lfd on server.com: Suspicious process running under user username

[jtgroup]

Hello,

I was wondering if anyone could help me with this. We keep receiving messages like this and I am concerned that something is wrong and if not, how can I stop the notifications?

Many thanks




Time: Mon May 2 10:04:43 2022 -0400
PID: 2072066 (Parent PID:1951773)
Account: username
Uptime: 39595 seconds


Executable:

/usr/local/cpanel/3rdparty/perl/532/bin/perl


Command Line (often faked in exploits):

spamd child


Network connections by the process (if any):

udp: 144.217.170.27:57454 -> 5.9.124.53:24441
tcp: 127.0.0.1:783 -> 127.0.0.1:53668
udp: 144.217.170.27:17692 -> 8.8.8.8:53


Files open by the process (if any):

/dev/null
/usr/local/cpanel/logs/spamd_error_log
/usr/local/cpanel/logs/spamd_error_log
/usr/local/cpanel/3rdparty/perl/532/bin/spamd
/var/cpanel/locale/en.cdb
/tmp/.spamassassin2072066oli5hAtmp
/usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/Net/DNS/Resolver/Base.pm
/tmp/.spamassassin207206696vIZStmp
/tmp/.spamassassin2072066rCwyk3tmp


Memory maps by the process (if any):

00400000-00402000 r-xp 00000000 08:06 1840343 /usr/local/cpanel/3rdparty/perl/532/bin/perl
00601000-00602000 r--p 00001000 08:06 1840343 /usr/local/cpanel/3rdparty/perl/532/bin/perl
00602000-00603000 rw-p 00002000 08:06 1840343 /usr/local/cpanel/3rdparty/perl/532/bin/perl
016e1000-08864000 rw-p 00000000 00:00 0 [heap]
08864000-0a2d6000 rw-p 00000000 00:00 0 [heap]
2b3ea81c3000-2b3ea81e5000 r-xp 00000000 08:06 665448 /usr/lib64/ld-2.17.so
2b3ea81e5000-2b3ea81e6000 rw-p 00000000 00:00 0
2b3ea81f3000-2b3ea827a000 rw-p 00000000 00:00 0
2b3ea827a000-2b3ea836e000 rw-p 00000000 00:00 0
2b3ea83e4000-2b3ea83e5000 r--p 00021000 08:06 665448 /usr/lib64/ld-2.17.so
2b3ea83e5000-2b3ea83e6000 rw-p 00022000 08:06 665448 /usr/lib64/ld-2.17.so
2b3ea83e6000-2b3ea83e7000 rw-p 00000000 00:00 0
2b3ea83e7000-2b3ea86df000 r-xp 00000000 08:06 1342 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/CORE/libperl.so
2b3ea86df000-2b3ea88df000 ---p 002f8000 08:06 1342 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/CORE/libperl.so
2b3ea88df000-2b3ea88ef000 r--p 002f8000 08:06 1342 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/CORE/libperl.so
2b3ea88ef000-2b3ea88f4000 rw-p 00308000 08:06 1342 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/CORE/libperl.so
2b3ea88f4000-2b3ea88fa000 rw-p 00000000 00:00 0
2b3ea88fa000-2b3ea8911000 r-xp 00000000 08:06 655406 /usr/lib64/libpthread-2.17.so
2b3ea8911000-2b3ea8b10000 ---p 00017000 08:06 655406 /usr/lib64/libpthread-2.17.so
2b3ea8b10000-2b3ea8b11000 r--p 00016000 08:06 655406 /usr/lib64/libpthread-2.17.so
2b3ea8b11000-2b3ea8b12000 rw-p 00017000 08:06 655406 /usr/lib64/libpthread-2.17.so
2b3ea8b12000-2b3ea8b16000 rw-p 00000000 00:00 0
2b3ea8b16000-2b3ea8b2d000 r-xp 00000000 08:06 665118 /usr/lib64/libnsl-2.17.so
2b3ea8b2d000-2b3ea8d2c000 ---p 00017000 08:06 665118 /usr/lib64/libnsl-2.17.so
2b3ea8d2c000-2b3ea8d2d000 r--p 00016000 08:06 665118 /usr/lib64/libnsl-2.17.so
2b3ea8d2d000-2b3ea8d2e000 rw-p 00017000 08:06 665118 /usr/lib64/libnsl-2.17.so
2b3ea8d2e000-2b3ea8d30000 rw-p 00000000 00:00 0
2b3ea8d30000-2b3ea8d32000 r-xp 00000000 08:06 665114 /usr/lib64/libdl-2.17.so
2b3ea8d32000-2b3ea8f32000 ---p 00002000 08:06 665114 /usr/lib64/libdl-2.17.so
2b3ea8f32000-2b3ea8f33000 r--p 00002000 08:06 665114 /usr/lib64/libdl-2.17.so
2b3ea8f33000-2b3ea8f34000 rw-p 00003000 08:06 665114 /usr/lib64/libdl-2.17.so
2b3ea8f34000-2b3ea9035000 r-xp 00000000 08:06 665117 /usr/lib64/libm-2.17.so
2b3ea9035000-2b3ea9234000 ---p 00101000 08:06 665117 /usr/lib64/libm-2.17.so
2b3ea9234000-2b3ea9235000 r--p 00100000 08:06 665117 /usr/lib64/libm-2.17.so
2b3ea9235000-2b3ea9236000 rw-p 00101000 08:06 665117 /usr/lib64/libm-2.17.so
2b3ea9236000-2b3ea923e000 r-xp 00000000 08:06 655384 /usr/lib64/libcrypt-2.17.so
2b3ea923e000-2b3ea943d000 ---p 00008000 08:06 655384 /usr/lib64/libcrypt-2.17.so
2b3ea943d000-2b3ea943e000 r--p 00007000 08:06 655384 /usr/lib64/libcrypt-2.17.so
2b3ea943e000-2b3ea943f000 rw-p 00008000 08:06 655384 /usr/lib64/libcrypt-2.17.so
2b3ea943f000-2b3ea946d000 rw-p 00000000 00:00 0
2b3ea946d000-2b3ea946f000 r-xp 00000000 08:06 655414 /usr/lib64/libutil-2.17.so
2b3ea946f000-2b3ea966e000 ---p 00002000 08:06 655414 /usr/lib64/libutil-2.17.so
2b3ea966e000-2b3ea966f000 r--p 00001000 08:06 655414 /usr/lib64/libutil-2.17.so
2b3ea966f000-2b3ea9670000 rw-p 00002000 08:06 655414 /usr/lib64/libutil-2.17.so
2b3ea9670000-2b3ea9834000 r-xp 00000000 08:06 655380 /usr/lib64/libc-2.17.so
2b3ea9834000-2b3ea9a33000 ---p 001c4000 08:06 655380 /usr/lib64/libc-2.17.so
2b3ea9a33000-2b3ea9a37000 r--p 001c3000 08:06 655380 /usr/lib64/libc-2.17.so
2b3ea9a37000-2b3ea9a39000 rw-p 001c7000 08:06 655380 /usr/lib64/libc-2.17.so
2b3ea9a39000-2b3ea9a3e000 rw-p 00000000 00:00 0
2b3ea9a3e000-2b3ea9a40000 r-xp 00000000 08:06 664889 /usr/lib64/libfreebl3.so
2b3ea9a40000-2b3ea9c3f000 ---p 00002000 08:06 664889 /usr/lib64/libfreebl3.so
2b3ea9c3f000-2b3ea9c40000 r--p 00001000 08:06 664889 /usr/lib64/libfreebl3.so
2b3ea9c40000-2b3ea9c41000 rw-p 00002000 08:06 664889 /usr/lib64/libfreebl3.so
2b3ea9c41000-2b3ea9cd2000 r-xp 00000000 08:06 4487 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/re/re.so
2b3ea9cd2000-2b3ea9ed1000 ---p 00091000 08:06 4487 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/re/re.so
2b3ea9ed1000-2b3ea9ed2000 r--p 00090000 08:06 4487 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/re/re.so
2b3ea9ed2000-2b3ea9ed3000 rw-p 00091000 08:06 4487 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/re/re.so
2b3ea9ed3000-2b3ea9ed7000 r-xp 00000000 08:06 1520 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/IO/IO.so
2b3ea9ed7000-2b3eaa0d6000 ---p 00004000 08:06 1520 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/IO/IO.so
2b3eaa0d6000-2b3eaa0d7000 r--p 00003000 08:06 1520 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/IO/IO.so
2b3eaa0d7000-2b3eaa0d8000 rw-p 00004000 08:06 1520 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/IO/IO.so
2b3eaa0d8000-2b3eaa0e0000 r-xp 00000000 08:06 1533 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Socket/Socket.so
2b3eaa0e0000-2b3eaa2e0000 ---p 00008000 08:06 1533 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Socket/Socket.so
2b3eaa2e0000-2b3eaa2e2000 r--p 00008000 08:06 1533 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Socket/Socket.so
2b3eaa2e2000-2b3eaa2e3000 rw-p 0000a000 08:06 1533 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Socket/Socket.so
2b3eaa2e3000-2b3eaa2e7000 r-xp 00000000 08:06 399641 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b3eaa2e7000-2b3eaa4e6000 ---p 00004000 08:06 399641 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b3eaa4e6000-2b3eaa4e7000 r--p 00003000 08:06 399641 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b3eaa4e7000-2b3eaa4e8000 rw-p 00004000 08:06 399641 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b3eaa4e8000-2b3eaa950000 r--s 00000000 08:07 1179657 /var/db/nscd/hosts
2b3eaa950000-2b3eaa95c000 r-xp 00000000 08:06 665120 /usr/lib64/libnss_files-2.17.so
2b3eaa95c000-2b3eaab5b000 ---p 0000c000 08:06 665120 /usr/lib64/libnss_files-2.17.so
2b3eaab5b000-2b3eaab5c000 r--p 0000b000 08:06 665120 /usr/lib64/libnss_files-2.17.so
2b3eaab5c000-2b3eaab5d000 rw-p 0000c000 08:06 665120 /usr/lib64/libnss_files-2.17.so
2b3eaab5d000-2b3eaab63000 rw-p 00000000 00:00 0
2b3eaab63000-2b3eaab66000 r-xp 00000000 08:06 1512 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b3eaab66000-2b3eaad66000 ---p 00003000 08:06 1512 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b3eaad66000-2b3eaad67000 r--p 00003000 08:06 1512 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b3eaad67000-2b3eaad68000 rw-p 00004000 08:06 1512 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b3eaad68000-2b3eaad6e000 r-xp 00000000 08:06 4434 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b3eaad6e000-2b3eaaf6d000 ---p 00006000 08:06 4434 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b3eaaf6d000-2b3eaaf6e000 r--p 00005000 08:06 4434 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b3eaaf6e000-2b3eaaf6f000 rw-p 00006000 08:06 4434 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b3eaaf6f000-2b3eaaf76000 r-xp 00000000 08:06 665123 /usr/lib64/librt-2.17.so
2b3eaaf76000-2b3eab175000 ---p 00007000 08:06 665123 /usr/lib64/librt-2.17.so
2b3eab175000-2b3eab176000 r--p 00006000 08:06 665123 /usr/lib64/librt-2.17.so
2b3eab176000-2b3eab177000 rw-p 00007000 08:06 665123 /usr/lib64/librt-2.17.so
2b3eab177000-2b3eab18b000 r-xp 00000000 08:06 1527 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/POSIX/POSIX.so
2b3eab18b000-2b3eab38b000 ---p 00014000 08:06 1527 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/POSIX/POSIX.so
2b3eab38b000-2b3eab38e000 r--p 00014000 08:06 1527 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/POSIX/POSIX.so
2b3eab38e000-2b3eab38f000 rw-p 00017000 08:06 1527 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/POSIX/POSIX.so
2b3eab38f000-2b3eab393000 r-xp 00000000 08:06 394712 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b3eab393000-2b3eab593000 ---p 00004000 08:06 394712 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b3eab593000-2b3eab594000 r--p 00004000 08:06 394712 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b3eab594000-2b3eab595000 rw-p 00005000 08:06 394712 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b3eab595000-2b3eab598000 r-xp 00000000 08:06 3993 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Cwd/Cwd.so
2b3eab598000-2b3eab797000 ---p 00003000 08:06 3993 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Cwd/Cwd.so
2b3eab797000-2b3eab798000 r--p 00002000 08:06 3993 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Cwd/Cwd.so
2b3eab798000-2b3eab799000 rw-p 00003000 08:06 3993 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Cwd/Cwd.so
2b3eab799000-2b3eab79a000 r-xp 00000000 08:06 4428 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b3eab79a000-2b3eab999000 ---p 00001000 08:06 4428 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b3eab999000-2b3eab99a000 r--p 00000000 08:06 4428 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b3eab99a000-2b3eab99b000 rw-p 00001000 08:06 4428 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b3eab99b000-2b3eab99e000 r-xp 00000000 08:06 4380 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b3eab99e000-2b3eabb9d000 ---p 00003000 08:06 4380 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b3eabb9d000-2b3eabb9e000 r--p 00002000 08:06 4380 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b3eabb9e000-2b3eabb9f000 rw-p 00003000 08:06 4380 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b3eabb9f000-2b3eabba4000 r-xp 00000000 08:06 1514 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/File/Glob/Glob.so
2b3eabba4000-2b3eabda3000 ---p 00005000 08:06 1514 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/File/Glob/Glob.so
2b3eabda3000-2b3eabda4000 r--p 00004000 08:06 1514 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/File/Glob/Glob.so
2b3eabda4000-2b3eabda5000 rw-p 00005000 08:06 1514 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/File/Glob/Glob.so
2b3eabda5000-2b3eabdae000 r-xp 00000000 08:06 4203 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b3eabdae000-2b3eabfad000 ---p 00009000 08:06 4203 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b3eabfad000-2b3eabfae000 r--p 00008000 08:06 4203 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b3eabfae000-2b3eabfaf000 rw-p 00009000 08:06 4203 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b3eabfaf000-2b3eabfb8000 r-xp 00000000 08:06 268812 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b3eabfb8000-2b3eac1b7000 ---p 00009000 08:06 268812 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b3eac1b7000-2b3eac1b8000 r--p 00008000 08:06 268812 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b3eac1b8000-2b3eac1b9000 rw-p 00009000 08:06 268812 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b3eac1b9000-2b3eac1c2000 r-xp 00000000 08:06 131271 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b3eac1c2000-2b3eac3c1000 ---p 00009000 08:06 131271 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b3eac3c1000-2b3eac3c2000 r--p 00008000 08:06 131271 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b3eac3c2000-2b3eac3c3000 rw-p 00009000 08:06 131271 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b3eac3c3000-2b3eac3dc000 r-xp 00000000 08:06 395933 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b3eac3dc000-2b3eac5dc000 ---p 00019000 08:06 395933 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b3eac5dc000-2b3eac5dd000 r--p 00019000 08:06 395933 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b3eac5dd000-2b3eac5e7000 rw-p 0001a000 08:06 395933 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b3eac5e7000-2b3eac6d0000 r-xp 00000000 08:06 655389 /usr/lib64/libstdc++.so.6.0.19
2b3eac6d0000-2b3eac8d0000 ---p 000e9000 08:06 655389 /usr/lib64/libstdc++.so.6.0.19
2b3eac8d0000-2b3eac8d8000 r--p 000e9000 08:06 655389 /usr/lib64/libstdc++.so.6.0.19
2b3eac8d8000-2b3eac8da000 rw-p 000f1000 08:06 655389 /usr/lib64/libstdc++.so.6.0.19
2b3eac8da000-2b3eac8ef000 rw-p 00000000 00:00 0
2b3eac8ef000-2b3eac904000 r-xp 00000000 08:06 655376 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b3eac904000-2b3eacb03000 ---p 00015000 08:06 655376 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b3eacb03000-2b3eacb04000 r--p 00014000 08:06 655376 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b3eacb04000-2b3eacb05000 rw-p 00015000 08:06 655376 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b3eacb05000-2b3eacb10000 r-xp 00000000 08:06 1522 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/List/Util/Util.so
2b3eacb10000-2b3eacd0f000 ---p 0000b000 08:06 1522 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/List/Util/Util.so
2b3eacd0f000-2b3eacd10000 r--p 0000a000 08:06 1522 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/List/Util/Util.so
2b3eacd10000-2b3eacd11000 rw-p 0000b000 08:06 1522 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/List/Util/Util.so
2b3eacd11000-2b3eacd15000 r-xp 00000000 08:06 140290 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
2b3eacd15000-2b3eacf15000 ---p 00004000 08:06 140290 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
2b3eacf15000-2b3eacf16000 r--p 00004000 08:06 140290 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
2b3eacf16000-2b3eacf17000 rw-p 00005000 08:06 140290 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/LibIDN/LibIDN.so
2b3eacf17000-2b3eacf49000 r-xp 00000000 08:06 655830 /usr/lib64/libidn.so.11.6.11
2b3eacf49000-2b3ead148000 ---p 00032000 08:06 655830 /usr/lib64/libidn.so.11.6.11
2b3ead148000-2b3ead149000 r--p 00031000 08:06 655830 /usr/lib64/libidn.so.11.6.11
2b3ead149000-2b3ead14a000 rw-p 00032000 08:06 655830 /usr/lib64/libidn.so.11.6.11
2b3ead14a000-2b3ead14d000 r-xp 00000000 08:06 4432 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b3ead14d000-2b3ead34c000 ---p 00003000 08:06 4432 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b3ead34c000-2b3ead34d000 r--p 00002000 08:06 4432 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b3ead34d000-2b3ead34e000 rw-p 00003000 08:06 4432 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b3ead34e000-2b3eae006000 r--s 00000000 08:07 1179655 /var/db/nscd/passwd
2b3eae006000-2b3eae00a000 r-xp 00000000 08:06 132698 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b3eae00a000-2b3eae209000 ---p 00004000 08:06 132698 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b3eae209000-2b3eae20a000 r--p 00003000 08:06 132698 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b3eae20a000-2b3eae20b000 rw-p 00004000 08:06 132698 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b3eae20b000-2b3eae212000 r-xp 00000000 08:06 4059 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b3eae212000-2b3eae411000 ---p 00007000 08:06 4059 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b3eae411000-2b3eae412000 r--p 00006000 08:06 4059 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b3eae412000-2b3eae413000 rw-p 00007000 08:06 4059 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b3eae413000-2b3eae417000 r-xp 00000000 08:06 527981 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b3eae417000-2b3eae616000 ---p 00004000 08:06 527981 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b3eae616000-2b3eae617000 r--p 00003000 08:06 527981 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b3eae617000-2b3eae618000 rw-p 00004000 08:06 527981 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b3eae618000-2b3eae67c000 r-xp 00000000 08:06 1840367 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b3eae67c000-2b3eae87b000 ---p 00064000 08:06 1840367 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b3eae87b000-2b3eae87c000 r--p 00063000 08:06 1840367 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b3eae87c000-2b3eae87e000 rw-p 00064000 08:06 1840367 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b3eae87e000-2b3eae8e5000 r-xp 00000000 08:06 661356 /usr/lib64/libssl.so.1.0.2k
2b3eae8e5000-2b3eaeae5000 ---p 00067000 08:06 661356 /usr/lib64/libssl.so.1.0.2k
2b3eaeae5000-2b3eaeae9000 r--p 00067000 08:06 661356 /usr/lib64/libssl.so.1.0.2k
2b3eaeae9000-2b3eaeaf0000 rw-p 0006b000 08:06 661356 /usr/lib64/libssl.so.1.0.2k
2b3eaeaf0000-2b3eaed27000 r-xp 00000000 08:06 661346 /usr/lib64/libcrypto.so.1.0.2k
2b3eaed27000-2b3eaef26000 ---p 00237000 08:06 661346 /usr/lib64/libcrypto.so.1.0.2k
2b3eaef26000-2b3eaef42000 r--p 00236000 08:06 661346 /usr/lib64/libcrypto.so.1.0.2k
2b3eaef42000-2b3eaef4f000 rw-p 00252000 08:06 661346 /usr/lib64/libcrypto.so.1.0.2k
2b3eaef4f000-2b3eaef53000 rw-p 00000000 00:00 0
2b3eaef53000-2b3eaef68000 r-xp 00000000 08:06 655724 /usr/lib64/libz.so.1.2.7
2b3eaef68000-2b3eaf167000 ---p 00015000 08:06 655724 /usr/lib64/libz.so.1.2.7
2b3eaf167000-2b3eaf168000 r--p 00014000 08:06 655724 /usr/lib64/libz.so.1.2.7
2b3eaf168000-2b3eaf169000 rw-p 00015000 08:06 655724 /usr/lib64/libz.so.1.2.7
2b3eaf169000-2b3eaf1b3000 r-xp 00000000 08:06 656050 /usr/lib64/libgssapi_krb5.so.2.2
2b3eaf1b3000-2b3eaf3b3000 ---p 0004a000 08:06 656050 /usr/lib64/libgssapi_krb5.so.2.2
2b3eaf3b3000-2b3eaf3b4000 r--p 0004a000 08:06 656050 /usr/lib64/libgssapi_krb5.so.2.2
2b3eaf3b4000-2b3eaf3b6000 rw-p 0004b000 08:06 656050 /usr/lib64/libgssapi_krb5.so.2.2
2b3eaf3b6000-2b3eaf48f000 r-xp 00000000 08:06 656060 /usr/lib64/libkrb5.so.3.3
2b3eaf48f000-2b3eaf68e000 ---p 000d9000 08:06 656060 /usr/lib64/libkrb5.so.3.3
2b3eaf68e000-2b3eaf69c000 r--p 000d8000 08:06 656060 /usr/lib64/libkrb5.so.3.3
2b3eaf69c000-2b3eaf69f000 rw-p 000e6000 08:06 656060 /usr/lib64/libkrb5.so.3.3
2b3eaf69f000-2b3eaf6a2000 r-xp 00000000 08:06 655728 /usr/lib64/libcom_err.so.2.1
2b3eaf6a2000-2b3eaf8a1000 ---p 00003000 08:06 655728 /usr/lib64/libcom_err.so.2.1
2b3eaf8a1000-2b3eaf8a2000 r--p 00002000 08:06 655728 /usr/lib64/libcom_err.so.2.1
2b3eaf8a2000-2b3eaf8a3000 rw-p 00003000 08:06 655728 /usr/lib64/libcom_err.so.2.1
2b3eaf8a3000-2b3eaf8d4000 r-xp 00000000 08:06 656054 /usr/lib64/libk5crypto.so.3.1
2b3eaf8d4000-2b3eafad3000 ---p 00031000 08:06 656054 /usr/lib64/libk5crypto.so.3.1
2b3eafad3000-2b3eafad5000 r--p 00030000 08:06 656054 /usr/lib64/libk5crypto.so.3.1
2b3eafad5000-2b3eafad6000 rw-p 00032000 08:06 656054 /usr/lib64/libk5crypto.so.3.1
2b3eafad6000-2b3eafae4000 r-xp 00000000 08:06 663569 /usr/lib64/libkrb5support.so.0.1
2b3eafae4000-2b3eafce4000 ---p 0000e000 08:06 663569 /usr/lib64/libkrb5support.so.0.1
2b3eafce4000-2b3eafce5000 r--p 0000e000 08:06 663569 /usr/lib64/libkrb5support.so.0.1
2b3eafce5000-2b3eafce6000 rw-p 0000f000 08:06 663569 /usr/lib64/libkrb5support.so.0.1
2b3eafce6000-2b3eafce9000 r-xp 00000000 08:06 655852 /usr/lib64/libkeyutils.so.1.5
2b3eafce9000-2b3eafee8000 ---p 00003000 08:06 655852 /usr/lib64/libkeyutils.so.1.5
2b3eafee8000-2b3eafee9000 r--p 00002000 08:06 655852 /usr/lib64/libkeyutils.so.1.5
2b3eafee9000-2b3eafeea000 rw-p 00003000 08:06 655852 /usr/lib64/libkeyutils.so.1.5
2b3eafeea000-2b3eaff00000 r-xp 00000000 08:06 665122 /usr/lib64/libresolv-2.17.so
2b3eaff00000-2b3eb0100000 ---p 00016000 08:06 665122 /usr/lib64/libresolv-2.17.so
2b3eb0100000-2b3eb0101000 r--p 00016000 08:06 665122 /usr/lib64/libresolv-2.17.so
2b3eb0101000-2b3eb0102000 rw-p 00017000 08:06 665122 /usr/lib64/libresolv-2.17.so
2b3eb0102000-2b3eb0104000 rw-p 00000000 00:00 0
2b3eb0104000-2b3eb0128000 r-xp 00000000 08:06 655723 /usr/lib64/libselinux.so.1
2b3eb0128000-2b3eb0327000 ---p 00024000 08:06 655723 /usr/lib64/libselinux.so.1
2b3eb0327000-2b3eb0328000 r--p 00023000 08:06 655723 /usr/lib64/libselinux.so.1
2b3eb0328000-2b3eb0329000 rw-p 00024000 08:06 655723 /usr/lib64/libselinux.so.1
2b3eb0329000-2b3eb032b000 rw-p 00000000 00:00 0
2b3eb032b000-2b3eb038b000 r-xp 00000000 08:06 655714 /usr/lib64/libpcre.so.1.2.0
2b3eb038b000-2b3eb058b000 ---p 00060000 08:06 655714 /usr/lib64/libpcre.so.1.2.0
2b3eb058b000-2b3eb058c000 r--p 00060000 08:06 655714 /usr/lib64/libpcre.so.1.2.0
2b3eb058c000-2b3eb058d000 rw-p 00061000 08:06 655714 /usr/lib64/libpcre.so.1.2.0
2b3eb058d000-2b3eb0590000 r-xp 00000000 08:06 396447 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b3eb0590000-2b3eb0790000 ---p 00003000 08:06 396447 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b3eb0790000-2b3eb0791000 r--p 00003000 08:06 396447 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b3eb0791000-2b3eb0792000 rw-p 00004000 08:06 396447 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b3eb0792000-2b3eb08ca000 r-xp 00000000 08:07 2505 /var/lib/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b3eb08ca000-2b3eb0ac9000 ---p 00138000 08:07 2505 /var/lib/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b3eb0ac9000-2b3eb0aca000 r--p 00137000 08:07 2505 /var/lib/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b3eb0aca000-2b3eb0acb000 rw-p 00138000 08:07 2505 /var/lib/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b3eb0acb000-2b3eb0ad5000 r-xp 00000000 08:06 1498 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/DB_File/DB_File.so
2b3eb0ad5000-2b3eb0cd4000 ---p 0000a000 08:06 1498 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/DB_File/DB_File.so
2b3eb0cd4000-2b3eb0cd5000 r--p 00009000 08:06 1498 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/DB_File/DB_File.so
2b3eb0cd5000-2b3eb0cd6000 rw-p 0000a000 08:06 1498 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/DB_File/DB_File.so
2b3eb0cd6000-2b3eb0e8b000 r-xp 00000000 08:06 655736 /usr/lib64/libdb-5.3.so
2b3eb0e8b000-2b3eb108b000 ---p 001b5000 08:06 655736 /usr/lib64/libdb-5.3.so
2b3eb108b000-2b3eb1092000 r--p 001b5000 08:06 655736 /usr/lib64/libdb-5.3.so
2b3eb1092000-2b3eb1095000 rw-p 001bc000 08:06 655736 /usr/lib64/libdb-5.3.so
2b3eb1095000-2b3eb109d000 r-xp 00000000 08:06 395130 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b3eb109d000-2b3eb129c000 ---p 00008000 08:06 395130 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b3eb129c000-2b3eb129d000 r--p 00007000 08:06 395130 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b3eb129d000-2b3eb129e000 rw-p 00008000 08:06 395130 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b3eb129e000-2b3eb12a5000 r-xp 00000000 08:06 270318 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b3eb12a5000-2b3eb14a4000 ---p 00007000 08:06 270318 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b3eb14a4000-2b3eb14a5000 r--p 00006000 08:06 270318 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b3eb14a5000-2b3eb14a6000 rw-p 00007000 08:06 270318 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b3eb14a6000-2b3eb14aa000 r-xp 00000000 08:06 4480 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/mro/mro.so
2b3eb14aa000-2b3eb16a9000 ---p 00004000 08:06 4480 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/mro/mro.so
2b3eb16a9000-2b3eb16aa000 r--p 00003000 08:06 4480 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/mro/mro.so
2b3eb16aa000-2b3eb16ab000 rw-p 00004000 08:06 4480 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/532/x86_64-linux-64int/auto/mro/mro.so
2b3eb1864000-2b3eb1869000 r-xp 00000000 08:06 4499 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b3eb1869000-2b3eb1a68000 ---p 00005000 08:06 4499 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b3eb1a68000-2b3eb1a69000 r--p 00004000 08:06 4499 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b3eb1a69000-2b3eb1a6a000 rw-p 00005000 08:06 4499 /usr/local/cpanel/3rdparty/perl/532/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b3eb1a6a000-2b3eb1d9b000 r--s 00000000 08:07 1445790 /var/cpanel/locale/en.cdb
2b3eb2411000-2b3eb2511000 rw-p 00000000 00:00 0
2b3eb268e000-2b3eb2730000 rw-p 00000000 00:00 0
7ffcacd31000-7ffcacd52000 rw-p 00000000 00:00 0 [stack]
7ffcacd94000-7ffcacd96000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

 

[cPRex]

Hey there! The suspicious process monitor has been covered many times on the forums here. Can you try a search to see if that will get you what you need? Here's an example that just searches our Forum: site:forums.cpanel.net suspicious process - Google Search

 

[jtgroup]

Yes I have searched the forums but I was asking for a specific reason i.e. is this anything to worry about. I can see how to stop the notifications but I don't want to stop warning notifications if this is an issue and it needs to be resolved.

 

[cPRex]

This specific notification is just Perl, related to the SpamAssassin process. Nearly any cPanel process is going to use the Perl binary, so this is a common one to exclude from the suspicious reports. I don't see anything that is obviously malicious in that output you provided.

 

[jtgroup]

Thank you, I appreciate your help. I'm confused as to why we need to stop these notifications though, surely these should be disabled by default if they aren't anything to worry about? Every WHM admin must have to disable these?

 

[cPRex]

cPanel doesn't support CSF/LFD as that software is created and distributed by another vendor. While it works well, it often does need some tweaks in order to not provide some "nuisance" notifications.

 

[jtgroup]

Thank you Rex. I'll give this a go and let you know if I have any issues.