LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Blogs > unSpawn
User Name
Password

Notices

Old
Rating: 2 votes, 4.50 average.

Simple ClamAV sig for /lib64/libkeyutils.so.1.9 contents

Posted 02-16-2013 at 02:26 PM by unSpawn
Updated 02-17-2013 at 07:03 AM by unSpawn

Wrt SSHD Rootkit Rolling around.

*I updated RKH in CVS but detection wasn't added yet to ClamAV, Securiteinfo or R-fx MLD:
Code:
]$ clamscan --official-db-only=no -d ./securiteinfoelf.hdb -d ./securiteinfosh.hdb -d ./rfxn.hdb -d ./rfxn.ndb -d ./RKH_libkeyutils.ldb -r --infected -r $PWD
path01/libkeyutils.so.1.9: RKH_libkeyutils.so.1.9.UNOFFICIAL FOUND
path02/libkeyutils.so.1.9: RKH_libkeyutils.so.1.9.UNOFFICIAL FOUND
path03/innucuoustarball.tar.bz2: RKH_libkeyutils.so.1.9.UNOFFICIAL
...
Attached Files
File Type: txt RKH_libkeyutils.ldb.txt (195 Bytes, 14 views)
Moderator
Posted in Uncategorized
Views 1701 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 06:17 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration