Previously I wrote:
... The second-to-last thing the system does is upgrade my ClamAV
database by running freeclam. Then it says, "Starting tor daemon."
In response to my concern, Gene Heskett suggested:
Have you run the rootkit checkers? That would be my first thought.
The whole text of what I finally caught during shutdown was actually:
* Starting ClamAV virus database updater freshclam
* Starting tor daemon...
In response to Gene's suggestion, I installed ChkRootKit and RKHunter
and used them to look around. All there was, were some false positives
and no agreement on warnings.
Interestingly, when I installed CHKRootKit, the following message appeared:
The following packages were automatically installed and are no
longer required:
libseccomp2 tor tor-geoipdb torsocks xul-ext-torproxy
Use 'apt-get autoremove' to remove them.
Which I promptly did:
sudo apt-get autoremove
Reading package lists... Done
Building dependency tree Reading state information... Done
The following packages will be REMOVED:
libseccomp2 tor tor-geoipdb torsocks xul-ext-torproxy
That is the same list as above, mostly tor-related.
Now it's wait & see until that ultra-brief message pops up again
during shutdown.
Thanks, Gene, for your very useful suggestion.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
