On Sunday 27 March 2011 22:09:00 walt wrote:
> I just got an email from cron on my ~amd64 machine, containing these lines:
> 
> Checking 'find'... INFECTED
> Checking 'netstat'... INFECTED
> 
> Took me a few minutes to deduce that sys-forensics/chkrootkit was the
> source of those messages.  I ran chkrootkit manually and found the same
> messages in the output.
> 
> I then nervously re-emerged findutils and net-tools, but chkrootkit again
> found the same binaries to be "INFECTED".
> 
> Running chkrootkit on my ~x86 machine turns up no such infections even
> though the same packages are installed on both machines.
> 
> Anyone have any insight into how chkrootkit works, or why the different
> results?
> 
> Or, can anyone reproduce my problem?
> 
> Thanks.

Just ran this on my stable amd64 PC and it looks OK:

...
Checking `find'... not infected  <---
Checking `fingerd'... not found
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected  <---
...

Did you run anything suspicious on your system?
-- 
Regards,
Mick