Re: Chkrootkit finds bindshell

["Phil Cryer" <phil () cryer us>]

> chkrootkit found:
> Checking `bindshell'... INFECTED (PORTS:  465)
>
> Googling finds that it's often a 'false positive'.  What is the concensus >from this group?  What should be done?

I've figured out that this is found *only* when I have an SSL SMTP server running.  I kill that and nothing is found.  
Apparently Chkrootkit is buggy in this case, and has been for some time.  Time to switch to rkhunter.  Thanks

P


"You teach best what you most need to learn." - Richard Bach