Discussion in 'Server Operation' started by erosbk, Nov 17, 2011.

  1. erosbk

    erosbk New Member

    Today I found this email. Mail quantity sent is ok (normal as usual), lsof and netstat doesn't show anythin using port 47018, rkhunter is ok, chkrootkit is ok, timestamp of this dir has not been modified... is this a false alarm? could some one guide me if I have to check something else?

    Warning: Network TCP port 47018 is being used by /usr/lib/postfix/smtpd. Possible rootkit: Possible Universal Rootkit (URK) component
             Use the 'lsof -i' or 'netstat -an' command to check this.
    One or more warnings have been found while checking the system.
    Please check the log file (/var/log/rkhunter.log)
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you tried a:

    rkhunter --update

    and then run

    rkhunter -c

    to check if it still reports that port?
  3. erosbk

    erosbk New Member

    No port reported, rkhunter updated and run.

