Getting rkHunter Security Warnings daily?

[Shahzadqayyum]

Hello!
I Got [rkhunter] Warnings found for server‏ Security Warnings a few weeks ago.
I scanned my server using maldet.
Found 2 infected files.

========================
malware detect scan report for server.xyz.com:
SCAN ID: 061415-1200.11881
TIME: Jun 14 12:51:23 -0400
PATH: /home
TOTAL FILES: 50682
TOTAL HITS: 2
TOTAL CLEANED: 0

NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 061415-1200.11881
FILE HIT LIST:
{MD5}php.exe.globals.5034 : /home/cpeasyapache/src/php-5.4.39/ext/standard/tests/file/bug41874_3.phpt
{MD5}php.exe.globals.4973 : /home/cpeasyapache/src/php-5.4.39/ext/standard/tests/general_functions/bug50732.phpt
===============================================
Linux Malware Detect v1.4.2 < [email protected] >

these infected files were manually quarantined by support staff.
Next day same notification [rkhunter] Warnings found for server‏ in my inbox?
again scanned all server but still getting these notifications.

I tried almost everything including cpanel /server hardening. Updated cpanel and rkHunter but still getting these notifications daily/sometimes twice a day?

any help be appreciated.
thanks in advance

 

[quizknows]

Check the rkhunter log file, or run "rkhunter -c" yourself to see what it is flagging. If in doubt ask for help from your hosting provider.

You should also tell the support staff that those files found by maldet are false positives... they should know that. They are valid parts of EasyApache / PHP source. Maybe ask for a more experienced technician or a security team if they have one available.

 

[cPanelMichael]

Hello

Yes, please consult with your support staff and have them review the file names in the report. You can compare the MD5sums with another cPanel server to verify they are in-fact legitimate files included with cPanel/EasyApache.

Thank you.