On Thu, 2005-10-20 at 09:21 -0700, M E Fieu wrote: > Hi.. We found that our Linux server was down last night and before that our Linux Anti-Virus > server (TrendMicro SPLX ServerProtect for Linux) was sending us the Virus found notification as > followiing > > Virus found! > Action: Clean failed, Quarantined. > ELF_ROOTKIT.A found in file: ptrace > A virus infection was detected > The more important issue is to figure out where this came from! IMO (and others may disagree) these are usually the product of vulnerable PHP scripts. I would strongly encourage you to do some forensics. It would help the community to know how your machine was infected. BTW, you might also want to run rkhunter daily. It's available in Fedora Extras. Another good place to discuss these issues is in the DShield.org list. -- Our DNSRBL - Eliminate Spam: http://www.TQMcube.com/spam_trap.htm RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm Tired of spam? Do YOUR part: http://www.BoulderPledge.org
