Package: chkrootkit Version: 0.58b-1+b3 Severity: normal Dear Maintainer,
In Hebrew, the double quote mark can sometimes be used to mark an acronym. In this role, it can make its way into file names. This morning, when chkrootkit made its daily run, I had in /tmp a file named: 'חברת חשמל לישראל בע"מ - חשבון דו חודשי.pdf' (the single quote marks on the edges are not part of the name, but the double quote mark in the middle is) This caused this output from the script: """ Searching for suspect PHP files... /usr/bin/head: cannot open '/tmp/חברת חשמל לישראל בעמ' for reading: No such file or directory /usr/bin/head: cannot open 'חשבון' for reading: No such file or directory /usr/bin/head: cannot open 'דו' for reading: No such file or directory /usr/bin/head: cannot open 'חודשי.pdf 2>/dev/null | /usr/bin/grep -q ^#!.*php && echo /tmp/חברת' for reading: No such file or directory /usr/bin/head: cannot open 'חשמל' for reading: No such file or directory /usr/bin/head: cannot open 'לישראל' for reading: No such file or directory /usr/bin/head: cannot open 'בעמ - חשבון דו חודשי.pdf' for reading: No such file or directory WARNING WARNING: The following suspicious PHP files were found: ==> standard input <== """ Thanks, Shai. -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (800, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.7.12-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_IL.UTF-8, LC_CTYPE=en_IL.UTF-8 (charmap=UTF-8), LANGUAGE=en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chkrootkit depends on: ii libc6 2.38-10 Versions of packages chkrootkit recommends: ii anacron 2.3-40 ii binutils 2.42-4 ii cron [cron-daemon] 3.0pl1-189 ii exim4-daemon-light [mail-transport-agent] 4.97-8 ii iproute2 6.8.0-1 ii mailutils [mailx] 1:3.17-1.1+b2 ii procps 2:4.0.4-4 ii systemd-sysv 255.5-1 chkrootkit suggests no packages. -- Configuration Files: /etc/chkrootkit/chkrootkit.ignore changed: /usr/lib/ruby/vendor_ruby/rubygems/tsort/.document /usr/lib/ruby/vendor_ruby/rubygems/optparse/.document /usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document /usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.vscode /usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.gitignore /usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.vscodeignore /usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo /usr/lib/libreoffice/share/.registry /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore /usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep /usr/lib/python3/dist-packages/numpy/f2py/tests/src/assumed_shape/.f2py_f2cmap /usr/lib/python3/dist-packages/numpy/f2py/tests/src/f2cmap/.f2py_f2cmap /usr/lib/python3/dist-packages/numpy/core/include/numpy/.doxyfile -- no debconf information