Re: Iptables firewall
Recently I had this warning issued by an antivirus program. I must say
that clamav or f-prot did not detect this warning:
"/proc/kcore
Date: 18.07.2004 Time: 19:37:56 Size: 278798336
ALERT: [BDS/VirtualRoot virus] /proc/kcore <<< Contains a signature of
the (dangerous) backdoor program BDS/VirtualRoot Backdoor server
programs"
This is given as an alert.
kcore appears to be an alias of the memory in the system. I wonder if one
can set up a firewall to avoid any attempts to /proc in general or
/proc/kcore in particular.
Apparently since it is a virtual space, deleting the signature could crash
the system. How is this virus getting in?
After a clean reboot, the antivirus did not detect anything in /proc.
Debsums appear to be fine and chkrootkit states that everything is ok
except: "Checking `bindshell'... INFECTED (PORTS: 1524 31337)" but since
I am running portsentry I consider this a normal false positive.
Any ideas?
Reply to: