According to =?big5?B?Y2hvaWtlbm0wMzU0?=: > I have downloaded the source from your web site > "http://www.htdig.org/files/htdig-3.1.5.tar.gz"; at 27 Nov 2001. > I compile it and run as usual, it works fine and it can produce > information. > > But something strange happened, when I check the system log file, > a mail is sending out every 15 minutes. The mail subject is "Hi > there!". I know it is a VIRUS. I have check my system several time > to see any special process is running. Finally,I found that mail sent > out when "rundig" is running. If I "kill" rundig, nothing is happen. > > I can't give any evidence to support my finding. But, I do hope > you can tell me how to check against the source. > > It is the file I got : > -rw-r--r-- 1 choikenm users 1960580 Nov 27 14:22 htdig-3.1.5.tar.gz > > My system: > Slackware 8.0 > gcc 2.95.3
OK, if you _know_ it is a virus, why do you suspect htdig has anything to do with it? I've certainly never heard of any Linux-based viruses that target rundig. Indeed, the only Linux-based "virus" I've ever heard of is a fairly pathetic little trojan horse program packaged as a game, which will infect Linux systems if installed and run as root. It might help to have some more concrete data that points to a connection between the two, other than a coincidental running of "rundig" when you get the e-mail. What do these system log file entries look like? Do they clearly indicate the mail originates on the same system that's running rundig? Which program is rundig running at that time (htdig, htmerge, htpurge, htnotify, htfuzzy)? What do the e-mail message headers and bodies look like? Do they contain attachments? The size of the htdig-3.1.5.tar.gz is certainly correct, so you're very likely not dealing with an altered version of the source. To be certain, you can check that the checksum reported by "sum" is "61269 1915", and "md5sum" reports "cbf4a0f2b703d9822db555a14dc96ed3". There's really nothing in the htdig source that sends e-mail apart from htnotify, but its e-mail shouldn't appear to be particularly suspicious. The subject for the e-mail will come from a meta tag in an HTML document that you're indexing, but it will also include the words "WWW notification" and the body of the message will clearly identify the URL of the document that was set up to send a notification. If this is what's happening why are you going on a wild goose chase about viruses? Just read up on the Notification service on the http://www.htdig.org/ web site and/or change the document that's sending the notification. If this isn't what's happening, you really haven't given us any useful information that would allow any of us to help you. -- Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]> Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil Dept. Physiology, U. of Manitoba Phone: (204)789-3766 Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930 _______________________________________________ htdig-general mailing list <[EMAIL PROTECTED]> To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe FAQ: http://htdig.sourceforge.net/FAQ.html
