has my system been infected, or is prelink modifying my antivirus executable?
Gordon Messmer
yinyang at eburg.com
Sat Dec 13 23:09:19 UTC 2003
Elton Woo wrote:
> ]$ antivir -s -z /home
> AntiVir / Linux Version 2.0.8-18
> Copyright (c) 1994-2003 by H+BEDV Datentechnik GmbH.
> All rights reserved.
>
> error (211): program file of AntiVir has been modified"
>
> NOTE: I usually run antivir manually as user (not root).
>
> I wonder if prelink has modified the executable?
> ... if not, this is VERY disquieting!
It was probably modified by prelink. Check /etc/prelink.conf for a list
of directories that prelink will examine.
You can either disable prelink to fix the problem, or make sure
"antivir" is in a directly not listed. /usr/local, for instance, should
be good.
More information about the fedora-list
mailing list