then it will be executed by using the command interpreter that is specified directly after it.

Execute shell script by specifying an interpreter (Method 2)

You can also run a shell script by specifying the interpreter. You do this by adding the preferred interpreter within the command thus:

Execute the script using the bash interpreter
[crayon-5b7c592b3e613852954844/]
 

Execute the script using the sh interpreter
[crayon-5b7c592b3e616238400560/]
 

There are usually several interpreters available such as bash, sh,  csh, ksh and more.  Note that if you use a different interpreter in the shebang, this will be overridden by the one you specify.

Execute shell script with . ./ (Method 3)

If you execute the shell script by using . ./ (aka ‘dot space dot slash’), it will not fork a sub shell and you’ll see it executed in the current shell.
[crayon-5b7c592b3e618140879881/]
 

Why do this? Well it’s normally used after we have changed something in the .bashrc or .bash_profile. Using this method of execution we won’t need to logout and login again.
[crayon-5b7c592b3e619888130249/]

Execute shell script with source command (Method 4)

source is a bash shell built-in command that executes the contents of the file, which is passed as argument, in the current shell. It has a synonym that you can use which is the dot or period (.)

This can replace the ‘dot space dot slash’ method.
[crayon-5b7c592b3e61b792446886/]
 

A word of warning here though because ./ and source are not quite the same.

./myscript runs myscript as an executable file in a new shell
source myscript reads and executes commands in the current shell environment

To help further, ./myscript is not the same as . myscript, but . myscript is exactly the same as source myscript

 

Do you have a preferred method for executing shell scripts and if so, why? Let me know below.


Cannot find unread emails in Gmail inbox

I have had quite a few customers calling over the years to say that they cannot find unread emails in their Gmail inbox. It’s a common complaint and one which I have found can be quickly cured by doing the following.

Logon to Gmail in your browser (Chrome, Firefox, Internet Explorer, Safari etc).

Go to the search bar at the top of the Google page (the one with the blue and white ‘magnifying glass’ search button that looks like this):

cannot-find-unread-email-inbox-gmail

In that box, type this:

is:unread in:anywhere

Note that there is a space after the word ‘unread’ but not anywhere else. Copy and paste my text above if you aren’t sure.

Now press enter and you should see all of your unread emails! You can click to read individual ones or select them using their check boxes and then do ‘More’, then ‘Mark as read’.

Try some new search terms to get more out of Gmail

If you want to take things further, there are lots of useful search ‘operators’ that you can use within Gmail too. Get used to using these and you’ll open up a whole new level for this great email tool. Here’s a list of the most popular ones:

 

What you can search by Search operator & example
Specify the sender from:

Example: from:amy

Specify a recipient to:

Example: to:david

Words in the subject line Subject:

Example: subject:dinner

Messages that match multiple terms OR or { }

Example: from:amy OR from:david

Example: {from:amy from:david}

Remove messages from your results -

Example: dinner -movie

Find messages with words near each other. Use the number to say how many words apart the words can be AROUND

Example: dinner AROUND 5 friday

Messages that have a certain label label:

Example: label:friends

Messages that have an attachment has:attachment

Example: has:attachment

Messages that have a Google Drive, Docs, Sheets, or Slides attachment or link has:drive

has:document

has:spreadsheet

has:presentation

Example: has:drive has:document

Messages that have a YouTube video has:youtube

Example: has:youtube

Messages from a mailing list list:

Example: list:info@example.com

Attachments with a certain name or file type filename:

Example: filename:pdf

Example: filename: homework.txt

Search for an exact word or phrase " "

Example: "dinner and movie tonight"

Group multiple search terms together ( )

Example: subject:(dinner movie)

Messages in any folder, including Spam and Trash in:anywhere

Example: in:anywhere movie

Search for messages that are marked as important is:important

label: important

Example: is:important 

 

Starred, unread, or read messages is:starred

is:unread

is:read

Example: is:read is:starred

Messages that include an icon of a certain color has:yellow-star

has:blue-info

Example: has:purple-star

Recipients in the cc or bcc field cc:

bcc:

Example: cc:david

Note: You can’t find messages that you received on bcc.

Search for messages sent during a certain time period after:

before:

older:

newer:

Example: after:2004/04/16

Example: before:2004/04/18

Search for messages older or newer than a time period using d (day), m (month), and y (year) older_than:

newer_than:

Example: newer_than:2d

Chat messages is:chat

Example: is:chat movie

Messages delivered to a certain email address deliveredto:

Example: deliveredto:username@gmail.com

Messages in a certain category category:

Example: category:updates

Messages larger than a certain size in bytes size:

Example: size:1000000

Messages larger or smaller than a certain size in bytes larger:

smaller:

Example: larger:10M

Results that match a word exactly +

Example: +unicorn

Messages with a certain message-id header Rfc822msgid:

Example: rfc822msgid:200503292@example.com 

Messages that have or don’t have a label has:userlabels

has:nouserlabels

Example: has:nouserlabels 

Note: Labels are only added to a message, and not an entire conversation.

Credit for search operator list:  https://support.google.com/mail/answer/7190?hl=en


Outlook emails stay in Outbox after Windows 10 upgrade

email-settings-pop-imap-btconnect-outlookAre you getting your Outlook emails stuck in your Outbox after upgrading to Windows 10? I’ve seen this happen on several machines and it really seems to be a problem where Windows corrupts the Outlook database and/or profile on many versions of Microsoft Office (2007, 2010 and 2013). The easiest fix and one that I’d recommend here is to delete or move the stuck emails then close all programs that are open such as Outlook.

Now we can use the in-built Windows “System File Checker” that will scan your PC and repair any corrupt files that it finds. To do this:

  • Click Start
  • Type cmd in the Search box
  • Right-click Command Prompt and then click ‘Run as administrator’. If you are prompted for an administrator password or for a confirmation then type the password or click ‘Allow’
  • In this black window (the command prompt) that appears, type in sfc /scannow noting the space before the forward slash
  • Press enter and go and grab a delicious cup of coffee because this will take a while

Note: Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.

Technical information for nerds
The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.

The time taken to complete this scan is different on every PC but usually can range from 20 minutes to an hour or more. If it solves your problem (which it has on over 50 client PCs to date) then please take a minute to drop a comment below or maybe buy something through our shop to say thanks.

 


Reset Windows Server 2012 Administrator password

server 2012 password resetTo reset the Administrator password on your Windows server 2012 installation, you’ll need to do the following:

Boot from the Microsoft Windows Server 2012 DVD

  1. From the Windows setup menu, click “Next”
  2. Select “Repair your computer”
  3. Click on “Troubleshoot”
  4. Under Advanced options, click “Command Prompt”
  5. Type “diskpart” and hit Enter
  6. Type “list volume” and hit Enter. This will show you your (current) drive letter allocated to the drive where Windows is installed. Note  – if you don’t see any volumes listed and this is the first boot cycle for a new Server 2012 installation, then I have seen this on a few HP servers and you’ll need to go and run the setup again from within the Intelligent Provisioning area.
  7. Make a note of the drive letter and type “exit” then press enter to leave diskpart (but stay in the command prompt window)
  8. Presuming the letter is d, then type “d:” and press enter to change to this drive
  9. Now type  “cd Windows\system32” and press enter which will take you into the system32 folder
  10. Type “ren Utilman.exe Utilman.bak” and press enter
  11. Type “copy cmd.exe Utilman.exe” and press enter
  12. Close the command prompt and then click “Continue”
  13. The server should now reboot to the logon screen. Press the Windows key + u to open a command prompt
  14. At the prompt you can change the password by typing “net user administrator xyz” where xyz is your new super-secure password!
  15. Now, for security we must do one last thing. Once we are back in Windows, open Explorer, navigate to Windows\system32 and rename Utilman.bak to Utilman.exe

 

Hopefully this gets you out of a sticky situation, leave me a comment if it has helped.

 


Crash Plan backup software full review

CrashPlan has been around for a while now and is looking like one of the best solutions out there for business and personal backups.

With no storage size limits, bandwidth caps or file-type restrictions, Crash Plan really has lots going for it. On top of this, there’s enterprise-class hardware and military-grade security with no extra fees payable.

What I particularly like about Crash Plan is that there is free backup to an external drive and any trusted, internet-connected computer. You can also subscribe to their robust cloud-based destination, “CrashPlan Central” and this is certainly worth the extra money. It’s as quick as any cloud-based backup we have tested and the interface is functional and quite slick.

See what Crash Plan can offer here


crashplan online backup


Scan a Linux server for viruses and malware

linux server virus scan

 

This article tries to explain, using my own experience of server management, how to scan a Linux server for viruses and malware.

 

You are probably here because you have something on your server already, very often pushing out spam emails to people via php files. Or maybe you have fallen victim to the Hacking Holy Grail – the attacker now has root access to your server. Let’s stop that now, eh?

This tutorial has screenshots from a CentOS server and this is what I used to create this guide. Your server may well be different but the principles I use are the same, you may have some detail changes to make regarding file paths. If you don’t understand anything drop me a comment or use a search engine to find your answer quickly.

Let’s start by running a virus scan with ClamAV, a free and useful antivirus. Presuming that it is not installed we would need to do this (skip to your OS below or jump to updating definitions if it is already installed):

Installing ClamAV on CentOS 5

Install EPEL5 http://fedoraproject.org/wiki/EPEL/FAQ#howtouse
[crayon-5b7c592b3eb65138278063/]
Now we can install ClamAV using the yum package manager
[crayon-5b7c592b3eb6b631269422/]
Now turn on and start the clamd daemon
[crayon-5b7c592b3eb6c928908328/]

Installing ClamAV on CentOS 6

Install EPEL6 http://fedoraproject.org/wiki/EPEL/FAQ#howtouse
[crayon-5b7c592b3eb6d058791771/]
Install ClamAV using the yum package manager
[crayon-5b7c592b3eb6f917742503/]
Now turn on and start the clamd daemon
[crayon-5b7c592b3eb70043951622/]

Installing ClamAV on Ubuntu/Debian/Mint

Install ClamAV using the apt-get package manager
[crayon-5b7c592b3eb72758792178/]
The latest installer automatically creates default configuration files and launches the freshclam and clamd daemons. You don’t have to do anything else here which is a nice touch.

Righto, now let’s update the virus definitions…

Updating ClamAV virus definitions

For the sake of brevity, I’m presuming CentOS 6 from now on but it will be the same or similar for most Linux derivatives.

In /usr/local/cpanel/3rdparty/bin/ we can run this to get the latest definitions:
[crayon-5b7c592b3eb73739967527/]
And now we can do a full scan with a full report sent to a log file of our choice:

/usr/local/cpanel/3rdparty/bin/clamscan -ri -l /path/to/log.file -r /path/to/be/scannned

For example:
[crayon-5b7c592b3eb75241757206/]
Note: The tilde character denotes the home directory for that user and the wildcard (asterisk) denotes all users in the home directory. If you want to scan a single user’s home directory then simply put their name where the wildcard is.

In the files above we use some switches.

  • -r means that we recurse the subdirectories
  • –i means Clamscan will only list infected files (chained together with recurse above we get -ri)
  • -l means that Clamscan will log to the path you choose after it

For more help, run /usr/local/cpanel/3rdparty/bin/clamscan –help

Now it’s coffee time as your server is scanned over by ClamAV using the latest definitions. When it is finished you will see your bash prompt again. Ideally, you see that Clam reports no infections like this:

Clamscan linux server

While it’s running, try to have a look online for what may have caused the infection and see if it ties up with your Clam results. Very often we see that WordPress plugins have caused the issue. Why them? Well, think about it:

WordPress is the most popular Content Management System out there

  1. It’s used worldwide
  2. It’s often installed at the click of a button using tools such as Softaculous, so it’s dead easy to install
  3. It’s free, ‘Open Source’ software so attackers know the code inside out (well GNU GPL actually)
  4. There are a huge amount of free plugins available from developers around the world, many who have a less-than-basic grasp of how to code securely. Even the good ones get caught out!

Now my third point above is not really fair. It kind of insinuates that Open Source software is more unreliable in the security stakes. Quite the opposite in fact, vulnerabilities get plugged very quickly if there is an active community of developers. However, the sheer ubiquity of WordPress leads to it being a target in much the same way that Microsoft Windows is. The gains for an attack on WordPress are much more than one for Drupal (for example) purely because of the user base.

Even if a vulnerability is plugged with an update pretty fast, it still relies on the user being aware of the problem, downloading the update and applying it BEFORE someone exploits it.  To this end, a daily Clam scan is not a bad idea unless your server has lots of files on it or not many resources available to run the scan in a timely fashion.

Moving on from this virus scan, I would suggest that we look at what email your server is sending out. I detail it in this article here:

Find what emails are being sent from a Linux server

 


Find what emails are being sent from a Linux server

find-emails-sent-from-linux-serverIn this series of articles I am trying to help server admins and owners of VPS or Dedicated servers to find viruses or malware on their servers. Part of the diagnosis of your system is to see what emails are being sent out and from which accounts. Since spammers like to use compromised servers, I believe that it makes sense to check regularly that the emails being sent out roughly match what you would expect to see.

I have servers that I host client websites on. If a client who usually sends out 20 emails a month suddenly sends out 500 then this is cause for concern and I would immediately investigate the server for malware.

On linux systems, Exim (the mail transfer agent) already logs the working directory of messages sent to the queue by a script. Here’s an example of what you would expect to see in an exim_mainlog file:
[crayon-5b7c592b3ee3a625522930/]
Note: I like to use Notepad++ to analyze these large text files within Windows as other editors aren’t quite up to the task.

So it looks like there’s some function of the ‘fredbloggs’ website that auto-backs up the database, then sends a related email notice to whatever email address the webmaster provides, in this case, fredbloggs@gmail.com. The working directory for the generation of that message was “/home/fredbloggs/public_html”. Nothing suspicious here as we have an auto-backup program installed on this WordPress-powered website. Nothing to see here, move along please…

Here’s another example:
[crayon-5b7c592b3ee40296212973/]
Again, possibly normal but I’d raise the question whether Jane changed her email address on WordPress. If not, this is cause for concern.  It’s a kind of detective work where you need to step back and look at all of the evidence to compile a big picture.

So, let’s run this beauty of a command against the exim_mainlog to give us an idea from which working directories our server gets messages sent to the mail queue:
[crayon-5b7c592b3ee42155086160/]
The exim_mainlog records the arrival and delivery of all emails. It explains where the mail came from, to which address it was delivered, the hostname of the server and more. Additional details can be added to this log file by using extended logging in exim. Your output would be something like this on most systems:
[crayon-5b7c592b3ee44288815702/]
So within the last 30 days, the /cforms directory has sent 8 messages to the queue. Cforms is a defunct WordPress plugin and now, as such, unsupported by the developer against exploits. Would you expect that Jane’s website should do that? A result like this isn’t necessarily suspicious as this is normal contact form use. Something like this, however, would be VERY suspicious:
[crayon-5b7c592b3ee45597650285/]
I can’t think of a valid reason why an ‘images’ directory should be sending mail, so alarm bells would trigger and that’s definitely something I would look into further.

So, presuming we saw strange usage numbers or a bizarre path, let’s dig even deeper and look at what the Subject of Jane’s emails actually were, as this gives us an indication of spam activity. Change directory into /var/log
[crayon-5b7c592b3ee47336639061/]
Now run this:
[crayon-5b7c592b3ee48443852562/]
Nice, it returns a list like this which tells us all we want to know:
[crayon-5b7c592b3ee4a721184136/]
Again, no cause for concern and the only spammy one there would be the first one, already marked as such by Akismet.

If you have lots of adverts for cheap meds or blue pills in there then you need to find the offending code that’s pushing spam through your email system. Start with a virus scan on your Linux server

Hope this helps and feel free to drop me a comment below.