WARNING: JetBackup 4 is set to reach its End-of-Life (EOL) on July 1st, 2024. For More Information, please visit: JetBackup 4 EOL Announcement.

NOTICE: JetBackup 5 is now available in the Stable Tier. For more information, please visit our Jetbackup 5 Documentation.

LFD Suspicious File Alert (virtualenv)

After installing/updating JetBackup, you might get an email from LFD alerting about "Suspicious File Alert".

Example

Time: Thu Jan 28 00:16:01 2016 -0200
File: /tmp/tmpVdeOSP/virtualenv-13.0.3/virtualenv.py
Reason: Script, file extension
Owner: :games (501:20)
Action: No action taken

This actually a python framework installed by the Amazon AWS Command line interface tool that we are using in JetBackup.

This temporary folder can be removed. Also, Files are safe, there is no malicious code of any kind.

Another solution is to exclude the following

/tmp/tmp[a-zA-Z0-9]+/virtualenv\-[\d\.]+/.*

in the "/etc/csf/csf.fignore" file.

This can be done either by directly editing this file, or running the following command from your server bash prompt (running as root user)

echo "/tmp/tmp[a-zA-Z0-9]+/virtualenv\-[\d\.]+/.*" >> /etc/csf/csf.fignore

WHM User Documentation

LFD Suspicious File Alert (virtualenv)