On Thu, 2014-04-10 at 09:53 +0100, Frank Murphy wrote:
/usr/bin/rkhunter: Osx.Worm.Inqtana-3 FOUND
/usr/bin/rkhunter: moved to '/var/cache/clam/rkhunter.001'
The ClamAV Inqtana-3 check looks for a couple of phrases (actually parts
of filenames) which also occur in rkhunter as part of its Inqtana
checks. I would say the ClamAV check is too simple, whereas rkhunter
actually tests that the filenames exist.
Example:
echo w0rms.l0ve.apples w0rm-support | clamdscan -
stream: Osx.Worm.Inqtana-3 FOUND
(I actually changed the above slightly - it should be 'love' - otherwise
this mail message may well be rejected by ClamAV running on mail
servers!)
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001