Date: 18 Oct 2005 09:19:03 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Paul Schmehl <pauls@utdallas.edu> Cc: questions@freebsd.org Subject: Re: chkrootkit Message-ID: <44mzl70xq0.fsf@be-well.ilk.org> In-Reply-To: <9418EAA207FFABD51C8A52A1@utd59514.utdallas.edu> References: <9418EAA207FFABD51C8A52A1@utd59514.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl <pauls@utdallas.edu> writes: > Out of curiosity more than anything else, I installed chkrootkit on a > server I maintain and ran it. It returned this: > > Checking `bindshell'... INFECTED (PORTS: 465) > > I'm running smtps on that server, so this is apparently a false > positive. Has anyone else seen this? A *very* quick look at the source makes me think that the check isn't doing much more than checking for the port being open, in which case you're right. If you don't get a more knowledgeable answer from this mailing list, though, you should go to the chkrootkit folks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44mzl70xq0.fsf>