False positives from chkrootkit? or hacked test server?
Martin Hudec
corwin at aeternal.net
Thu Apr 15 01:00:01 PDT 2004
Hello,
thanks for the info :), that explains why my 4.9-STABLE was not infected
and 4.10-BETA shows false positives..
But I am still bit unsure why my 5.2.1-RELEASE-p4 (not mentioning one false
positive) stops while checking lkm..
Cheers,
Martin
On Thu, Apr 15, 2004 at 08:29:17AM +0100 or thereabouts, Matthew Seaman wrote:
> In a word: yes. This was something that was quite a popular question
> on this list some months back around the time of one of the earlier
> 5.x releases. I don't remember anyone mentioning this in the context
> of 4.9 or earlier systems, but that could just be my memory failing.
>
> http://lists.freebsd.org/pipermail/freebsd-security/2003-August/000755.html
>
> For the rest of the traffic look at:
>
> http://www.google.co.uk/search?hl=en&ie=UTF-8&oe=UTF-8&safe=off&q=site%3Alists.freebsd.org+chkrootkit+chfn+INFECTED&btnG=Search&meta=
>
> (Nb. chkrootkit has since been fixed to work correctly under 5.x)
>
> However see this:
>
> http://lists.freebsd.org/pipermail/freebsd-ports/2004-April/011362.html
>
--
Martin Hudec | corwin at aeternal.net
| corwin at web.markiza.sk
http://www.aeternal.net | cell +421 907 303 393
More information about the freebsd-questions
mailing list