Matthew Goade wrote: > Warning: Possible LKM Trojan installed > > Is this normal for a Raq4r???
No. Absolutely not, no. Unless the RaQ is hammering away processing mail, or something similar, I'd say you probably have Something Bad going on there. chkrootkit *can* report false positives since in the interval between it running 'ps ax' and then doing the readdir on /proc/[0-9]* some processes may spawn or die; however if you consistently have the same number then something is very wrong. You can run chkrootkit in 'expert' or 'debug' mode[0]. Pipe the output to a file and look through it to see which process IDs are causing the problem. Then do "ls -l /proc/$PID" and see what it says. That way you can attempt to find whatever dirty binary is causing the problem. [0] I will, however, leave this as an excercise for interested readers ;-) Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
