This morning I discovered this in my clamav report from one of our
imap servers:
/usr/share/nmap/scripts/irc-unrealircd-backdoor.nse:
Unix.Trojan.MSShellcode-21 FOUND
I have looked at this script and it appears to be part of the nmap
distribution. It actually tests for irc backdoors. IRC is not used
here and its ports are blocked by default both at the gateway and on
all internal hosts.
However, I none-the-less copied that file, removed namp, re-installed
nmap from base, and diffed the file of the same name installed with
nmap against the copy. They are identical.
The question is: Do I have a problem here or a false positive?
I am not sure why nmap is on that host but evidently I had some reason
last October to use it from that server. In any case I am going to
remove it for good, or at least until the reason I had it there
reoccurs or is recalled to mind.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
