On 2005-09-26 03:05:42 -0700, lantz moore wrote: > it wasn't "fixed" because it's not a bug. by design, chkrootkit > flags any file under /usr/lib that starts with a dot, a so-called > "hidden" file, as being suspicious. see > http://www.chkrootkit.org/faq/#8 for a terse explanation of why the > upstream author is not going to modify the behavior the program.
I think that the chkrootkit package should contain some whitelist for known Debian packages to avoid false positives. For instance, if kaffe is installed, then /usr/lib/kaffe/.system is OK (possibly check the symlink). -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / SPACES project at LORIA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
