LFD spamd – suspicious process running under user cpanel

techie-iconIf you’ve installed the CSF firewall and its associated LFD process, you may be plagued with: suspicious process running under cpanel messages relating to spamd child. It will have something like /usr/local/cpanel/3rdparty/perl/514/bin/perl as the executable.

In most cases this is a false-positive in terms of being a suspicious process and you could probably do without the emails cluttering up your inbox.

So to get rid of it:

1. Open up ConfigServer Security & Firewall from the Plugins section of WHM.

2. Page down to the lfd – Login Failure Daemon section.

3. Look for the Edit LFD ignore file bit.

4. Change the dropdown to the left to csf.pignore, process tracking and click Edit.

5. Add the following line to the bottom of the file:

cmd:spamd child

6. Click Change.

7. Click Restart lfd.

Hopefully you will now no longer be bothered with emails relating to that process.

1 comment
  1. Many Thanks for specific instructions to identify and remove cmd:spamd_child messages. After tightening some e-mail checking on selected clients, I got the unexpected message you refer to.

Leave a Reply