[CentOS] ClamAV reports a trojan
James B. Byrne
byrnejb at harte-lyne.caThu Apr 16 15:01:02 UTC 2015
- Previous message: [CentOS] Centos 5 & tls v1.2, v1.1
- Next message: [CentOS] ClamAV reports a trojan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This morning I discovered this in my clamav report from one of our imap servers: /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: Unix.Trojan.MSShellcode-21 FOUND I have looked at this script and it appears to be part of the nmap distribution. It actually tests for irc backdoors. IRC is not used here and its ports are blocked by default both at the gateway and on all internal hosts. However, I none-the-less copied that file, removed namp, re-installed nmap from base, and diffed the file of the same name installed with nmap against the copy. They are identical. The question is: Do I have a problem here or a false positive? I am not sure why nmap is on that host but evidently I had some reason last October to use it from that server. In any case I am going to remove it for good, or at least until the reason I had it there reoccurs or is recalled to mind. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
- Previous message: [CentOS] Centos 5 & tls v1.2, v1.1
- Next message: [CentOS] ClamAV reports a trojan
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list