Thanks from: Test with Chkrootkit

Norman Nunn npnunn at swbell.net
Mon Jul 26 03:21:44 UTC 2004 

Scot, thanks to you and others on this.  

I now think my system is actually clean.  The activity on this mail list
on security issues in general has been a good learning experience and,
as a result, I have added logsentry and portsentry to my system for
protection and notifications.  I took the suggestion and setup the
aliases to send root's messages to me.  

I have also setup chkrootkit to run nightly and mail me the output.  My
system has a Linksys router as a firewall, and the mail list traffic on
that subject prompts me to reconsider implementing iptable.  The router
"incoming log" shows allot of attempts, and I "assume" from Portsentry
input to the logs, that nothing unwanted gets through the router.  There
is that word again.    

I also, used the mail list input on ClamAV, and gave it a try.  I am
very careful about what I down load but it identifed a few potential
viruses on unimportant files, not word or mail files.  I have removed
them without any consequences, and plan to setup clamd as a protection
notification from future viruses.  Freshclam is setup to refresh
nightly, and I will consider running "clamscan -r -i" nightly and mail
the output for root to me.

I may be going overboard.

Thanks again
Norm  



On Sun, 2004-07-25 at 19:37, Scot L. Harris wrote:
> On Sun, 2004-07-25 at 22:09, Norman Nunn wrote:
> > In one of my post, I indicated with the upgrade to 0.43, that all the
> > original indicators (infections, hidden files and potential Trojan) were
> > eliminated from the output.  
> > 
> > However, /chkrootkit-0.43/chkproc -v specifically list the hidden files
> > anyway, and the number of hidden files varies during the run without
> > restarting the PC.  The PID numbers used seem to repeat but do not stick
> > with the links in the /proc/<PID> directories which are hidden from my
> > file manager.  Something causes them to pop up from time to time; I
> > would like to know if there is anything wrong with that.
> > 
> > Norm
> 
> Depending on the programs you have running there will be various
> processes starting and stopping all the time.  I think what you are
> seeing is normal.  Not sure this is something that can be fixed.
> -- 
> Scot L. Harris
> webid at cfl.rr.com
> 
> The speed of anything depends on the flow of everything. 
>

More information about the users mailing list