ethtool trojan detected by NAI
David S. Johnson
dsjohnson at adelphia.net
Thu Jan 15 16:55:19 UTC 2004
Jason Montleon wrote:
>I caught output of my virusscan stating that /sbin/ethtool was a trojan or
>variant Linux/Exploit last night after updating to the new DAT files. By
>default the virus scan moves the files to a folder I've specified, so I
>double checked that /sbin/ethtool did in fact no longer exist, downloaded
>the (presumably clean RPM from
>http://download.fedora.us/fedora/fedora/1/i386/RPMS.os/, (couldn't find and
>md5sum for the rpm to compare against; perhaps just didnt try hard enough)
>rpm --force -ivh ethtool* and this is what I got:
>
>[root at xxx sbin]# /opt/mcafee/uvscan /sbin/ethtool
>/sbin/ethtool
> Found trojan or variant Linux/Exploit !!!
> Please send a copy of the file to Network Associates
>
>
I have ethtool-1.6-2 from RedHat's Fedora repository, and it scans clean
with f-prot. Without going to fedora.us repository to compare, I would
say it must be different, as this rpm goes into /usr/sbin/ethtool, not
/sbin/ethtool.
--
--------------------------------------------------------
"Oh scholar, if your scholarship benefits not Mankind,
you deserve not admiration but contempt." -- Kahlil Gibran
More information about the fedora-list
mailing list