[CentOS] How to check for rootkit, troians etc in backed up files?

Mon Sep 1 05:59:17 UTC 2008
M. Fioretti <mfioretti at nexaima.net>


there is a remote (VPS) Centos 4.2 server which *may* have been
compromised. Reinstalling everything from scratch isn't a problem, it
may even be an occasion to improve a few things, the question is

There are backups of necessary shell script, ASCII configuration files
and more or less important email (maildir format, if it matters)
including messages with binary attachments in .doc, .pdf, .jpeg and
other formats. What is, in the context above, the best way to make
sure that **those** backed up files (which _must_ be put back on the
server after reinstall) do not contain any rootkit, troian, virus,
whatever? Which Centos / linux tool you'd recommend for this specific

Your own civil rights and the quality of your life heavily depend on how
software is used *around* you:            http://digifreedom.net/node/84