On Fri, 2004-05-07 at 13:36 -0400, Ken Morley wrote: > I've just installed RedHat Enterprise ES V3 and patched to the latest > revision. I then installed ClamAV 0.70, ran freshclam and did a clamdscan > against the entire drive. > > I was surprised when clamdscan reported: > > //proc/kcore: Trojan.MiniCommander.dr FOUND > > What's the possibility that the server is really infected? It's been up > just about two days, behind an commercial grade ICSA-certified firewall with > only outbound access to the internet. > > Does anyone else have a RHES V3 box that they can try? > > I wonder if the infected file ships with the RH distribution??? > > Any suggestions are appreciated.
First don't scan /proc. There are lots of files there that shouldn't be read unless you have a specific reason to. I would put kcore at the top of that list. That is the core kernel memory. So it is very unlikely that a Windows trojan is installed in that file. It just happened that the random pattern of bits in the core at that time triggered a false positive. -- Chris ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
