Hello, i have written the author of chkrootkit this mail. Tommy On Fri, Jul 02, 2004 at 01:20:50PM +0200, Tommy K wrote: > Hello, > > i have tested chkrootkit on many FreeBSD 4.10** maschines and all of the > tested machines have the same INFECTED things. > > I think that is a bug in chkrootkit > > <snip> Yes, you right. I will fix it in the next version. Thanks a lot for you bug report and interest in chkrootkit, ../nelson -murilo > # chkrootkit > ROOTDIR is `/' > Checking `amd'... not infected > Checking `basename'... not infected > Checking `biff'... not infected > Checking `chfn'... INFECTED > Checking `chsh'... INFECTED > Checking `cron'... not infected > Checking `date'... INFECTED > Checking `du'... not infected > Checking `dirname'... not infected > Checking `echo'... not infected > Checking `egrep'... not infected > Checking `env'... not infected > </snip> > > Hopefully it could help you! > > Regards Tommy > > -- > Das B> Key fingerprint = BFED 7E4C 8B67 64C8 B210 89D1 5678 1A02 7354 > DFB5 > > Thomas Kamann | Auszubildener - Anwendungsentwicklung On Wed, Aug 18, 2004 at 05:11:02AM -0700, probsd org wrote: > I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and > noticed that chfn, date, and chsh showed as being > infected. I remember reading post from the past that > right now chkrootkit is giving alot of false > positives, so I suspected that these 3 binaries are > not bad. > > However, to be on the safe side, I deleted the 3 > binaries, removed /usr/src and did a 'make world' to > 4.10-STABLE. > > But, chfn, cfsh, and date are stilling showing as > infected. > > Is my assumption that I am seeing a false positive > correct, or anyone know of an exploit that would > affect these 3 binaries ( and even after a 'make > world' from clean src )? > > Michael > > > > > > > __________________________________ > Do you Yahoo!? > New and Improved Yahoo! Mail - 100MB free storage! > http://promotions.yahoo.com/new_mail > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" -- Das B槀o am Draht GmbH | Bl晧herstra絽 22 | D-10961 Berlin http://www.dasburo.com | http://tom.dasburo.com Key fingerprint = BFED 7E4C 8B67 64C8 B210 89D1 5678 1A02 7354 DFB5 Thomas Kamann | Auszubildener - Anwendungsentwicklung _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"