chkrootkit

Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Tue Oct 18 06:56:33 PDT 2005


Paul Schmehl <pauls at utdallas.edu> writes:

> Out of curiosity more than anything else, I installed chkrootkit on a
> server I maintain and ran it.  It returned this:
> 
> Checking `bindshell'... INFECTED (PORTS:  465)
> 
> I'm running smtps on that server, so this is apparently a false
> positive. Has anyone else seen this?

A *very* quick look at the source makes me think that the check isn't
doing much more than checking for the port being open, in which case
you're right.  If you don't get a more knowledgeable answer from this
mailing list, though, you should go to the chkrootkit folks.


More information about the freebsd-questions mailing list