Trend Micro Questions
Gerry Doris
gerry at DORFAM.CA
Wed Aug 20 15:40:19 IST 2003
On Wed, 20 Aug 2003, Spicer, Kevin wrote:
> Gerry Doris wrote:
> > I'e been messing around with Trend's virus scanner. It seems to be
> > very fast. However, since I installed it I've got a couple of
> > questions...
> >
> > 1. chkrootkit now warns me that I may have a possible slapper
> > infection. I've checked the entire box with F-Prot and Trend's
> > scanner and nothing is reported except for MailScanner's quarantine
> > directory...but this still has me nervous. Has anyone else seen this?
> >
> > 2. Before I try out my very meager programming skills has anyone
> > written an autoupdate script for Trend?
>
> chkrootkit checks for the following files...
> /tmp/.bugtraq
> /tmp/.bugtraq.c
> /tmp/.unlock
> /tmp/httpd
> /tmp/update
> /tmp/.cinik
> /tmp/.b
>
> And the following open ports
> 2002
> 4156
> 1978
> 1812
> 2015
>
> If any of those are found it reports a possible infection
No, nothing like those files or ports are open. This just started after I
installed the Trend software. I'm hoping that it's not just a coincident
and that there really is a tie in with Trend and chkrootkit! In any case,
chkrootkit is just reporting a warning.
I'm going to follow up with the chkrootkit folks.
--
Gerry
"The lyfe so short, the craft so long to learne" Chaucer
More information about the MailScanner
mailing list