Date: Thu, 15 Apr 2004 10:01:18 +0200 From: Martin Hudec <corwin@aeternal.net> To: freebsd-questions@freebsd.org Subject: Re: False positives from chkrootkit? or hacked test server? Message-ID: <20040415080118.GG96246@pleiades.aeternal.net> In-Reply-To: <20040415072917.GC40193@happy-idiot-talk.infracaninophile.co.uk> References: <407D910F.8050507@pacbell.net> <20040415072917.GC40193@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, thanks for the info :), that explains why my 4.9-STABLE was not infected and 4.10-BETA shows false positives.. But I am still bit unsure why my 5.2.1-RELEASE-p4 (not mentioning one false positive) stops while checking lkm.. Cheers, Martin On Thu, Apr 15, 2004 at 08:29:17AM +0100 or thereabouts, Matthew Seaman wrote: > In a word: yes. This was something that was quite a popular question > on this list some months back around the time of one of the earlier > 5.x releases. I don't remember anyone mentioning this in the context > of 4.9 or earlier systems, but that could just be my memory failing. > > http://lists.freebsd.org/pipermail/freebsd-security/2003-August/000755.html > > For the rest of the traffic look at: > > http://www.google.co.uk/search?hl=en&ie=UTF-8&oe=UTF-8&safe=off&q=site%3Alists.freebsd.org+chkrootkit+chfn+INFECTED&btnG=Search&meta= > > (Nb. chkrootkit has since been fixed to work correctly under 5.x) > > However see this: > > http://lists.freebsd.org/pipermail/freebsd-ports/2004-April/011362.html > -- Martin Hudec | corwin at aeternal.net | corwin at web.markiza.sk http://www.aeternal.net | cell +421 907 303 393
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040415080118.GG96246>