asterisk
11-17-2005, 09:21 PM
If one has just installed chkrootkit and did a preliminary scan, one might probably get a false alarm saying something to the effect of:
Checking `bindshell'... INFECTED (PORTS: 465)
That would be SMTPs, with Exim binding to this.
To check, do a 'service exim stop', run 'chkrootkit' and the false warning will disappear.
To restart exim, 'service exim start'.
Checking `bindshell'... INFECTED (PORTS: 465)
That would be SMTPs, with Exim binding to this.
To check, do a 'service exim stop', run 'chkrootkit' and the false warning will disappear.
To restart exim, 'service exim start'.