Date: Thu, 13 May 2004 13:05:45 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Shaun T. Erickson" <ste@smxy.org> Cc: freebsd-questions@freebsd.org Subject: Re: chkrootkit says 'date' is infected Message-ID: <20040513200545.GB8931@xor.obsecurity.org> In-Reply-To: <40A3CBB8.1090202@smxy.org> References: <40A3CBB8.1090202@smxy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--dTy3Mrz/UPE2dbVg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 13, 2004 at 03:25:44PM -0400, Shaun T. Erickson wrote: > I just installed and ran the chkrootkit port on my 5.2.1-RELEASE-p5=20 > system. It says my date command is infected. Nothing else, just that.=20 > How can I determine if this is a false positive or if I'm truly hacked? Talk to the chkrootkit developers. Their tool provides so many false positives that they're the ones who should be bearing the responsibility for dealing with user confusion :) Kris --dTy3Mrz/UPE2dbVg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAo9UZWry0BWjoQKURAvNQAKDjOLzICVsbxwpKAjPCS6tNh295bgCfdEUo eLaABPsRCA7AhReuhOYnybM= =47Dl -----END PGP SIGNATURE----- --dTy3Mrz/UPE2dbVg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040513200545.GB8931>