[Bug 454566] Re: False positive for SucKit

[Matt Eskes]

I've got a reproduction here on a Lucid install.

Linux Neptune 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 06:07:29 UTC
2010 i686 GNU/Linux

meskes at Neptune:/sbin$ sudo chkrootkit -V
chkrootkit version 0.49

Searching for Suckit rootkit...                             Warning:
/sbin/init INFECTED

meskes at Neptune:/sbin$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 10.04.1 LTS
Release:	10.04
Codename:	lucid
meskes at Neptune:/sbin$ 

------
Tried to include as much info about base software as possible. Tried the verification methods mentioned in the Gentoo doc and this system failed both, which is good since that means I have no infections. It also casts a false positive on Sun's Java as well as a few others which I will list here:
-------
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:  
/usr/lib/pymodules/python2.6/.path /usr/lib/firefox-3.6.8/.autoreg /usr/lib/jvm/.java-6-sun.jinfo /usr/lib/jvm/java-6-sun-1.6.0.20/.systemPrefs /usr/lib/xulrunner-1.9.2.8/.autoreg
-------

I know it doesn't matter all that much but I'm submitting since I can
reproduce the event on Lucid and because Chuck asked for it so.. here
is. If you guys would like any more info feel free to hit me up.


Matt

-- 
False positive for SucKit
https://bugs.launchpad.net/bugs/454566
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in ubuntu.