|| at Jan 11, 2005 at 10:58 am
I have just run chkrootkit on my server and have the following two
Searching for suspicious files and dirs, it may take a while...
There should be only a list of perl packages in that file. You can check
it very easily.
and further down..
Checking `bindshell'... INFECTED (PORTS: 465)
Anyone have any advice for getting rid of it??
Find out which program listens on that port - and if you need it. 465
is smtps (SMTP over SSL).
You can do so with netstat, lsof or fuser.
chkrootkit can only give you hints - you have to look for yourself, if
it is assuming correctly or fooling you.