On Thu, 2014-04-10 at 09:53 +0100, Frank Murphy wrote: > /usr/bin/rkhunter: Osx.Worm.Inqtana-3 FOUND > /usr/bin/rkhunter: moved to '/var/cache/clam/rkhunter.001' > The ClamAV Inqtana-3 check looks for a couple of phrases (actually parts of filenames) which also occur in rkhunter as part of its Inqtana checks. I would say the ClamAV check is too simple, whereas rkhunter actually tests that the filenames exist.
Example: echo w0rms.l0ve.apples w0rm-support | clamdscan - stream: Osx.Worm.Inqtana-3 FOUND (I actually changed the above slightly - it should be 'love' - otherwise this mail message may well be rejected by ClamAV running on mail servers!) John. -- ---------------------------------------------------- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
