chkrootkit email says Suspect directory dev/rd/cdb FOUND!

[Bruce123]

The email report that is generated by rootkit (/root/chkrootkit.sh | grep -v .packlist) has reported what's below. The items in italics are new and of concern. Unfortunately, this started a few weeks ago and I did not notice. I would really like to know what is is and how it might have gotten there, and what damage has been/can be done by this.

I would also like to know if it is safe to remove that folder & contents

Server is on CENTOS 7.8 & WHM 88.0.13 and I believe is well secured, so I'm puzzled.

TIA for your help.

find: ‘/proc/26711’: No such file or directory
find: ‘/proc/26724’: No such file or directory
find: ‘/proc/26732’: No such file or directory
find: ‘/proc/26810’: No such file or directory

/dev/rd/cdb/mig/mig-logcleaner

Suspect directory dev/rd/cdb FOUND! Looking for sniffer logs

/dev/rd/cdb /dev/rd/cdb/mig /dev/rd/cdb/mig/mig /dev/rd/cdb/mig/mig_logcleaning.txt /dev/rd/cdb/mig/makefile /dev/rd/cdb/mig/mig-logcleaner /dev/rd/cdb/mig/backup /dev/rd/cdb/mig/backup/mig-logcleaner-original.c /dev/rd/cdb/mig/README.md /dev/rd/cdb/mig/LICENSE /dev/rd/cdb/mig/readme.mig /dev/rd/cdb/mig/mig-logcleaner.c /dev/rd/cdb/mig.tgz

/usr/lib/debug/usr/.dwz

not tested
INFECTED PORTS: ( 465)
not tested

 

[cPanelLauren]

I would suggest opening a ticket so that our analysts can investigate further. I don't feel comfortable telling you whether or not this is a false positive and would rather be certain.