chkrootkit: false positive on port 465

On my Debian Etch server I’ve got Zimbra Open Source Edition mail solution installed and when I use chkrootkit to scan for rootkits it reports the following Checking `bindshell’… INFECTED (PORTS: 465) After a quick research I realized that this port 465 is SMTP over SSL on a Zimbra installation. Further investigation reveals that port […]

Read More


chkrootkit -x lkm gives more info about the rootkit lmk chkrootkit creates a separate binary called chkproc that allows you to search for hidden processes.

Read More