Hi Rick, > Why don't you make a copy of one or more of those binaries, then > re-retrieve and install the Woody package of the same release, and > compare md5sums of the resulting binaries? (Note that you should make > very sure it's the same release, or you'll get a different md5sum for > entirely innocent reasons.)
indeed, I could do it. After an established contact to one of the maintainer the previous advice to --update the md5sum from the rkhunter server solved the problem and it was not an irregularity within the debian server. So they've updated now which was required. > > Checking /dev for suspicious files... [ Warning! > > (unusual files found) ] > Well? What files? The fact that rkhunter has an opinion is not, by > itself, particularly interesting. You either have to know rkhunter > very, very well, such that you have a high degree of faith in its > opinions, or need to investigate for yourself what it claims is > suspicious. Preferably both. Don't know what files as there was no output and by the way it was the first time I used rkhunter. > > - ProFTPd 1.2.5rc1 [Vulnerable ] > > - OpenSSH 3.4p1 [Vulnerable ] > > - GnuPG 1.0.6 [Vulnerable ] > Well? _Are_ those actually vulnerable, or is rkhunter making bad > assumptions? If you are running a conventional woody system, then > you're receiving backported security fixes -- which does not change the > package version number. Ergo, if rkhunter is stating the foregoing > strictly on the basis of version numbers, then it is making a common > elementary error. Hm, to be honest I wasn't able to read the source code but I don't think that my ProFTP is not vulnerable and I've to agree rkhunter is not able to detect the correct version so you're right. > > Incorrect MD5 checksums: 6 > Which ones? And on what basis is it saying they're incorrect? You > don't say. The binaries mentioned above. -- Best Regards, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]