[plug] Finding a possible trojan/exploit?

Steve Baker steve at iinet.net.au
Sat Jan 20 11:35:29 WST 2007


Craig Foster wrote:

>>Chkrootkit and rkhunter say everything is clean.  I'm planning on
>>attaching a sniffer with nessus and wireshark (aka ethereal) next week
>>to hopefully give some more clues but I need to find/build a box to do
>>that first.
>>    
>>
>What does clamdscan say?
>
>Clam finds quite a few linux Trojans and exploits, and a weekly scan of
>servers is always recommended...
>
>Craig F.
>  
>
Clam didn't find anything, however I'm running Ubuntu which only has 
clamav 0.88.4 instead of the latest 0.88.7 - I don't know how big a 
difference this would make.  It does have the latest pattern database.

I'll try to build the latest ClamAV from source and see if that helps 
find anything.

Regards,
Steve



More information about the plug mailing list