David S. Johnson wrote:
Jason Montleon wrote:
I caught output of my virusscan stating that /sbin/ethtool was a
trojan or
variant Linux/Exploit last night after updating to the new DAT
files. By
default the virus scan moves the files to a folder I've specified, so I
double checked that /sbin/ethtool did in fact no longer exist,
downloaded
the (presumably clean RPM from
http://download.fedora.us/fedora/fedora/1/i386/RPMS.os/, (couldn't
find and
md5sum for the rpm to compare against; perhaps just didnt try hard
enough)
rpm --force -ivh ethtool* and this is what I got:
[root@xxx sbin]# /opt/mcafee/uvscan /sbin/ethtool
/sbin/ethtool
Found trojan or variant Linux/Exploit !!!
Please send a copy of the file to Network Associates
I have ethtool-1.6-2 from RedHat's Fedora repository, and it scans
clean with f-prot. Without going to fedora.us repository to compare,
I would say it must be different, as this rpm goes into
/usr/sbin/ethtool, not /sbin/ethtool.
Oops! I looked at the wrong system at home via ssh. That was a RHL 8.0
system. My FC1 system has ethtool-1.8-2.1, which *does* install into
/sbin/ethtool. However, it also scans clean with f-prot.
--
--------------------------------------------------------
"Oh scholar, if your scholarship benefits not Mankind,
you deserve not admiration but contempt." -- Kahlil Gibran
