* John Horne <john.ho...@plymouth.ac.uk> [06-02-10 20:24]: > On Sat, 2010-02-06 at 06:16 -0800, Marc MERLIN wrote: > >> Also, the reporting is not very helpful. All I got in my mail was: >> Warning: Checking running processes for suspicious files [ Warning ] >> Warning: One or more of these files were found: backdoor, adore.o, >> mod_rootme.so, phide_mod.o, lbk.ko, >> vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, >> hydra.restore, ras2xm, vobiscum, sshd3, >> system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, >> xhide, xh, emech, psybnc, >> mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o >> Check the output of the lsof command 'lsof -F n -w -n' >> >> It would be nice to know which one was actually found :) >> > Yes, this has been reported recently. It will require a bit of change to > the code, but we will see about getting it to report more accurately for > the next release.
Yeah, this was me. Meanwhile I found out (with a little cronscript) what caused these permanent warnings. All my system mails goes to an mbox in mutt named system, as long as I leave mutt open with this folder, rkhunter warns me about that "suspicious file". Renaming the mbox does the trick, no further warnings anymore. Regards Jens ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
