There isn't really much Linux malware (to date), compared with Windows, so although it might be infected, I wouldn't leap to that conclusion.
In terms of antimalware for Linux, I'd take a look at ClamAV. I suspect it's in the Debian repositories.
But the safest thing in this kind of situation - perhaps the machine has malware, perhaps it's been owned - is to rebuild fresh from the bare metal.
If this webserver is internet facing, you should make sure it is hardened appropriately. It should be bang up to date with the relevant patches. It should be behind a properly configured firewall with appropriate ingress and egress filtering. It should have software that is not required for the functioning of the web server removed - is Exim required at all?
Hope this helps somewhat. If I'm just stating stuff you already know, well, no matter :-)
|