WipeOut wrote: > I have just run chkrootkit on my server and have the following two > suspicious entries.. > > Searching for suspicious files and dirs, it may take a while... > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist There should be only a list of perl packages in that file. You can check it very easily. > and further down.. > > Checking `bindshell'... INFECTED (PORTS: 465) > > Anyone have any advice for getting rid of it?? Find out which program listens on that port - and if you need it. 465 is smtps (SMTP over SSL). You can do so with netstat, lsof or fuser. chkrootkit can only give you hints - you have to look for yourself, if it is assuming correctly or fooling you. Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20050111/809e6b8e/attachment-0005.sig>