On 25/02/14 16:16, Reco wrote: > Hi. > > On Tue, 25 Feb 2014 11:07:23 +1100 > Scott Ferguson <scott.ferguson.debian.u...@gmail.com> wrote: > >> Am I missing part of the thread? > > Probably no, as you've replied in it: > > https://lists.debian.org/debian-user/2014/02/msg01346.html > > >> Where did the OP check to see if >> open-vm-tools and open-vm-toolbox *were* installed. I see where to OP >> tried looking for a filename using a command that expects a package name... > > This: > >> dpkg --search /usr/bin/vmtoolsd >> dpkg-query: no path found matching pattern /usr/bin/vmtoolsd > > equals to 'no package owns /usr/bin/vmtoolsd'. > 'open-vm-tools' package owns /usr/bin/vmtoolsd file. > > If open-vm-tools is installed - 'dpkg -S' would find it. > > > Reco > >
Please note the difference between *are/is* installed, and *were* installed. I would expect dpkg -S to fail if those packages had been wrongly removed (corrupting dpkg database) but the pam and man files are extremely unlikely to be the result of malware. The OP never responded to my query about the other files that would have been installed - or checked the installation history with dpkg --get-selections (it won't show if purge was run, but then, those files would likely not be left). It is possible[*1] vmtoolsd is a trojan - though that scenario means the rest of it's expected files would likely be there (and dpkg -S would find it) - an md5sum is a simple way to check. Simply re-installing a system because some one "suspects" a security breach - will zero evidence to support the suspicion, is not a good idea. By all mean re-install from a known clean source - but first check to see if the installation was legitimate (check package selections status), check "suspect" file/s. Otherwise it confirms nothing and do even less to help detect and defend against real malware. Always test when security is in doubt - but it's probably not a good idea to rule out user error. [*1] the first reported case. Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/530c2eb5.1070...@gmail.com
