Re: Iptables firewall
> On 20 Jul 2004, jmm wrote:
>> The antivirus program was "Vexira". When portsentry is not running,
>> is nothing attached to 'bind shell', as reported by chkrootkit. It is
>> strange since I ran Vexira in my previous system and after (it gave me
>> same warning in the previous system)I erased the whole disk and
>> Woody from scratch with minimal services running. Then, in the
>> when I ran Vexira, the virus signature was showing in /proc/kcore.
> Hrm. Only with that scanner, and only in kcore, huh? Maybe it is
> confused by some track of itself running in memory or something.
> Can you boot off a known good media (like, say, an install CD or
> something) and run the scanner from there? That should determine if it
> is an error, or if it is that the rootkit mostly manages to hide itself.
Well I booted with a debian cd and scanning /proc/kcore gives no errors
and I also did a manual scan for each directory and nothing...Should I
consider the first finding in /proc/kcore an error of the antivirus