I caught output of my virusscan stating that /sbin/ethtool was a trojan or variant Linux/Exploit last night after updating to the new DAT files. By default the virus scan moves the files to a folder I've specified, so I double checked that /sbin/ethtool did in fact no longer exist, downloaded the (presumably clean RPM from http://download.fedora.us/fedora/fedora/1/i386/RPMS.os/, (couldn't find and md5sum for the rpm to compare against; perhaps just didnt try hard enough) rpm --force -ivh ethtool* and this is what I got: [root@xxx sbin]# /opt/mcafee/uvscan /sbin/ethtool /sbin/ethtool Found trojan or variant Linux/Exploit !!! Please send a copy of the file to Network Associates Anyone at RedHat/Fedora have insight. I'm guessing a false positive at this point, but of course would prefer to be certain. A full system scan with Mcafee (uvscan --allole --ignore-links --move /opt/mcafee/infected --mime --recursive --program --secure --summary --afc 192 /) and ChkRootKit finds nothing else out the ordinary.besides this, and has never before the 4314 DAT's. I'm also sending the file to NAI so they can analyze it as well, but thought someone here might have already noticed and heard back. Jason
