chkrootkit gives out false possitives all the time. Its not always accurate but a good tool to keep in the tool box none the less. Have you tried rkhunter ? ( http://www.rkhunter.org ). Perhaps maybe even install tripwire or AIDE or sanhain ( http://la-samhna.de/samhain/index.html ) may be in order ? -- Beau Henderson http://www.iminteractive.net On Tue, 11 Jan 2005 11:00:31 +0000, WipeOut <wipe_out at users.sourceforge.net> wrote: > Ralph Angenendt wrote: > > >WipeOut wrote: > > > > > >>I have just run chkrootkit on my server and have the following two > >>suspicious entries.. > >> > >>Searching for suspicious files and dirs, it may take a while... > >>/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist > >> > >> > > > >There should be only a list of perl packages in that file. You can check > >it very easily. > > > > > > > >>and further down.. > >> > >>Checking `bindshell'... INFECTED (PORTS: 465) > >> > >>Anyone have any advice for getting rid of it?? > >> > >> > > > >Find out which program listens on that port - and if you need it. 465 > >is smtps (SMTP over SSL). > > > >You can do so with netstat, lsof or fuser. > > > >chkrootkit can only give you hints - you have to look for yourself, if > >it is assuming correctly or fooling you. > > > >Ralph > > > > > Thanks Ralph.. > > I am looking into it now.. > > > _______________________________________________ > CentOS mailing list > CentOS at caosity.org > http://lists.caosity.org/mailman/listinfo/centos >