Security Basics mailing list archives
Re: Chkrootkit finds bindshell
From: "Phil Cryer" <phil () cryer us>
Date: Tue, 23 Aug 2005 10:30:00 -0500
chkrootkit found: Checking `bindshell'... INFECTED (PORTS: 465) Googling finds that it's often a 'false positive'. What is the concensus >from this group? What should be done?
I've figured out that this is found *only* when I have an SSL SMTP server running. I kill that and nothing is found. Apparently Chkrootkit is buggy in this case, and has been for some time. Time to switch to rkhunter. Thanks P "You teach best what you most need to learn." - Richard Bach
Current thread:
- Chkrootkit finds bindshell Phil Cryer (Aug 23)
- <Possible follow-ups>
- RE: Chkrootkit finds bindshell Keith Bucher (Aug 23)
- Re: Chkrootkit finds bindshell Esteban B. (Aug 24)
- Re: Chkrootkit finds bindshell Phil Cryer (Aug 23)