On 01/03/2013 05:37 PM, Greg Freemyer wrote:
In general: - Manually inspect the file, is it clearly innocuous? - look at its permissions, does it have the substitute user or group bits set - Get it's MD5, SHA1 and SHA-256 hash. (use md5sum, sha1sum, and sha256sum respectively) - Google search for the error messages and the hash values. - if the suspicious file has contents, submit it to www.virustotal.com for analysis (free). - run strings against the file, do you see strange strings in there - Greg
- excuse my lack of knowledge . . . can you please give an example of how to use and compare MD5 sums for the purpose of rootkit forensics ?? thanks best regards Ellan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org