Hi Julien. Sorry, for the late reply.
On Mon, 2009-02-16 at 08:22 +0100, Julien Valroff wrote: > Strange, it is well found on several of my machines where it is present. > [...] > > Given all the elements you have described, I cannot see any reason why > rkhunter doesn't warn you. > Can you please forward the log file of 'rkhunter --enable filesystem'? Since your last upload it works :-) > > So I thought it _should_ be reported (which is not the case). > The protocol is excluded from the listen process check: > egrep -v '^sk|888e' /proc/net/packet Is this not somewhat risky? I mean a rootkit could just use this behaviour for it's own purposes? Regards, Chris.
smime.p7s
Description: S/MIME cryptographic signature

