If you have a dedicated server or VPS with the Config Server Firewall (CSF) software installed (any dedicated or VPS managed by us has this software installed by default) and are receiving a number of "suspicious process" emails that mention the "spamd child" process, this is the result of a recent update to the CSF software. The 4.35 version of CSF removed the exclusion it had for the "spamd child" process (this is the spam filter process), so whenever the spamd process is doing a lot of work CSF will identify it as a "suspicious process". This can be avoided by adding the exclusion back into CSF. Here's how:
- Log into Web Host manager (WHM)
- Click on "ConfigServer Security & Firewall" on the left side of the page at the bottom
- Click on "lfd Process Ignore" in the "lfd - Login Failure Daemon" section
- Add the following line to the list and click "Change":
- Click the "Restart lfd" button
You're done! You should no longer receive emails regarding the "spamd child" process.