On 03/28/2011 07:24 AM, Paul Hartman wrote:
On Sun, Mar 27, 2011 at 4:09 PM, walt<w41...@gmail.com> wrote:
I just got an email from cron on my ~amd64 machine, containing these lines:
Checking 'find'... INFECTED
Checking 'netstat'... INFECTED
Took me a few minutes to deduce that sys-forensics/chkrootkit was the source
of those messages. I ran chkrootkit manually and found the same messages in
the output.
chkrootkit is old, has not been updated in years+, and those are false
alarms. I got the exact same ones. Basically, chkrootkit is just
grepping for a string inside those files:
/usr/bin/find: sharefile.h
/bin/netstat: sockaddr.h
You may find that if you strip those 2 binaries of debug data, the
false positives go away.
Exactly so. Thanks to you and Mick for the replies.
