Question
What are the Suspicious File Alert emails that I receive with content such as the following?
lfd on server.hostname.tld: Suspicious File Alert
Time: <Time>
File: /tmp/file.ext
Reason: Script, file extension
Owner: user:user (1001:1003)
Action: No action taken
Answer
These emails are generated by the CSF/LFD plugin for cPanel, a third-party developed plugin to help you manage aspects of your server and firewall.
The messages alert you to a file that matches known or suspected malware. The specific reason, file location, and action that LFD performed on the file will be listed in the message.
cPanel does not offer any advice on security-related issues. If these files are suspected malware it is best to consult a security administrator. Virus scans such as ImunifyAV and ClamAV can be used to check the server, but these will often have different rules they match and may not have the same results as LFD.
Comments
0 comments
Article is closed for comments.