/tmp directory lfd emails

[salvatore333]

I keep getting a lot of the below emails (suspicous file alert from lfd) every time this customer updates their joomla. i have secured the /tmp directory long ago per below. Should I be concerned about this and what action should I take?

I have googled everything, thanks so much

Time: Tue Nov 9 00:05:04 2010 -0500
File: /tmp/install_4cd8064875***/CustoMenu-v2.5.3/installer.php
Reason: Script, file extension
Owner: plumm***:plumm*** (566:563)
Action: No action taken
----------------------------------------------
I have already secured below:
/var/tmp is mounted noexec,nosuid
/var/tmp is mounted as a filesystem
Suhosin for PHP enabled in apache.
Mod Security enabled in apache.
---------------------------------------------

This is whats in my /tmp directory on the server:

aquota.user
ArticlesAnywhere-v1.4.4.zip
.cpanel_easy-.MvwOeCDIqxU6QU3v
.cpanel_easy-.MvwOeCDIqxU6QU3v.had_error
CustoMenu-v2.5.3.zip
eaccelerator/
.ftpquota
.ICE-unix/
install_4cd8061e2a6fe/
install_4cd80648754d5/
lost+found/
mm.sem.zg4eXB
[email protected]
pear/
.spamassassin20015FRkcDtmp
.spamassassin2001EEmlbXtmp
spamd-24132-init/

and hundreds of the below files:
sess_ffe8498fa9503ceed35712317c8f0c34


thanks again for any help

 

[smoge]

Any false-positives can be added to /etc/csf/csf.fignore and lfd will then
ignore those listed files and directories.

Within csf.fignore is a list of files that lfd directory watching will ignore.
You must specify the full path to the file

You can also use perl regular expression pattern matching, for example:
/tmp/clamav.*
/tmp/.*\.wrk

Remember that you will need to escape special characters (precede them with a
backslash) such as \. \?

Pattern matching will only occur with strings containing an asterisk (*),
otherwise full file path matching will be applied