Re: ethtool trojan detected by NAI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jason Montleon wrote:

I caught output of my virusscan stating that /sbin/ethtool was a trojan or
variant Linux/Exploit last night after updating to the new DAT files.  By
default the virus scan moves the files to a folder I've specified, so I
double checked that /sbin/ethtool did in fact no longer exist, downloaded
the (presumably clean RPM from
http://download.fedora.us/fedora/fedora/1/i386/RPMS.os/, (couldn't find and
md5sum for the rpm to compare against; perhaps just didnt try hard enough)
rpm --force -ivh ethtool* and this is what I got:

[root@xxx sbin]# /opt/mcafee/uvscan /sbin/ethtool
/sbin/ethtool
Found trojan or variant Linux/Exploit !!!
Please send a copy of the file to Network Associates


I have ethtool-1.6-2 from RedHat's Fedora repository, and it scans clean with f-prot. Without going to fedora.us repository to compare, I would say it must be different, as this rpm goes into /usr/sbin/ethtool, not /sbin/ethtool.

--
--------------------------------------------------------
  "Oh scholar, if your scholarship benefits not Mankind,
   you deserve not admiration but contempt." -- Kahlil Gibran





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux