Hello Jimmy, On Wed, 22 Aug 2007 15:19:49 +0200 Jimmy Boersma <[EMAIL PROTECTED]> wrote: >I downloaded your rkhunter, but did not find any threads.
That's because you are using version 1.2.9 and that version doesn't scan for 'malware'. The files in the archives are mainly port scanners: atac: ELF executable, a SSH port scanner h: ELF executable, a processname hider httpd: ELF executable, a SSH port scanner pass.txt: Prefab/gathered logins and passes s: ELF executable, strobe, an ancient port scanner scan: Bourne-Again shell script to run atac and httpd x: ELF executable, a B-range scanner called "foloseste"(?) RKH 1.3.0 includes a crude "malware scanner" called 'suspscan'. With it I get these results, the thresh is set to 200 so anything over that should be up for human inspection: [04:05:54] Info: Starting test name 'suspscan' [04:05:54] Maximum file size to check (in bytes): '10240000' [04:05:54] Score threshold is set to: 200 [04:05:58] File checked: Name: '/zeus/x' Score: 41 [04:06:00] Warning: File '/zeus/h' (score: 200) contains some suspicious content and should be checked. [04:06:01] Warning: File '/zeus/s' (score: 221) contains some suspicious content and should be checked. [04:06:05] File checked: Name: '/zeus/scan' Score: 20 [04:06:06] Warning: File '/zeus/httpd' (score: 206) contains some suspicious content and should be checked. [04:06:07] Warning: File '/zeus/atac' (score: 206) contains some suspicious content and should be checked. [04:06:13] Warning: File '/zeus/pass.txt' (score: 272) contains some suspicious content and should be checked. [04:06:13] Checking for files with suspicious contents [ Warning ] HTH Cheers, unSpawn -- Why not be a nutritionist? Get your degree fast. Click here! http://tagline.hushmail.com/fc/Ioyw6h4fMaOXNvSfVrDwSn6peONPp7rNtnwS4vLg4EJEhdW0ODjZrq/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
