Hello Al, On Sat, 22 Mar 2014 01:02:13 +0100 "Al Varnell" <alvarn...@mac.com> wrote: >I’m getting what I believe to be a False Positive with the OS X version of Macs Fan Control ><http://www.crystalidea.com/macs-fan-control>. The specific file is located at: >Macs Fan Control.app/Contents/Frameworks/QtCore.framework/Versions/5/QtCore >RKH_libkeyutils.so.1.9-v1 FOUND > >>From looking at the strings in the file and the signature it >would appear that embedded words in the file match sub signatures >6, 7 & 8.
Please note the sigs are prone to have false positives. They should only be run against specific targets if other attributes (hash, MAC times, size, log alerts, adjacent files) warrant it. It's more of a second opinion thing and not something to just run indiscriminately against file system contents as part of a regular check. Other than that it's good to remain vigilant but I haven't encountered a "libkeyutils.so" situation with Mac OS X yet. Finally: thanks, as I haven't had the chance to run those sigs against Mac OS X. Regards, unSpawn --- ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
