ClamAV reports a trojan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



This morning I discovered this in my clamav report from one of our
imap servers:

/usr/share/nmap/scripts/irc-unrealircd-backdoor.nse:
Unix.Trojan.MSShellcode-21 FOUND


I have looked at this script and it appears to be part of the nmap
distribution.  It actually tests for irc backdoors.  IRC is not used
here and its ports are blocked by default both at the gateway and on
all internal hosts.

However, I none-the-less copied that file, removed namp, re-installed
nmap from base, and diffed the file of the same name installed with
nmap against the copy.  They are identical.

The question is: Do I have a problem here or a false positive?

I am not sure why nmap is on that host but evidently I had some reason
last October to use it from that server.  In any case I am going to
remove it for good, or at least until the reason I had it there
reoccurs or is recalled to mind.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux