Suspicious process running under user - warnings found

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
These are notifications facilitated by CSF in regards to the Perl executable running spamd which is Spamassassin. In this instance no, it does not appear to be malicious and generally speaking notifications in regard to spamd can be ignored.
 
  • Like
Reactions: Jeromero

xanadu

Active Member
Sep 25, 2006
27
2
153
We are getting at least ten emails a day relating to 'spamd child' on a newly commisioned VPS with about 15 individual domains. The user name also changes in each message. is there any way of stopping them or would that be risky?

Hoping you can help.
 

xanadu

Active Member
Sep 25, 2006
27
2
153
Hi cPRex.
Please see attached Example_1 which is followed immediately by Example_1A. Also attached is Example_2 where there is an additional entry under 'network connections' compared to Example_1. Example_2 is also follwed by a message similar to Example_1A.

They appear randomly for random users and can occur minutes apart and up to 1 hour apart.

Hope you can help.

Cheers,
Xanadu
PS: I will attach Example_2 in a following message.
 

Attachments

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
631
207
343
cPanel Access Level
DataCenter Provider
In /etc/csf/csf.pignore look for this line:

Code:
#cmd:spamd child
Uncomment it (remove the #) and then restart csf/ldf:

Code:
csf -ra
That tells LFD to ignore the process "spamd child" and you'll stop getting the emails.