From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RKXME-0005HP-7r for garchives@archives.gentoo.org; Sun, 30 Oct 2011 15:31:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BC4EA21C0FE; Sun, 30 Oct 2011 15:31:15 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id CC1F021C0BB for ; Sun, 30 Oct 2011 15:30:13 +0000 (UTC) Received: by wyh21 with SMTP id 21so880616wyh.40 for ; Sun, 30 Oct 2011 08:30:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=am8KtcuqA+WXPFR94pmbr1etStp3wmamEw736d9FW5I=; b=FN8BtQfebT9mby63l/BhwDTkJGNyphBugqLu+jP7jq26aPkX4jWQ7aDyePqexZwZMx F16jemzlQtegy8dXkuSY0xO/P5JP65sU4BtXoNEozeYWTXR8flPpvbl3sc2B8AyHdwQ3 5ScQs8UqZRXbKKOaEyY/bWsbjswfrNsoIOHoQ= Received: by 10.216.24.39 with SMTP id w39mr1903685wew.67.1319988613040; Sun, 30 Oct 2011 08:30:13 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id b5sm27223694wbh.4.2011.10.30.08.30.11 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 30 Oct 2011 08:30:12 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Which desktop antivirus? Date: Sun, 30 Oct 2011 15:29:53 +0000 User-Agent: KMail/1.13.7 (Linux/3.0.6-gentoo; KDE/4.6.5; x86_64; ; ) References: <201110221227.43568.michaelkintzios@gmail.com> <201110301250.51263.michaelkintzios@gmail.com> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart20631428.P7exXG4lku"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201110301530.10341.michaelkintzios@gmail.com> X-Archives-Salt: X-Archives-Hash: ecbda2154b4ec6dbc31e625f0ca6a67b --nextPart20631428.P7exXG4lku Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote: > I'm surprised that no one has mentioned rkhunter yet - loads of lib > exploits allow system access, and there's a pretty solid argument that sa= ys > that compromising a user account on the average *nix system allows enough > resourses to do a lot of malicious activity without even needing privilege > escalation. I have ... All I use on my boxen is chkrootkit and rkhunter. rkhunter-1.3.8 is currently giving me false positives: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =46ile properties checks... Required commands check failed Files checked: 138 Suspect files: 1 Rootkit checks... Rootkits checked : 245 Possible rootkits: 2 Rootkit names : Xzibit Rootkit, Knark Rootkit Applications checks... Applications checked: 3 Suspect applications: 0 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This is known and I believe fixed in later versions. =2D-=20 Regards, Mick --nextPart20631428.P7exXG4lku Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk6tbYIACgkQVTDTR3kpaLYRgACfdmeyd2nz6lmJUe2Rvjxzx7hy j+cAnAmYDPDVVTtv4HAwR4RpXqf/UQtn =NgQq -----END PGP SIGNATURE----- --nextPart20631428.P7exXG4lku--