Executables and md5 checksum.
Piotr Goczal mazurek
bilbo at mazurek.man.lodz.pl
Wed Jan 14 14:02:09 UTC 2004
On Wed, 2004-01-14 at 14:03, Alexandre Strube wrote:
> Prelink can do this, but it wouldn't hurt if you scan your machine for
> viruses ;-)
All 7 machines? At the same time? Rather imposible. I've just scaned one
of the machines with updated AVP and the newest chkrootkit. Nothing
found.
I've just done the test:
extract md5sum from fresh downloaded coreutils-5.0-24.i386.rpm
[root at pc-bilbo tym2]# md5sum ./md5sum
4d41d3ab42c0756c1b194583e11c7d87 ./md5sum
[root at pc-bilbo tym2]# md5sum /usr/bin/md5sum
1d0d6179faeda790c5305712d63f4fbf /usr/bin/md5sum
[root at pc-bilbo tym2]# cp ./md5sum /usr/bin/md5sum
cp: overwrite `/usr/bin/md5sum'? y
[root at pc-bilbo tym2]# md5sum /usr/bin/md5sum
4d41d3ab42c0756c1b194583e11c7d87 /usr/bin/md5sum
[root at pc-bilbo tym2]# /etc/cron.daily/prelink
INIT: version 2.85 reloading
[root at pc-bilbo tym2]# md5sum /usr/bin/md5sum
1d0d6179faeda790c5305712d63f4fbf /usr/bin/md5sum
and YES I've found the virus :-). It's called prelink.
Could anyone tell me what EXACTLY prelink does?
Best regards
Piotr
More information about the fedora-list
mailing list