1 |
On Wed, 2009-12-16 at 21:06 -0500, |
2 |
whereislibertyandjustice@×××××××××.net wrote: |
3 |
> In linux binaries, in any linux distro, I've discovered the same strings |
4 |
> which I believe may be due to a virus or trojan. |
5 |
> |
6 |
> Yet, clamav, rkhunter, chkrootkit do not detect abnormalities. |
7 |
there is none. And I don't think any of the above mention tools actually |
8 |
will dig as deep as symbols of an ELF. |
9 |
|
10 |
> Whether I run 'strings' on the binary files or view with vim or gedit, here |
11 |
> is what is always seen inside the binaries: |
12 |
> |
13 |
> |
14 |
> __gmon_start__ |
15 |
> _Jv_RegisterClasses |
16 |
|
17 |
These symbols are normal and nothing to really get over paranoid about. |
18 |
Some years ago I had a patch for uClibc/gcc where I removed the _Jv_R.. |
19 |
weak symbol, but in the end it was not worth it. |
20 |
There is no attack vector there. |