Hi Julien.

Sorry, for the late reply.


On Mon, 2009-02-16 at 08:22 +0100, Julien Valroff wrote:
> Strange, it is well found on several of my machines where it is present.
> [...]
> 
> Given all the elements you have described, I cannot see any reason why
> rkhunter doesn't warn you.
> Can you please forward the log file of 'rkhunter --enable filesystem'?
Since your last upload it works :-)



> > So I thought it _should_ be reported (which is not the case).
> The protocol is excluded from the listen process check: 
> egrep -v '^sk|888e' /proc/net/packet
Is this not somewhat risky?
I mean a rootkit could just use this behaviour for it's own purposes?



Regards,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to