An update in August 2024 for cPanel caused ConfigServer Security & Firewall (CSF/LFD) to generate hourly alerts regarding SpamAssassin temporary files. The alerts appear as follows:
- Time: Tue Sep 24 13:06:26 2024 +0300
- File: /tmp/.spamassassin*******/.spamassassin
- Reason: Suspicious directory
- Owner: nobody:nobody (99:99)
- Action: No action taken
Solution:
To stop these alerts, whitelist SpamAssassin temporary files in the /tmp directory from being checked by CSF/LFD:
- Open WHM.
- Go to ConfigServer Security & Firewall.
- Navigate to csf.fignore.
- Add the following line at the end of the file:
/tmp\/.spamassassin* - Restart the LFD service.
This will whitelist the SpamAssassin temporary files in the /tmp directory and prevent further alerts.