Symptoms
When performing a security scan of your server, some antivirus applications may determine that files provided by the cpanel-p0f, or the cpanel-p0f package overall, to be malicious. Specific files and their hashes are below.
AlmaLinux/CloudLinux 8:
d6c671c84a80b5e00dccd45de1edc5c94ea4424546c972dc57f635fd8533ddc4 /usr/local/cpanel/3rdparty/sbin/p0f
AlmaLinux/CloudLinux 9:
da53dc1cb4b97c0826ba4b017f063b5dcd3e2171d195e6d97adadbac97b11043 /usr/local/cpanel/3rdparty/sbin/p0f
Description
These are false-positives from these antivirus applications, and can be safely ignored. p0f is the "Passive OS (Operating System) Fingerprinting Daemon", and is used by various services to perform identification of visitors to services hosted on your server, such as cPHulk and the Contact Manager. cPanel provides a modified version of this with our own custom patches, which are causing false-positives by some antivirus providers.
We've opened an internal case for our development team to investigate this further. For reference, the case number is RE-1184. Follow this article to receive an email notification when a solution is published in the product.
Workaround
There is currently no workaround if these files are flagged by an antivirus. However, any such indicators can be safely ignored.
Comments
0 comments
Article is closed for comments.