[arch-general] rkhunter found possible rootkit

Ralf Mardorf silver.bullet at zoho.com
Tue Aug 20 08:28:36 UTC 2019

On Tue, 20 Aug 2019 10:15:58 +0200, ProgAndy wrote:
>Am 20.08.19 um 10:00 schrieb Filipe Laíns via arch-general:
>> On Tue, 2019-08-20 at 08:33 +0200, Oliver Jaksch wrote:  
>> No, those libraries are used for key manipulation, that's why
>> rkhunter thinks that they might be sniffer.
>In this particular case the filename was apparently used by a rootkit
>in 2013

If a file name should be a pointer to a {false,} positive, it still not
necessarily is a {false,} positive. rkhunter probably not only checks
file names, if at all.


More information about the arch-general mailing list