Are these actual Trojans or legitimate files?

Discussion in 'Linux VPS/Dedicated - cPanel' started by Xtreme2damax, Apr 15, 2010.

  1. Xtreme2damax

    Xtreme2damax New Member

    I just ran the trojan horse scanner and it is claiming the following files are infected:

    Possible Trojan - /usr/bin/xmlcatalog
    Possible Trojan - /usr/bin/xmllint
    Possible Trojan - /etc/cron.daily/logrotate
    Possible Trojan - /usr/bin/xml2-config
    Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.la
    Possible Trojan - /usr/lib/python2.4/site-packages/libxml2mod.so
    Possible Trojan - /usr/bin/cpan
    Possible Trojan - /usr/bin/instmodsh
    Possible Trojan - /usr/bin/prove
    Possible Trojan - /usr/sbin/pureauth

    Are any/all of these legitimate files, what should I leave and remove?
     
  2. Dan

    Dan Moderator

    Hello Xtreme2amax,

    This is a brand new server isn't it? I would say that all are false positives. Many people will tell you not to even bother using the cPanel trojan scanner because of so many false positives.

    What you can do is record the false positives that it finds now and then compare it to the list when you run it in the future, that might be useful.

    I have Rkhunter run on a daily basis but it finds 7 false positives as well.
     

Share This Page