I have coldfusion running -- could this be the culprit? I search around Macromedia coldfusion site but didn't find anything...
> From: [EMAIL PROTECTED] > Organization: achana > Reply-To: [EMAIL PROTECTED] > Date: Fri, 27 Sep 2002 18:35:16 +1000 > To: [EMAIL PROTECTED] > Subject: Re: Is this a virus : "/tmp/orbit-<blabla>" > > It is indeed CORBA . > Since I have Apache collaborating with Tomcat , which talks with a DB > backend, I would not uninstall anything til I am sure it is spurious. > I have been trying to decide between CORBA and RMI and haven't made the > conscious decision. So I guess default-mode took over. > > > "[EMAIL PROTECTED]" wrote: >> >> I have this on one of my machines too -- /tmp/orbit-<username> -- I ran the >> rpm --what requires command below and got: >> >> no package requires ORBit-0.5.7-3 >> >> Anyone have any other ideas? Should I just uninstall the package? >> >>> From: Ward William E DLDN <[EMAIL PROTECTED]> >>> Reply-To: [EMAIL PROTECTED] >>> Date: Fri, 27 Sep 2002 13:26:29 -0400 >>> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >>> Subject: RE: Is this a virus : "/tmp/orbit-<blabla>" >>> >>> Gordon, while you're right that it's PROBABLY >>> ORBit (an Open Source CORBA implementation), >>> it seems to me whenever someone asks that question >>> the answer can NEVER be "No". It's always got >>> to be "YES!", "Possibly" or "Probably not", since >>> most root kits are going to attempt to install >>> some service or device which masquerades as an >>> innocuous, or even required, program. Without >>> looking directly at the box, without (for >>> example) tripwire information, without.... well, >>> you get the point. Without all that stuff, >>> we can hazard a guess, but only Arthur can tell >>> for sure. >>> >>> In this case, though, this IS typical behavior >>> of ORBit; not everyone uses CORBA based programs, >>> so they don't necessarily have these files, but >>> once you start using CORBA based programs, ORBit >>> spits out lots of stuff like Arthur described. >>> He might be able to check RPM to see what he has >>> installed which required ORBit, and see if he's >>> using those programs. In this case, perhaps >>> he should do an >>> >>> rpm -q ORBit | xargs rpm -q --whatrequires >>> >>> to see what he might be running that is doing this? >>> >>> Bill Ward >>> >>>> -----Original Message----- >>>> From: Gordon Messmer [mailto:[EMAIL PROTECTED]] >>>> Sent: Friday, September 27, 2002 12:13 PM >>>> To: [EMAIL PROTECTED] >>>> Subject: Re: Is this a virus : "/tmp/orbit-<blabla>" >>>> >>>> >>>> On Fri, 2002-09-27 at 08:08, Arthur Chan wrote: >>>>> Hi All. >>>>> I have these strange sub-dirs in /tmp/orb-<username> >>>>> , and in these sub-dirs , hundreds of files names like this : >>>>> "srwxr-xr-x orb-29348673785". >>>>> In the /tmp directory itself, many hundreds of files with names >>>>> similar to this : "file-fdhfgv878r" >>>>> Never seen them before, propagate faster than rabbits >>>>> Is this a virus ? >>>> >>>> No. `rpm -qi ORBit` >>> >>> >>> >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe >>> https://listman.redhat.com/mailman/listinfo/redhat-list >>> >> >> -- >> redhat-list mailing list >> unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe >> https://listman.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
