Hi,
This is with 1.3.6.
My system gets:
Performing malware checks
Checking running processes for suspicious files [ Warning ]
because I run misterhouse, and the lsof scan picks it up:
gargamel:~# lsof -F n -w -n |grep /mh$
n/var/local/src/misterhouse/mh-svn/bin/mh
I didn't find an exclude in the code, so I had to patch in a grep -v
for now.
Also, the reporting is not very helpful. All I got in my mail was:
Warning: Checking running processes for suspicious files [ Warning ]
Warning: One or more of these files were found: backdoor, adore.o,
mod_rootme.so, phide_mod.o, lbk.ko,
vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, hydra.restore,
ras2xm, vobiscum, sshd3,
system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber,
xhide, xh, emech, psybnc,
mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o
Check the output of the lsof command 'lsof -F n -w -n'
It would be nice to know which one was actually found :)
Thanks,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
