Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Warning: Suspicious file types found
« previous next »
Pages: [1]   Go Down

Warning: Suspicious file types found

  • 5 Replies
  • 1820 Views

Offline DocRob

  • *
  • 32
  • +0/-0
Warning: Suspicious file types found
« on: January 04, 2008, 09:43:39 AM »
Hi,

Since the last update, both the SME servers I have under test have been giving the same rootkit warnings. They both complain about:

Code: [Select]
04:03:56] Warning: Suspicious file types found in /dev:
[04:03:56]          /dev/shm/suspscan.14067.strings: ASCII text, with very long lines

and some files:

Code: [Select]
[04:03:28] Warning: File '/tmp/sa-update.log' (score: 253) contains some suspicious content and should be checked.
[04:03:31]       File checked: Name: '/tmp/sess_28a16ea58154fec612c7aa9e389cfb71' Score: 221
[04:03:31] Warning: File '/tmp/sess_28a16ea58154fec612c7aa9e389cfb71' (score: 221) contains some suspicious content and should be checked.
[04:03:33]       File checked: Name: '/tmp/sess_2c4af0ab7b253f31a63d18568d823846' Score: 221
[04:03:33] Warning: File '/tmp/sess_2c4af0ab7b253f31a63d18568d823846' (score: 221) contains some suspicious content and should be checked.

Doing a cat shows that the file in /dev/ appears to be related to Hord and the others are not clear. I think that this is OK but I thought I had better ask - it is OK - what should I do to stop the warnings?

Regards

Rob
Logged

Offline progitto

  • ****
  • 217
  • +0/-0
    • http://umbertomassari.dyndns.org
Re: Warning: Suspicious file types found
« Reply #1 on: January 04, 2008, 10:33:03 AM »
From http://forums.contribs.org/index.php?topic=39542.0

Quote
Taking the upgrade path from a 7.x to 7.3
-----------------------------------------
- First night you may receive an email from cron about sa_updates
- First night you may receive a email saying missing passwd/group files
  (rkhunter email notification).

Ciao

Umberto
Logged

Offline DocRob

  • *
  • 32
  • +0/-0
Re: Warning: Suspicious file types found
« Reply #2 on: January 04, 2008, 10:42:16 AM »
Thanks Umberto,

I hadn't seen that but that does explain things in part. I am still getting the message after 2 nights though.

Regards
Logged

Offline progitto

  • ****
  • 217
  • +0/-0
    • http://umbertomassari.dyndns.org
Re: Warning: Suspicious file types found
« Reply #3 on: January 04, 2008, 10:48:08 AM »
You can open a bug entry in bugzilla, it't the right place to do this.
http://bugs.contribs.org/

Ciao and happy new year

Umberto
Logged

Offline DocRob

  • *
  • 32
  • +0/-0
Re: Warning: Suspicious file types found
« Reply #4 on: January 05, 2008, 09:39:35 AM »
Hiya,

Both machines are still reporting the problem. I will raise a report.

Happy New Year

Rob
Logged

Offline idp_qbn

  • ****
  • 346
  • +0/-0
Re: Warning: Suspicious file types found
« Reply #5 on: January 05, 2008, 08:11:13 PM »
After upgrading 7.2 ==> 7.3, I am getting the same "Suspicious files" messages on two SME boxes I have.
I have added my comments to http://bugs.contribs.org/show_bug.cgi?id=3713

Cheers
Ian
« Last Edit: January 05, 2008, 08:19:31 PM by idp_qbn »
Logged
___________________
Sydney, NSW, Australia
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Warning: Suspicious file types found