LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Blogs > unSpawn
User Name
Password

Notices



Old
Rating: 2 votes, 4.50 average.

Simple ClamAV sig for /lib64/libkeyutils.so.1.9 contents

Posted 02-16-2013 at 03:26 PM by unSpawn
Updated 02-17-2013 at 08:03 AM by unSpawn

Wrt SSHD Rootkit Rolling around.

*I updated RKH in CVS but detection wasn't added yet to ClamAV, Securiteinfo or R-fx MLD:
Code:
]$ clamscan --official-db-only=no -d ./securiteinfoelf.hdb -d ./securiteinfosh.hdb -d ./rfxn.hdb -d ./rfxn.ndb -d ./RKH_libkeyutils.ldb -r --infected -r $PWD
path01/libkeyutils.so.1.9: RKH_libkeyutils.so.1.9.UNOFFICIAL FOUND
path02/libkeyutils.so.1.9: RKH_libkeyutils.so.1.9.UNOFFICIAL FOUND
path03/innucuoustarball.tar.bz2: RKH_libkeyutils.so.1.9.UNOFFICIAL
...
Attached Files
File Type: txt RKH_libkeyutils.ldb.txt (195 Bytes, 14 views)
Moderator
Posted in Uncategorized
Views 1808 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 04:05 PM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration