Thanks for coming back to me, Al.

I couldn't see anything useful in the changelog, but looking further
at how RKH seems to work it looks like it would pick up HiddenWasp (as
an example) because it preloads a shared library as part of it's
infection process.

Thanks
Rob


On Thu, 21 Nov 2019 at 18:54, Al Varnell <alvarn...@mac.com> wrote:
>
> Take a look at the release dates in the Change Log to see how often 
> signatures are update:
>
> <https://sourceforge.net/p/rkhunter/rkh_code/ci/master/tree/files/CHANGELOG>
>
> -Al-
> macOS User
>
> On Nov 21, 2019, at 07:47, rob pearman <rob.pear...@gmail.com> wrote:
>
> Hi!
>
> I'd be grateful if someone could answer a couple of questions ...
>
> 1. I'm aware that in principle it checks for changes to key files that
> might indicate a replacement by a rootkit/virus, and I've already set
> up my installation to check against my package manager's details (DPKG
> in my case), however there are also rootkit-specific tests run by RKH
> that are listed toward the end of the 'check' process. Notably absent
> from this list are some recent nasties such as HiddenWasp - is this
> because the signatures haven't been updated yet, or would it be
> detected by more generic checks that mean it doesn't need specific
> checks to be performed?
>
> 2. what is the process, and how often are the RKH signatures updated?
>
> Thanks for your help.
> Rob


_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to