false positives on MX Linux
Brought to you by:
dogsbody
Menu
▾
▴
#183 false positives on MX Linux
On MX Linux by default it is unnecessarily panicky. We have users in our community that are confused by the messages of possible infection https://forum.mxlinux.org/viewtopic.php?t=76622
Possible rootkits: 9
Rootkit names: xorddos component
People complained about it on Distrowatch too and it's marring the image of our small distro. It's enough to cause and spread FUD or at least causing uncomfortable questions about the claims of a program that is not under control.
Version: 1.4.6-11 from Debian Stable.
If you are providing rkhunter as a package for your distro, then modify the rkhunter config file you distribute to whitelist the relevant rootkit files.
If you are not providing it as a package, but users are complaining, then tell them to whitelist the files.
This make sense to some degree, of course you cannot test the tool on all the distros, but at the same time it might be better to either improve the detection so we don't see so many false positives (and forget our small distribution, even on straight Debian as long as I remember this tool always gave a lot of false positives), or provide a bit more detailed info about the warning: what it means, why it shows up and what to check.
Also, it's a bit weird if there's let's say a virus scanner that reports a nasty virus and the maker would say "yeah it gives a warning that you might have a nasty virus, just ask your users to add that to a config file to ignore it" at that point I would just recommend nobody uses that virus scanner.