Date: Wed, 18 Aug 2004 05:11:02 -0700 (PDT) From: probsd org <probsdorg@yahoo.com> To: freebsd-security@freebsd.org Subject: chfn, date, chsh INFECTED according to chkrootkit Message-ID: <20040818121102.95460.qmail@web52402.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and noticed that chfn, date, and chsh showed as being infected. I remember reading post from the past that right now chkrootkit is giving alot of false positives, so I suspected that these 3 binaries are not bad. However, to be on the safe side, I deleted the 3 binaries, removed /usr/src and did a 'make world' to 4.10-STABLE. But, chfn, cfsh, and date are stilling showing as infected. Is my assumption that I am seeing a false positive correct, or anyone know of an exploit that would affect these 3 binaries ( and even after a 'make world' from clean src )? Michael __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818121102.95460.qmail>