On Sat, 2010-02-06 at 06:16 -0800, Marc MERLIN wrote: > > My system gets: > Performing malware checks > Checking running processes for suspicious files [ Warning ] > > because I run misterhouse, and the lsof scan picks it up: > > gargamel:~# lsof -F n -w -n |grep /mh$ > n/var/local/src/misterhouse/mh-svn/bin/mh > > I didn't find an exclude in the code, so I had to patch in a grep -v > for now. > Oh dear, more whitelisting required I suspect.
> Also, the reporting is not very helpful. All I got in my mail was: > Warning: Checking running processes for suspicious files [ Warning ] > Warning: One or more of these files were found: backdoor, adore.o, > mod_rootme.so, phide_mod.o, lbk.ko, > vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, hydra.restore, > ras2xm, vobiscum, sshd3, > system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, > xhide, xh, emech, psybnc, > mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o > Check the output of the lsof command 'lsof -F n -w -n' > > It would be nice to know which one was actually found :) > Yes, this has been reported recently. It will require a bit of change to the code, but we will see about getting it to report more accurately for the next release. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
