From: walt <w41ter@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] sys-forensics/chkrootkit finds INFECTED binaries on ~amd64
Date: Sun, 27 Mar 2011 14:09:00 -0700 [thread overview]
Message-ID: <imo91k$97d$1@dough.gmane.org> (raw)
I just got an email from cron on my ~amd64 machine, containing these lines:
Checking 'find'... INFECTED
Checking 'netstat'... INFECTED
Took me a few minutes to deduce that sys-forensics/chkrootkit was the source
of those messages. I ran chkrootkit manually and found the same messages in
the output.
I then nervously re-emerged findutils and net-tools, but chkrootkit again found
the same binaries to be "INFECTED".
Running chkrootkit on my ~x86 machine turns up no such infections even though
the same packages are installed on both machines.
Anyone have any insight into how chkrootkit works, or why the different results?
Or, can anyone reproduce my problem?
Thanks.
next reply other threads:[~2011-03-27 21:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-27 21:09 walt [this message]
2011-03-28 8:05 ` [gentoo-user] sys-forensics/chkrootkit finds INFECTED binaries on ~amd64 Mick
2011-03-28 14:24 ` Paul Hartman
2011-03-28 23:48 ` [gentoo-user] " walt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='imo91k$97d$1@dough.gmane.org' \
--to=w41ter@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox