On Tue, 10 Aug 2010 01:10:37 -0500, Paul Hartman wrote:

> Second, the problem of chkrootkit telling me "find" and "netstat" were
> INFECTED, in big scary upper-case letters. The files appear to be
> genuine,

chkrootkit hasn't been updated in over a year, a bit scary for a malware
scanner.

> I then tried rkhunter. It gave me numerous warnings, but after
> checking the log for details they all appear to be harmless (For
> example, it warns that /usr/bin/ldd is a script, not a binary... as
> far as I can tell, that is how it's supposed to be)

You can tweak the rkhunter config to skip specific tests on specific
files (or patterns) to avoid these false positives.


-- 
Neil Bothwick

Top Oxymorons Number 3: Working vacation