Robert Larson wrote:
On Friday 24 March 2006 05:38 am, Paul Kölle wrote:
王 鹏辉 wrote:
Hello, list,
Recently, i found that my emails server has sent out mess spam emails by
some strange account from [EMAIL PROTECTED] I run chkrootkit then found that
bindshell INFECTED (PORTS: 465)
Me too. AFAIK it's a false positive. This is stated in a chkrootkit FAQ
whose URL slipped out of my memory but I found it by google.
I can verify this as it has been a false positive for me in the past. I would
highly recommend, before passing it off as a false positive, check to see
what is listening on this port. I've heard that Exim uses this, and
PortSentry does as well. "netstat -nap --ip" should show it. Also, you may
use "lsof | grep TCP".
This is normally the port an ssl enabled mailserver listens on.
netstat -ltnp shows ports with attached listeners and processids, that
should get you started on figuring out what is actually listening on
that port.
Ramon
--
To be stupid and selfish and to have good health are the three requirements for
happiness, though if stupidity is lacking, the others are useless.
Gustave Flaubert
--
[email protected] mailing list
