Re: [Rkhunter-users] Checking running processes for suspicious files' has no exclude?

Mon, 01 Mar 2010 22:32:27 -0800 

On Sun, Feb 07, 2010 at 12:13:08AM +0100, Jens Schuessler wrote:
> * John Horne <john.ho...@plymouth.ac.uk> [06-02-10 20:24]:
> > On Sat, 2010-02-06 at 06:16 -0800, Marc MERLIN wrote:
> >
> >> Also, the reporting is not very helpful. All I got in my mail was:
> >>  Warning: Checking running processes for suspicious files [ Warning ]
> >>  Warning: One or more of these files were found: backdoor, adore.o, 
> >> mod_rootme.so, phide_mod.o, lbk.ko,
> >>  vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, 
> >> hydra.restore, ras2xm, vobiscum, sshd3,
> >>  system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, 
> >> holber, xhide, xh, emech, psybnc,
> >>  mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o
> >>           Check the output of the lsof command 'lsof -F n -w -n'
> >> 
> >> It would be nice to know which one was actually found :)
> >> 
> > Yes, this has been reported recently. It will require a bit of change to
> > the code, but we will see about getting it to report more accurately for
> > the next release.
> 
> Yeah, this was me. 
> Meanwhile I found out (with a little cronscript) what caused 
> these permanent warnings. All my system mails goes to an mbox in mutt
> named system, as long as I leave mutt open with this folder, rkhunter
> warns me about that "suspicious file". Renaming the mbox does the trick,
> no further warnings anymore.

Thanks both for the reply and for looking at it.

My sincere apologies about the mail bounces you got from me, that was a bug
on my side I just fixed.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to