Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF/LFD constantly flags Scalar-List-Utils as suspicious

Discussion in 'General Discussion' started by Greg M, May 14, 2018.

  1. Greg M

    Greg M Active Member

    May 26, 2016
    Likes Received:
    Trophy Points:
    Glasgow, Scotland
    cPanel Access Level:
    Root Administrator
    Hi all

    Been having this 'issue' for a quite a while which is this:

    Time: Mon May 14 00:05:02 2018 +0100
    File: /tmp/.cpan/build/Scalar-List-Utils-1.48-z7HNEF/t/readonly.t
    Reason: Script, starts with #!
    Owner: :cpaneldemo (1000:1000)
    Action: No action taken

    some other "suspicious files"

    File: /tmp/.cpan/build/Scalar-List-Utils-1.48-z7HNEF/t/getmagic-once.t
    File: /tmp/.cpan/build/Scalar-List-Utils-1.48-z7HNEF/t/refaddr.t
    File: /tmp/.cpan/build/Scalar-List-Utils-1.48-z7HNEF/t/weak.t
    File: /tmp/.cpan/build/Scalar-List-Utils-1.48-z7HNEF/t/dualvar.t

    -And so on

    Does anyone know why this is happening? I only see this issue on this server and I couldn't find anything else online about this either. What exactly are the Scalar List Utils, what do they do? Do I even need them? All I found online is that its for Perl and provides extra functions or something.

    I get about 50 notifications a day, every day. So it's getting quite silly now.

    The server is a Dedicated Xeon E3-1270 V2 - 32GB RAM Centos 7.5 standard - And just upgraded to cPanel v70 (had this issue before v70 aswell)

    I'd appreciate any information on this
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @Greg M,

    Those look like Perl modules. You'd generally see this in the /home/.cpan directory. You can check to see if your default CPAN directory is set to /tmp using the instructions from the following StackOverflow thread:

    fixing cpan by resetting it

    Here are some additional threads where the topic of excluding files from the LFD suspicious process list is discussed:

    LFD Notice of Suspicious Process
    Suspicious process running under user
    Suspicious process running under
    lfd suspicious process /usr/bin/php

    Thank you.

Share This Page