rkhunter says __stack_chk_fail

[audrey]

Hi

Just downloaded rkhunter on all of my servers

rkhunter results say

Checking `passwd'... INFECTED

I am assuming that it is a false positive based on the results from the following commands

# md5sum /usr/local/cpanel/bin/jail_safe_passwd
57f916dd384d2e5bd502c55881bd2711 /usr/local/cpanel/bin/jail_safe_passwd

# md5sum /bin/passwd
792964343f6f916d8025bf9b1eb1e839 /bin/passwd
>>>>>>>>>>>>>>>>>>>

rkhunter results also say

Checking `bindshell'... INFECTED PORTS: ( 465)

I am thinking this is a false positive.
Is there a command to check if this is a false positive?

>>>>>>>>>>>>>>>>>>>>>

when I run this command
/root/chkrootkit-0.52/chkrootkit -x | more
rkhunter results say

__stack_chk_fail

any thoughts on what this means?

>>>>>>>>>>>>>>>>>>>>>>>>>

Is there another root kit script that can detect other/newer viruses and root kits?

Is there another anti virus software other than maldet?

Thanks for your help!

Take Care
Audrey

 

[cPanelLauren]

Hi @audrey

I'm not sure what happened here but I will say that it may be best to err on the side of caution in this respect. There are other antimalware softwares like ClamAV and I believe Sucuri has something. Either way, can you please open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[audrey]

Hi Lauren

Thanks for your help.

I just submit a ticket
Your Support Request ID is: 10561521

Take Care
Audrey

 

[cPanelLauren]

Thanks Audrey,

I'm following that ticket and I'll update here when more information is available.

Thanks!

 

[cPanelLauren]

Hi @audrey

I checked in on the ticket and it was confirmed that the output is not something you need to be alarmed over the warnings you did get are known false positives.


Thanks!