Hi Martin, I have seen it before on systems that have prelink enabled and when it is updated, all binaries are changed. However, without more information from your system, I can't tell for sure.
http://www.die.net/doc/linux/man/man8/prelink.8.html https://mailman.cs.tut.fi/pipermail/aide/2005-May/000129.html *Btw, I would suggest disabling it. The performance gain is very small compared to the security costs (not knowing exactly which files changed). Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 5/23/07, Martin West <[EMAIL PROTECTED]> wrote: > > > ossec just threw up some files in usr/bin had changed and they hadnt > been upgraded by yum. > > Some stuff in ncurses and less, so I moved out to a quarantine folder > and reinstalled the rpms for the affected files. > > How can I tell if this is a virus? > > Thanks > > -- > Regards > Martin West >
