Search our documentation...

Simply enter what you are looking for!

LFD Suspicious File Alert (virtualenv)

After installing / updating JBM, you might get an email from LFD alerting about “Suspicious File Alert”.

Example –

Time: Thu Jan 28 00:16:01 2016 -0200
File: /tmp/tmpVdeOSP/virtualenv-13.0.3/virtualenv.py
Reason: Script, file extension
Owner: :games (501:20)
Action: No action taken 

This actually a python framework installed by the Amazon AWS Command line interface tool that we are using in JetBackup.

This temporary folder can be removed. Also, Files are safe, there is no malicious code of any kind.

Another solution is to exclude the following –

/tmp/tmp[a-zA-Z0-9]+/virtualenv\-[\d\.]+/.*

in the “/etc/csf/csf.fignore” file.

This can be done either by directly editing this file, or running the following command from your server bash prompt (running as root user) –

echo "/tmp/tmp[a-zA-Z0-9]+/virtualenv\-[\d\.]+/.*" >> /etc/csf/csf.fignore