False positives from chkrootkit? or hacked test server?

Martin Hudec corwin at aeternal.net
Thu Apr 15 01:00:01 PDT 2004


	thanks for the info :), that explains why my 4.9-STABLE was not infected
and 4.10-BETA shows false positives..
But I am still bit unsure why my 5.2.1-RELEASE-p4 (not mentioning one false
positive) stops while checking lkm..



On Thu, Apr 15, 2004 at 08:29:17AM +0100 or thereabouts, Matthew Seaman wrote:
> In a word: yes.  This was something that was quite a popular question
> on this list some months back around the time of one of the earlier
> 5.x releases.  I don't remember anyone mentioning this in the context
> of 4.9 or earlier systems, but that could just be my memory failing.
>    http://lists.freebsd.org/pipermail/freebsd-security/2003-August/000755.html
> For the rest of the traffic look at:
>    http://www.google.co.uk/search?hl=en&ie=UTF-8&oe=UTF-8&safe=off&q=site%3Alists.freebsd.org+chkrootkit+chfn+INFECTED&btnG=Search&meta=
> (Nb. chkrootkit has since been fixed to work correctly under 5.x)
> However see this:
>     http://lists.freebsd.org/pipermail/freebsd-ports/2004-April/011362.html

Martin Hudec		| corwin at aeternal.net
			| corwin at web.markiza.sk
http://www.aeternal.net	| cell +421 907 303 393

More information about the freebsd-questions mailing list