Thanks Daniel Even though tiger does not show errors and debsums cannot check /bin, I decided I am going to do a complete reinstall -again-- since aide (for some reason), reports files changes in /bin /dev and other places. I don't know how to trust this report is until I learn more about aide.
I hope this thread has helped somebody else in the sense to secure a system as much as possible before it is connected to the internet. It has become certainly more hostile. > On 21 Jul 2004, jmm wrote: >>> On 20 Jul 2004, jmm wrote: >>>> The antivirus program was "Vexira". When portsentry is not running, >>>> there >>>> is nothing attached to 'bind shell', as reported by chkrootkit. It is >>>> strange since I ran Vexira in my previous system and after (it gave me >>>> the >>>> same warning in the previous system)I erased the whole disk and >>>> installed >>>> Woody from scratch with minimal services running. Then, in the >>>> afternoon, >>>> when I ran Vexira, the virus signature was showing in /proc/kcore. >>> >>> Hrm. Only with that scanner, and only in kcore, huh? Maybe it is >>> confused by some track of itself running in memory or something. >>> >>> Can you boot off a known good media (like, say, an install CD or >>> something) and run the scanner from there? That should determine if it >>> is an error, or if it is that the rootkit mostly manages to hide >>> itself. >> >> Well I booted with a debian cd and scanning /proc/kcore gives no errors >> and I also did a manual scan for each directory and nothing...Should I >> consider the first finding in /proc/kcore an error of the antivirus >> software? > > That seems likely to me. > > That said, I offer no warranty with my advice. :) > > Seriously -- it sounds like a false positive to me, but the key is to do > enough that *you* are happy that it was a mistake of the virus scanner. > > Daniel > -- > Sadness is but a wall between two gardens. > -- Kahlil Gibran > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- Jose Marrero <[EMAIL PROTECTED]> Key fingerprint = 1259 79C5 D922 EC07 47CC 724709C6
