From owner-freebsd-questions@FreeBSD.ORG  Fri Jun  6 11:21:48 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 812A937B401
	for <questions@freebsd.org>; Fri,  6 Jun 2003 11:21:48 -0700 (PDT)
Received: from fed1mtao04.cox.net (fed1mtao04.cox.net [68.6.19.241])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A34843F85
	for <questions@freebsd.org>; Fri,  6 Jun 2003 11:21:48 -0700 (PDT)
	(envelope-from xcas@cox.net)
Received: from localhost.bsd-unix.org ([68.2.134.114])
	by fed1mtao04.cox.netESMTP
	<20030606182147.UGYK27845.fed1mtao04.cox.net@localhost.bsd-unix.org>
	for <questions@freebsd.org>; Fri, 6 Jun 2003 14:21:47 -0400
Date: Fri, 6 Jun 2003 11:21:47 -0700 (MST)
From: xcas@cox.net
X-X-Sender: cas@localhost.bsd-unix.org
To: questions@freebsd.org
Message-ID: <20030606110904.T38001@localhost.bsd-unix.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: chkrootkit-0.40 & FreeBSD 5.1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2003 18:21:48 -0000

Is there a problem with 'chkrootkit-0.40' on 5.x? It tells me that some of
the files are infected (I know for a fact that they're not)..

Files reported as infected:
/usr/bin/chfn
/usr/bin/chsh
/bin/date
/bin/ls
/bin/ps

localhost# uname -a
FreeBSD localhost.tuxsux.org 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Wed Jun  4 06:09:58 MST 2003
cas@localhost.tuxsux.org:/usr/obj/usr/src/sys/KADAFI  i386