Package: rkhunter Version: 1.4.6-8 Followup-For: Bug #955225 Taking a deeper look inside the report detail in:
https://www.virustotal.com/gui/file/a1deab0758d3ef2975626ab4b43e7594d61fefa67e1c17be78e57405006f63e0/details under some points it seems to move the hypotesis into beeing a go executable: NOTE: .note.go.buildid LOAD: .text .plt .interp .note.go.buildid LOAD: .rodata .dynsym .rela .rela.plt .gnu.version .gnu.version_r .hash .dynstr .typelink .itablink .gosymtab .gopclntab LOAD: .go.buildinfo .got.plt .dynamic .got .noptrdata .data .bss .noptrbss But unfortunately I'm not the expert on those matters. IHMO it seems that the package usrmerge could trigger it. Regards, xiscu -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (10, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rkhunter depends on: ii binutils 2.34-5 ii debconf [debconf-2.0] 1.5.73 ii file 1:5.38-4 ii lsof 4.93.2+dfsg-1 ii net-tools 1.60+git20180626.aebd88e-1 ii perl 5.30.0-9 ii ucf 3.0038+nmu1 Versions of packages rkhunter recommends: ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-1+b1 ii curl 7.68.0-1 ii e2fsprogs 1.45.6-1 ii exim4-daemon-light [mail-transport-agent] 4.93-13 ii iproute2 5.5.0-1 pn unhide <none> pn unhide.rb <none> ii wget 1.20.3-1+b2 Versions of packages rkhunter suggests: ii liburi-perl 1.76-2 ii libwww-perl 6.43-1 pn powermgmt-base <none> -- Configuration Files: /etc/logcheck/ignore.d.server/rkhunter [Errno 13] Permission denied: '/etc/logcheck/ignore.d.server/rkhunter' /etc/rkhunter.conf changed [not included] -- debconf information excluded