After installing / updating JBM, you might get an email from LFD alerting about “Suspicious File Alert”.
Time: Thu Jan 28 00:16:01 2016 -0200 File: /tmp/tmpVdeOSP/virtualenv-13.0.3/virtualenv.py Reason: Script, file extension Owner: :games (501:20) Action: No action taken
This actually a python framework installed by the Amazon AWS Command line interface tool that we are using in JetBackup.
This temporary folder can be removed. Also, Files are safe, there is no malicious code of any kind.
Another solution is to exclude the following –
in the “/etc/csf/csf.fignore” file.
This can be done either by directly editing this file, or running the following command from your server bash prompt (running as root user) –
echo "/tmp/tmp[a-zA-Z0-9]+/virtualenv\-[\d\.]+/.*" >> /etc/csf/csf.fignore