The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Trojan Horses Detected" but only rsyslogd and mysqld. New server, scans shows clean

Discussion in 'General Discussion' started by BasicLink SA, Aug 30, 2011.

  1. BasicLink SA

    BasicLink SA Member

    Joined:
    Aug 30, 2011
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    DataCenter Provider
    We have been getting the dreaded "Trojan Horses Detected by (WHM)" emails on our server, except in our case this is a brand new install of the OS and cPanel.

    The only thing it finds are "Hidden Pid detected!" for /sbin/rsyslogd and /usr/sbin/mysqld.

    I did a "Scan for Trojan Horses" from WHM and this is the results:

    Possible Trojan - /etc/cron.daily/logrotate
    Possible Trojan - /usr/sbin/pureauth
    Possible Trojan - /etc/rc.d/init.d/named
    Possible Trojan - /etc/rc.d/init.d/httpd

    Only one of these files is an actual binary executable, the others are simple scripts and look clean.

    I ran chkrootkit and rkhunter and they didn't really detect anything that shows a rootkit. I also ran the latest version of clamav that I installed from RPMs and it also showed the server clean.

    I did the full provision VPS and cPanel install twice and both times this happens.

    These all look like false positives.

    Our server is WHM 11.30.2 (build 1) on CENTOS 6.0 x86_64 on a Linode VPS


    Any ideas of what I can do to solve this will be appreciated.

    Stephane
     
    #1 BasicLink SA, Aug 30, 2011
  2. mtwhelan

    mtwhelan Registered

    Joined:
    Sep 27, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Re: "Trojan Horses Detected" but only rsyslogd and mysqld. New server, scan

    I am having the exact same issues with the same configuration.

    Have you been able to find a solution?

    Thanks,

    Matt
     
    #2 mtwhelan, Sep 27, 2011
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,657
    Likes Received:
    1,138
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Re: "Trojan Horses Detected" but only rsyslogd and mysqld. New server, scan

    Hello :)

    If you have determined those are false positives on a fresh installation, I suggest opening a bug report using the following URL:

    Submit a Bug Report

    It can be noted in the report that you feel the method of detection needs to be changed based on the false positives.

    Thank you.
     
    #3 cPanelMichael, Sep 28, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Trojan Horses Detected
  1. nightownl

    libkeyutils.so.1.3.1 trojan false positive?

    nightownl, Apr 9, 2017, in forum: Security
    Replies:
    2
    Views:
    94
    nightownl
    Apr 9, 2017

Share This Page