On Thu, 13 May 2004 [EMAIL PROTECTED] wrote: > In the message dated: Thu, 13 May 2004 14:21:55 +0200, > The pithy ruminations from "Flynn" on > <Re: [Clamav-users] What is this Exploit.JUnksurf.A ?> were: > => > > => > If your md5sum does NOT match, then reinstalling is probably your best > => > option. > => > > => > => I would suggest to run this : > => > => for i in $(rpm -qa);do rpm -V $i | grep bin;done > => > => before taking the decision of reinstalling everything... > > If you're concerned about file corruption, maybe. If you're concerned that > you've been hacked, neither of those techniques is very useful, unless the > md5sum executable, the rpm executable, and the rpm database are located on > known-good, read-only media, such as a the distribution CD.
You are obviously correct in the case of an intrusion. But I don't know many 1337 h4x0rs that would mess with: //usr/share/doc/libxml2-devel-2.5.4/example.html: Exploit.Junksurf.A FOUND which is why i recommended updating clamav before reinstalling. Taking things in context helps. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
