has my system been infected, or is prelink modifying my antivirus executable?

Gordon Messmer yinyang at eburg.com
Sat Dec 13 23:09:19 UTC 2003


Elton Woo wrote:
> ]$ antivir -s -z /home
> AntiVir / Linux Version 2.0.8-18
> Copyright (c) 1994-2003 by H+BEDV Datentechnik GmbH.
> All rights reserved.
>  
> error (211): program file of AntiVir has been modified"
> 
> NOTE: I usually run antivir manually as user (not root).
> 
> I wonder if prelink has modified the executable?
> ... if not, this is VERY disquieting!

It was probably modified by prelink.  Check /etc/prelink.conf for a list 
of directories that prelink will examine.

You can either disable prelink to fix the problem, or make sure 
"antivir" is in a directly not listed.  /usr/local, for instance, should 
be good.






More information about the fedora-list mailing list