squirrelmail is reported as Suspicious Process

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
prabudh
Junior Member
Posts: 33
Joined: 10 Dec 2006, 13:05
Location: India
Contact:

squirrelmail is reported as Suspicious Process

Post by prabudh »

Upgraded 3 servers to latest CSF and all of them report Suspicious process when users are accessing email using squirrelmail.

Time: Fri Jun 27 00:25:46 2008
PID: 20395
Account: dxxxnd
Uptime: 161 seconds
Executable:
/usr/local/cpanel/3rdparty/bin/php-cgi
Command Line (often faked in exploits):
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/cpanel/base/3rdparty/squirrelmail/src/right_main.php
Network connections by the process (if any):
tcp: 127.0.0.1:35159 -> 127.0.0.1:143
Is this normal or i need to update any settings ?
powvex
Junior Member
Posts: 8
Joined: 28 Jun 2008, 08:36

Post by powvex »

same here:

Executable:
/usr/local/cpanel/3rdparty/bin/php-cgi


Command Line (often faked in exploits):
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/cpanel/base/3rdparty/squirrelmail/src/download.php
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

If you want an exception for /usr/local/cpanel/3rdparty/bin/php-cgi scripts add to csf.pignore:

exe:/usr/local/cpanel/3rdparty/bin/php-cgi

The restart lfd.
Post Reply