[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables firewall

> On 20 Jul 2004, jmm wrote:
>> The antivirus program was "Vexira". When portsentry is not running,
>> there
>> is nothing attached to  'bind shell', as reported by chkrootkit.  It is
>> strange since I ran Vexira in my previous system and after (it gave me
>> the
>> same warning in the previous system)I erased the whole disk and
>> installed
>> Woody from scratch with minimal services running.  Then, in the
>> afternoon,
>> when I ran Vexira, the virus signature was showing in /proc/kcore.
>
> Hrm. Only with that scanner, and only in kcore, huh?  Maybe it is
> confused by some track of itself running in memory or something.
>
> Can you boot off a known good media (like, say, an install CD or
> something) and run the scanner from there?  That should determine if it
> is an error, or if it is that the rootkit mostly manages to hide itself.

Well I booted with a debian cd and scanning /proc/kcore gives no errors
and I also did a manual scan for each directory and nothing...Should I
consider the first finding in /proc/kcore an error of the antivirus
software?
Reply to: