As we're nearing Rootkit Hunter release 1.3.6 there are some details left to fix. Right now I'm missing details (like ksyms and such) for three OSX rootkits. Does anyone here posess or is able to secure legitimate access to a (preferably lab-based or otherwise confined or virtualized) OSX machine they can safely compile, install and run malicious software on? If you do and want to help the Rootkit Hunter project please let me know by sending me an email. Your help is appreciated.

Please note this thread is not for requesting help with running RKH: please see the rkhunter-users mailing list. Improvements and suggestions are welcome here though and sharing CVS test results is always welcome. Please either use the CVS tarball at http://rkhunter.sourceforge.net/rkhunter-CVS.tar.gz (slightly behind CVS) or anonymous CVS: 'cvs -Q -z3 -dserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter co -P rkhunter'.


TIA,
unSpawn
---

180+ views and no response at all.
Thanks for your unfaltering support.
Really.

A couple possibilities come to mind: 1) the OSX user rate here (on LQ) is too low; 2) OSX users aren't familiar enough with / aren't using rkhunter in that environment.

I think both of those possibilities could be tested by posting this on a real Mac OSX forum, with Mac geeks galore mulling about.

As for me, I just recently received a Macbook 1,1 from my wife. As a rkhunter user (on Linux only) I'd be happy to help, but I legitimately need the Macbook for work. Installing malware on it is not an option. I'd think a real Mac geek would have a test system or two lying around.

Thanks. And yes, you're probably right.