[Preston] Linux anti virus
Wayne Ward
preston at mailman.lug.org.uk
Thu Oct 3 09:43:01 2002
Download the rpm and type rpm -i chkrooXXXXwhateverfileiscalled.rpm at a
prompt as root, Then type chkrootkit at the prompt and enter....
Wayne
On Wed, 2002-09-25 at 16:07, Wayne Ward wrote:
> What did you download the RPM or the tar file??
>
> If you got the rpm from rpmfind.net you just click on the rpm file it
> installs the package and you just type chkrootkit at the prompt as
> root.
> Or if you got the tar version at prompt type: tar -xvzf filename then
> change into that directory and type ./configure - then make then make
> install - then type chkrootkit
> I use the rpm files because im lazy!
>
> Wayne
>
>
> On Wed, 2002-09-25 at 15:40, John C wrote:
>
> Hi Wayne...
> I've put chkrootkit on the server. I believe that I need to 'make' it. Do you know how to do this ???
>
> John C
>
>
> At 17:19 24/09/2002 +0100, you wrote:
> >I noticed that there was a vunerabilty the other week with apache so i
> >patched mine - Have you ran the chkrootkit to see if they have hacked
> >the server? I'll have kapersky rpm on one of my disks if you want me to
> >bring it to the meeting?? Ill be there for 8.30 - Im just downloading
> >unreal 2003 demo for nix - 100 meg!
> >
> >Wayne
> >On Tue, 2002-09-24 at 17:14, John C wrote:
> >> Unfortunately they cannot tell me anything except that there is an apache virus coming out of my server. I cannot think of any other way it can propagate except via email.
> >> The server does not allow relaying.
> >> It is merely the fact that I was told that it is 'an apache virus' that is giving me cause for concern. Being a reponsible person I am reluctant to re-connect the server to see if it is still sending out a virus.
> >> I do know that the server has been hacked by looking at my httpd.conf file. It has been changed.
> >>
> >> John C
> >>
> >>
> >> At 16:55 24/09/2002 +0100, you wrote:
> >> >Have they told you if you are sending them through emails??
> >> >If so how are you sending mails from a client workstation to this server
> >> >- or you sending mails straight from the server??/
> >> >
> >> >Wayne
> >> > On Tue, 2002-09-24 at 16:43, John C wrote:
> >> >> Hi Wayne...
> >> >>
> >> >> I have been told by my isp, who has been told by his isp, that my server is sending out a virus.
> >> >> He has disconnected the server to avoid further problems.
> >> >> The reason that I am seeking anti virus software is to check it out and make sure.
> >> >> I don't want to connect it up again and then be caught out.
> >> >>
> >> >> John C
> >> >>
> >> >> At 15:37 24/09/2002 +0100, you wrote:
> >> >> >How do you know you have a virus?? Kapersky has been pretty good for me
> >> >> >you can download free version.
> >> >> >
> >> >> >Wayne
> >> >> >
> >> >> >On Tue, 2002-09-24 at 15:24, John C wrote:
> >> >> >> Seems that I have a virus on my Internet server. Does anybody know of any anti virus software that can detect and remove viruses from linux.
> >> >> >> I am running RedHat 7.3
> >> >> >>
> >> >> >> John C
> >> >> >>
> >> >> >> =================================================
> >> >> >>
> >> >> >> Check out our British Country Music Web Sites
> >> >> >>
> >> >> >> http://www.countrymusic.org.uk
> >> >> >> http://www.bcmi-radio.co.uk
> >> >> >>
> >> >> >> Over 70,000 visitors a week
> >> >> >>
> >> >> >> =================================================
> >> >> >>
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Preston mailing list
> >> >> >> Preston@mailman.lug.org.uk
> >> >> >> http://mailman.lug.org.uk/mailman/listinfo/preston
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >> >_______________________________________________
> >> >> >Preston mailing list
> >> >> >Preston@mailman.lug.org.uk
> >> >> >http://mailman.lug.org.uk/mailman/listinfo/preston
> >> >>
> >> >> =================================================
> >> >>
> >> >> Check out our British Country Music Web Sites
> >> >>
> >> >> http://www.countrymusic.org.uk
> >> >> http://www.bcmi-radio.co.uk
> >> >>
> >> >> Over 70,000 visitors a week
> >> >>
> >> >> =================================================
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> Preston mailing list
> >> >> Preston@mailman.lug.org.uk
> >> >> http://mailman.lug.org.uk/mailman/listinfo/preston
> >> >>
> >> >
> >> >
> >> >
> >> >_______________________________________________
> >> >Preston mailing list
> >> >Preston@mailman.lug.org.uk
> >> >http://mailman.lug.org.uk/mailman/listinfo/preston
> >>
> >> =================================================
> >>
> >> Check out our British Country Music Web Sites
> >>
> >> http://www.countrymusic.org.uk
> >> http://www.bcmi-radio.co.uk
> >>
> >> Over 70,000 visitors a week
> >>
> >> =================================================
> >>
> >>
> >> _______________________________________________
> >> Preston mailing list
> >> Preston@mailman.lug.org.uk
> >> http://mailman.lug.org.uk/mailman/listinfo/preston
> >>
> >
> >
> >
> >_______________________________________________
> >Preston mailing list
> >Preston@mailman.lug.org.uk
> >http://mailman.lug.org.uk/mailman/listinfo/preston
>
> =================================================
>
> Check out our British Country Music Web Sites
>
> http://www.countrymusic.org.uk
> http://www.bcmi-radio.co.uk
>
> Over 70,000 visitors a week
>
> =================================================
>
>
> _______________________________________________
> Preston mailing list
> Preston@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/preston
>
>
>
> Best Regards
>
>
> Wayne Ward
> IT Manager
>
> INTEC (UK) LTD
>
> DD: +44 (0) 1524 428222
> Tel: +44 (0) 1524 426777
> Fax: +44 (0) 1524 426888
>
> E-Mail: wayne.ward@intec-ltd.co.uk
> Website: www.intec-ltd.co.uk
>
>
> This e-mail has been scanned for viruses prior to transmission
>
> Consultancy, Training & Manpower Services
> Company Registered No. 1715034
> REGISTERED OFFICE:
> Intec (UK) Ltd, York House, 76-78 Lancaster Road, Morecambe, Lancashire,
> LA4 5QN
>
>
>
>
>
>