On Sun, 2006-04-09 at 07:54 -0400, Rick Friedman wrote: > I run chkrootkit daily. Today it has found a file it calls, "suspicious". The > file is a zero byte, hidden file. The path is /usr/lib/xulrunner/.autoreg > > After seeing this warning, I also ran rkhunter (rootkit hunter). The report > from rkhunter comes up clean. It does not flag the .autoreg file (or any file > for that matter). > > I am running sid and I believe that the .autoreg file may come from the > libxul0d package. > > Is this a legitimate file or something I should be concerned about? I tend to > think chkrootkit flagged it simply because it's hidden and zero bytes. I > don't think it's really a threat but I want to make certain. > > Any help is appreciated. Thanks.
Are you running a web/ftp/telnet server? IOW, how could the rk have been installed? Have you Googled for that file? Have you searched the Debian package list? http://www.debian.org/ http://www.debian.org/distrib/packages In the "Search the contents of packages" section, enter the file name. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA "Everybody today seems to be in such a terrible rush, anxious for greater developments and greater riches and so on, so that children have very little time for their parents. Parents have very little time for each other, and in the home begins the disruption of peace of the world." Mother Teresa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
