[{ALLOW view All}]
[{ALLOW edit Markus}]

! Rootkit Scanner

[Docu|http://uckanleitungen.de/rootkit-scanner-linux/] | [Ubuntu Security|http://wiki.ubuntuusers.de/Sicherheit]

Install and scan "rkhunter"
{{{
> apt-get install rkhunter
> rkhunter --update
> rkhunter --propupd --update

> rkhunter -c 
}}}

Install and scan chkrootkit
{{{
> apt-get install chkrootkit

> chkrootkit
}}}


! Virus Scanner
A list of Linux virus scanner is [here|http://wiki.ubuntuusers.de/Virenscanner].\\
You can use [ClamAV|http://wiki.ubuntuusers.de/ClamAV] most easily.

Install (see also [apt])
{{{
> apt-get install clamav clamav-freshclam
}}}

Refresh
{{{
> freshclam 
}}}

Search
{{{
> clamscan -r -i / > virusscan.txt &

ClamAV update process started at Sat Jan  4 13:59:40 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.8 Recommended version: 0.98
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd is up to date (version: 18317, sigs: 636260, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 235, sigs: 44, f-level: 63, builder: dgoddard)
}}}
This is on Ubuntu 10.04. Adding "backports" packages (see [apt]) 
and upgrading did not help (?)

Anyway, result was:
{{{
/markus/tomee/tomee_wp16/work/Catalina/localhost/EbelHome/org/apache/jsp/index_005fbak1_jsp.java: Win.Backdoor.ChopperJsp FOUND
/markus/tomee/tomee_wp16/webapps/Homepage/index_bak1.jsp: Win.Backdoor.ChopperJsp FOUND
/markus/tomee/tomee_wp16/webapps/EbelHome/index_bak1.jsp: Win.Backdoor.ChopperJsp FOUND
}}}
----
I noticed following process (ps -ef)
{{{
perl /usr/bin/bk lup.ox88.info 443
}}}
Bitkeeper?