The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Scan

Discussion in 'General Discussion' started by mzb988, Jun 12, 2004.

  1. mzb988

    mzb988 Registered

    Joined:
    Mar 26, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    While doing a 'Scan for Trojan Horses' in WHM, I get the following results:

    Possible Trojan - /usr/bin/pl2pm
    .
    .
    .

    Possible Trojan - /usr/bin/pod2man
    .

    Possible Trojan - /usr/bin/pod2text
    .
    .

    Possible Trojan - /usr/bin/podchecker
    .
    .

    Possible Trojan - /usr/bin/pstruct
    .

    Possible Trojan - /usr/bin/s2p
    .

    Possible Trojan - /usr/bin/splain

    The 'pod...' files I believe are EXIM but what are the others? Should the system not know it's own files from true Trojans?

    Thanks,
    Rob
     
  2. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    Please search before posting. There was another post with the same thing just yesterday.
     
  3. varg

    varg Member

    Joined:
    May 7, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    hello,

    I wouldn't trust whm's trojan scan 'feature'. Please look into using chkrootkit and rkhunter alongside each other as two good solutions. All too often the trojan scan 'feature' gives off false positives. Run each daily as well.

    Thank you.
     
    #3 varg, Jun 13, 2004
    Last edited: Jun 13, 2004
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, the trojan scan is pretty useless - don't bother with it as the reports it produces are meaningless due to the overabundance of false-positives from the use of the rpm -V option.

    Install and run the utilities that varg suggested.
     
  5. coastinc

    coastinc Well-Known Member

    Joined:
    Mar 13, 2002
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Almost all of these programs give false-positives, it's just the nature of the way they work.
     
  6. varg

    varg Member

    Joined:
    May 7, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    hello,

    you would think that cpanel would be able to neutralize the false-positives on their own scanner, wouldn't you?

    instead it creates a panic for a lot of users that are new to dedicated servers like this guy here.. chkrootkit and rootkit hunter give 1 or 2 whereas cpanel's 'trojan scanner' would make most people piss their pants if they didn't know about all the false positives it gives off.

    off topic here--i'm pretty sure i got spam from your company before and i don't really appreciate spam...
     
    #6 varg, Jun 22, 2004
    Last edited: Jun 22, 2004
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You would indeed. Using rpm -V is pretty lame, they'd be better off simply removing the option altogather.

    Apps like chkrootkit and rootkit hunter and invaluable and a must IMO.
     
  8. Etheral

    Etheral Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    i was wondering, i looked into getting rootkit and chkrootkit, on the rootkit website it says

    Supported operating systems

    Supported:
    - Most Linux distributions
    - Most *BSD distributions

    does it support fedora core 2?

    and i can install rootkit just by running the bin file correct? no need to do anything else?
     
  9. Etheral

    Etheral Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    heh nvm , i got RKhunter and CHKrootkit installed, mm i think i love it, but not shure cause hasnt find nothing wrong, but i guess thats good =)
     
Loading...

Share This Page