Knowledgebase
Knowledgebase
LFD suspicious file alert
Posted by Will Kruss on 29 August 2024 09:22 AM

An update in August 2024 for cPanel caused LFD to produce hourly alerts with regards to spamassassin tmp files. The alerts look like this:

Time:   Thu Aug 29 08:54:52 2024 +1000

File:   /tmp/.spamassassin1718865sGWF5rtmp

Reason: Suspicious directory

Owner:  nobody:nobody (99:99)

Action: No action taken

The current solution is to whitelist any spamassassin tmp files in the /tmp folder from being checked by CSF/LFD.

To do this open WHM -> Terminal or login to SSH and type:

echo "/tmp\/.spamassassin*" >> /etc/csf/csf.fignore; csf -ra

This will whitelist /tmp/.spamassassin******* files and reload csf.

(9 vote(s))
Helpful
Not helpful