Running this, nothing comes up infected except this

Checking `bindshell'... INFECTED (PORTS: 465)

Anyone can shed some light on this? Unfamilar territory for me

fuser -v 465/tcp

If someone is running "bindshell" on port 465, it's very likely you've been rooted.

Have fun!

heres what comes up

root@ [~]# fuser -v 465/tcp

USER PID ACCESS COMMAND
465/tcp root 1283 f.... stunnel-4.02loc
root 6243 f.... stunnel-4.02loc

Ah... cpanel box?

That's normal then.

[ssmtp]
accept = 465
connect = 25

(From stunnel config on a CPanel box)

I thought you actually had a process called "bindshell" running on there, which, generally, is a default-name for a backdoor.

Have fun! ;)

hah, WHM thinks everything is infected :laugh:

Yeah, did the Chkrootkit test too and got the same error and did that trojan check on WHM and true quite a number of files were suspected. hmm. Sure was scary until I did a search here before scaring myself.

So if it is normal, I can start cooling down.

I did a search awhile back, if you have a cpanel box
you're fine but people that run Plesk as well.

This is an old post but it's helpful when doing a 'search'

It is smtps for secure smtp...