I had a look around in CSF forum, but think this might be Virtualmin related?
I am getting emails that one of my mailboxes is running a very long time somehow, does anyone have an idea why and how to add it in the csf.pignore? I have a few mailboxes, but it seems only related behaviour to this one, or perhaps only showing this one?
Resource: Process Time
Exceeded: 26133 > 1800 (seconds)
Command Line: spamd child
PID: 6160 (Parent PID:6156)
Uptime: 26133 seconds
Command Line (often faked in exploits):
Network connections by the process (if any):
tcp: 127.0.0.1:783 -> 127.0.0.1:46930
udp: 127.0.0.1:56272 -> 127.0.0.1:53
Files open by the process (if any):
Would it be something like this:
Sorry, just not sure which option is the best?
Any help much appreciated
It sounds like it’s referring to the SpamAssassin child processes. It’s normal for those to run, SpamAssassin keeps several running at all times, similar to how Apache has various child processes.
It’s likely safe to ignore unless you’re experiencing a problem of some sort.
As far as how to configure CSF to ignore those – that’s unfortunately not something I’m familiar with, I haven’t used CSF in the past. If you aren’t seeing that in the CSF docs and aren’t getting help in the CSF community, there are folks who use that here, hopefully someone with some CSF experience can share how they’d go about setting that up to ignore those.
Hi. You could put in:
into /etc/csf/csf.pignore, but that technically will make anything running with the /usr/bin/perl process be ignored.
I would go further and do a:
ps aux|grep spamd
to see what username spamd is running as, and then do a:
That would target the spamd process in particular and leave anything using perl to still be monitored.
Hopefully spamd doesn’t run as root, otherwise you’ll just have to use the exe:/usr/bin/perl.
I got this output from your command
ps aux|grep spamd
root 3142 0.0 0.0 112704 964 pts/0 R+ 21:02 0:00 grep --color=auto spamd
root 6156 0.0 1.6 278420 65108 ? Ss 06:02 0:12 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H
root 6160 0.0 2.2 300140 86612 ? S 06:02 0:49 spamd child
root 6161 0.0 1.7 281168 67124 ? S 06:02 0:01 spamd child
Perhaps I can find more answers, like you I am not very font to ignore perl.
Yeah it does indeed run as root.
I see the folks over at DirectAdmin have discussed this one, I see a post here from a few years ago detailing how they added SpamAssassin to the CSF ignore file… would this here do what you’re after:
@andreycheck Thanks a lot, I am testing it and will put outcome here later if it is working fine for me.
It has been running fine for a few days, this is what I have now in my csf.pignore.