Question
What are the Suspicious File Alert emails that I receive with content such as the following?
lfd on server.hostname.tld: Suspicious File Alert
Time: <Time>
File: /tmp/file.ext
Reason: Script, file extension
Owner: user:user (1001:1003)
Action: No action taken
Answer
These emails are generated by the CSF/LFD plugin for cPanel. Please note that cPanel does not develop or provide support for this plugin.
The messages are alerting you of a file that has matched known or suspected malware. The specific reason will be listed in the message, as well as the file location and the action that LFD performed on the file.
cPanel does not offer any advice on security-related issues. If these files are suspected malware it is best to consult a security administrator. Virus scans such as ImunifyAV and ClamAV can be used to check the server, but these will often have different rules they match and may not have the same results as LFD.