On Sunday 27 March 2011 22:09:00 walt wrote: > I just got an email from cron on my ~amd64 machine, containing these lines: > > Checking 'find'... INFECTED > Checking 'netstat'... INFECTED > > Took me a few minutes to deduce that sys-forensics/chkrootkit was the > source of those messages. I ran chkrootkit manually and found the same > messages in the output. > > I then nervously re-emerged findutils and net-tools, but chkrootkit again > found the same binaries to be "INFECTED". > > Running chkrootkit on my ~x86 machine turns up no such infections even > though the same packages are installed on both machines. > > Anyone have any insight into how chkrootkit works, or why the different > results? > > Or, can anyone reproduce my problem? > > Thanks.
Just ran this on my stable amd64 PC and it looks OK: ... Checking `find'... not infected <--- Checking `fingerd'... not found Checking `gpm'... not infected Checking `grep'... not infected Checking `hdparm'... not found Checking `su'... not infected Checking `ifconfig'... not infected Checking `inetd'... not tested Checking `inetdconf'... not found Checking `identd'... not found Checking `init'... not infected Checking `killall'... not infected Checking `ldsopreload'... not infected Checking `login'... not infected Checking `ls'... not infected Checking `lsof'... not infected Checking `mail'... not infected Checking `mingetty'... not found Checking `netstat'... not infected <--- ... Did you run anything suspicious on your system? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
