Attack or default Virtualmin processes

3 posts / 0 new
Last post
#1 Tue, 03/17/2015 - 09:52
remibruggeman

Attack or default Virtualmin processes

Hey,

I've set up a new server that will replace my old one. The new server runs the latest version of Virtualmin on top of Debian 7.8. I run CFS & LFD as firewall. I have already set-up 3 virtual servers as a test. They work fine.

Every hour (or more) I receive a lot of e-mails from CFS & LFD with warnings similar to:

Time: Tue Mar 17 15:30:29 2015 +0100 
PID: 18819 (Parent PID:4069) 
Account: www-data 
Uptime: 3658 seconds 
 
 
Executable: 
 
/usr/lib/apache2/mpm-prefork/apache2 
 
 
Command Line (often faked in exploits): 
 
/usr/sbin/apache2 -k start 
 
 
Network connections by the process (if any): 
 
tcp: xx.xx.xx.xx:80 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:443 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:80 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:443 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:80 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:443 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:80 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:443 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:80 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:443 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:80 -> 0.0.0.0:0 
tcp: xx.xx.xx.xx:443 -> 0.0.0.0:0 
 
 
Files open by the process (if any): 
 
/dev/null 
/dev/null 
/var/log/apache2/error.log 
/var/log/virtualmin/client1.be_error_log 
/var/log/virtualmin/client2.be_error_log 
/var/log/virtualmin/client3.net_error_log 
/var/log/virtualmin/client4.be_error_log 
/var/log/apache2/other_vhosts_access.log 
/var/log/virtualmin/client1.be_access_log 
/var/log/virtualmin/client2.be_access_log 
/var/log/virtualmin/client2.be_access_log 
/run/apache2/ssl_mutex (deleted) 
/var/log/virtualmin/client3.net_access_log 
/var/log/virtualmin/client3.net_access_log 
/var/log/virtualmin/client4.be_access_log 
/var/log/apache2/access.log 
/dev/urandom 
anon_inode:[eventpoll] 
 
 
Memory maps by the process (if any): 
 
7f0d3aa9c000-7f0d3aaa3000 r-xp 00000000 fd:00 10359814 /usr/lib/php5/20100525/pdo_mysql.so 
7f0d3aaa3000-7f0d3aca3000 ---p 00007000 fd:00 10359814 /usr/lib/php5/20100525/pdo_mysql.so 
7f0d3aca3000-7f0d3aca4000 r--p 00007000 fd:00 10359814 /usr/lib/php5/20100525/pdo_mysql.so 
7f0d3aca4000-7f0d3aca5000 rw-p 00008000 fd:00 10359814 /usr/lib/php5/20100525/pdo_mysql.so 
7f0d3aca5000-7f0d3aca6000 ---p 00000000 00:00 0 
7f0d3aca6000-7f0d3b4a6000 rw-p 00000000 00:00 0 
7f0d3b5aa000-7f0d3b5c8000 r-xp 00000000 fd:00 10359813 /usr/lib/php5/20100525/mysqli.so 
7f0d3b5c8000-7f0d3b7c7000 ---p 0001e000 fd:00 10359813 /usr/lib/php5/20100525/mysqli.so 
7f0d3b7c7000-7f0d3b7cc000 r--p 0001d000 fd:00 10359813 /usr/lib/php5/20100525/mysqli.so 
7f0d3b7cc000-7f0d3b7cd000 rw-p 00022000 fd:00 10359813 /usr/lib/php5/20100525/mysqli.so 
7f0d3b7cd000-7f0d3ba8d000 r-xp 00000000 fd:00 9970163 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0 
7f0d3ba8d000-7f0d3bc8d000 ---p 002c0000 fd:00 9970163 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0 
7f0d3bc8d000-7f0d3bc93000 r--p 002c0000 fd:00 9970163 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0 
7f0d3bc93000-7f0d3bd11000 rw-p 002c6000 fd:00 9970163 /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18.0.0 
7f0d3bd11000-7f0d3bd16000 rw-p 00000000 00:00 0 
7f0d3bd16000-7f0d3bd21000 r-xp 00000000 fd:00 10359812 /usr/lib/php5/20100525/mysql.so 
7f0d3bd21000-7f0d3bf21000 ---p 0000b000 fd:00 10359812 /usr/lib/php5/20100525/mysql.so 
7f0d3bf21000-7f0d3bf23000 r--p 0000b000 fd:00 10359812 /usr/lib/php5/20100525/mysql.so 
7f0d3bf23000-7f0d3bf24000 rw-p 0000d000 fd:00 10359812 /usr/lib/php5/20100525/mysql.so 
7f0d3bf24000-7f0d3bf3d000 r-xp 00000000 fd:00 10359789 /usr/lib/php5/20100525/pdo.so 
7f0d3bf3d000-7f0d3c13c000 ---p 00019000 fd:00 10359789 /usr/lib/php5/20100525/pdo.so 
7f0d3c13c000-7f0d3c13f000 r--p 00018000 fd:00 10359789 /usr/lib/php5/20100525/pdo.so 
7f0d3c13f000-7f0d3c140000 rw-p 0001b000 fd:00 10359789 /usr/lib/php5/20100525/pdo.so 
7f0d3c140000-7f0d3c142000 r-xp 00000000 fd:00 10355369 /usr/lib/apache2/modules/mod_suexec.so 
7f0d3c142000-7f0d3c341000 ---p 00002000 fd:00 10355369 /usr/lib/apache2/modules/mod_suexec.so 
7f0d3c341000-7f0d3c342000 r--p 00001000 fd:00 10355369 /usr/lib/apache2/modules/mod_suexec.so 
7f0d3c342000-7f0d3c343000 rw-p 00002000 fd:00 10355369 /usr/lib/apache2/modules/mod_suexec.so 
7f0d3c343000-7f0d3c347000 r-xp 00000000 fd:00 10355408 /usr/lib/apache2/modules/mod_status.so 
7f0d3c347000-7f0d3c547000 ---p 00004000 fd:00 10355408 /usr/lib/apache2/modules/mod_status.so 
7f0d3c547000-7f0d3c548000 r--p 00004000 fd:00 10355408 /usr/lib/apache2/modules/mod_status.so 
7f0d3c548000-7f0d3c549000 rw-p 00005000 fd:00 10355408 /usr/lib/apache2/modules/mod_status.so 
7f0d3c549000-7f0d3c5ec000 rw-p 00000000 00:00 0 
7f0d3c5ec000-7f0d3c5f7000 r-xp 00000000 fd:00 5508179 /lib/x86_64-linux-gnu/libnss_files-2.13.so 
7f0d3c5f7000-7f0d3c7f6000 ---p 0000b000 fd:00 5508179 /lib/x86_64-linux-gnu/libnss_files-2.13.so 
7f0d3c7f6000-7f0d3c7f7000 r--p 0000a000 fd:00 5508179 /lib/x86_64-linux-gnu/libnss_files-2.13.so 
7f0d3c7f7000-7f0d3c7f8000 rw-p 0000b000 fd:00 5508179 /lib/x86_64-linux-gnu/libnss_files-2.13.so 
7f0d3c7f8000-7f0d3c802000 r-xp 00000000 fd:00 5508189 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 
7f0d3c802000-7f0d3ca01000 ---p 0000a000 fd:00 5508189 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 
7f0d3ca01000-7f0d3ca02000 r--p 00009000 fd:00 5508189 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 
7f0d3ca02000-7f0d3ca03000 rw-p 0000a000 fd:00 5508189 /lib/x86_64-linux-gnu/libnss_nis-2.13.so 
7f0d3ca03000-7f0d3ca0a000 r-xp 00000000 fd:00 5508193 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 
7f0d3ca0a000-7f0d3cc09000 ---p 00007000 fd:00 5508193 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 
7f0d3cc09000-7f0d3cc0a000 r--p 00006000 fd:00 5508193 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 
7f0d3cc0a000-7f0d3cc0b000 rw-p 00007000 fd:00 5508193 /lib/x86_64-linux-gnu/libnss_compat-2.13.so 
7f0d3cc0c000-7f0d3cc12000 rw-p 00000000 00:00 0 
7f0d3cc29000-7f0d3cc3f000 rw-s 00000000 00:04 9552 /dev/zero (deleted) 
7f0d3cdf2000-7f0d3ce1c000 r-xp 00000000 fd:00 10355402 /usr/lib/apache2/modules/mod_ssl.so 
7f0d3ce1c000-7f0d3d01c000 ---p 0002a000 fd:00 10355402 /usr/lib/apache2/modules/mod_ssl.so 
7f0d3d01c000-7f0d3d01d000 r--p 0002a000 fd:00 10355402 /usr/lib/apache2/modules/mod_ssl.so 
7f0d3d01d000-7f0d3d01e000 rw-p 0002b000 fd:00 10355402 /usr/lib/apache2/modules/mod_ssl.so 
7f0d3d01e000-7f0d3d021000 rw-p 00000000 00:00 0 
7f0d3d021000-7f0d3d024000 r-xp 00000000 fd:00 10355377 /usr/lib/apache2/modules/mod_setenvif.so 
7f0d3d024000-7f0d3d223000 ---p 00003000 fd:00 10355377 /usr/lib/apache2/modules/mod_setenvif.so 
7f0d3d223000-7f0d3d224000 r--p 00002000 fd:00 10355377 /usr/lib/apache2/modules/mod_setenvif.so 
7f0d3d224000-7f0d3d225000 rw-p 00003000 fd:00 10355377 /usr/lib/apache2/modules/mod_setenvif.so 
7f0d3d225000-7f0d3d30a000 r-xp 00000000 fd:00 9970199 /usr/lib/libruby1.8.so.1.8.7 
7f0d3d30a000-7f0d3d509000 ---p 000e5000 fd:00 9970199 /usr/lib/libruby1.8.so.1.8.7 
7f0d3d509000-7f0d3d50b000 r--p 000e4000 fd:00 9970199 /usr/lib/libruby1.8.so.1.8.7 
7f0d3d50b000-7f0d3d50e000 rw-p 000e6000 fd:00 9970199 /usr/lib/libruby1.8.so.1.8.7 
7f0d3d50e000-7f0d3d52c000 rw-p 00000000 00:00 0 
7f0d3d52c000-7f0d3d54b000 r-xp 00000000 fd:00 10361925 /usr/lib/apache2/modules/mod_ruby.so 
7f0d3d54b000-7f0d3d74b000 ---p 0001f000 fd:00 10361925 /usr/lib/apache2/modules/mod_ruby.so 
7f0d3d74b000-7f0d3d74d000 rw-p 0001f000 fd:00 10361925 /usr/lib/apache2/modules/mod_ruby.so 
7f0d3d74d000-7f0d3d75c000 r-xp 00000000 fd:00 10355400 /usr/lib/apache2/modules/mod_rewrite.so 
7f0d3d75c000-7f0d3d95b000 ---p 0000f000 fd:00 10355400 /usr/lib/apache2/modules/mod_rewrite.so 
7f0d3d95b000-7f0d3d95c000 r--p 0000e000 fd:00 10355400 /usr/lib/apache2/modules/mod_rewrite.so 
7f0d3d95c000-7f0d3d95d000 rw-p 0000f000 fd:00 10355400 /usr/lib/apache2/modules/mod_rewrite.so 
7f0d3d95d000-7f0d3d960000 r-xp 00000000 fd:00 10355364 /usr/lib/apache2/modules/mod_reqtimeout.so 
7f0d3d960000-7f0d3db5f000 ---p 00003000 fd:00 10355364 /usr/lib/apache2/modules/mod_reqtimeout.so 
7f0d3db5f000-7f0d3db60000 r--p 00002000 fd:00 10355364 /usr/lib/apache2/modules/mod_reqtimeout.so 
7f0d3db60000-7f0d3db61000 rw-p 00003000 fd:00 10355364 /usr/lib/apache2/modules/mod_reqtimeout.so 
7f0d3db61000-7f0d3db68000 r-xp 00000000 fd:00 10355406 /usr/lib/apache2/modules/mod_proxy_http.so 
7f0d3db68000-7f0d3dd68000 ---p 00007000 fd:00 10355406 /usr/lib/apache2/modules/mod_proxy_http.so 
7f0d3dd68000-7f0d3dd69000 r--p 00007000 fd:00 10355406 /usr/lib/apache2/modules/mod_proxy_http.so 
7f0d3dd69000-7f0d3dd6a000 rw-p 00008000 fd:00 10355406 /usr/lib/apache2/modules/mod_proxy_http.so 
7f0d3dd6a000-7f0d3dd6c000 r-xp 00000000 fd:00 10355371 /usr/lib/apache2/modules/mod_proxy_connect.so 
7f0d3dd6c000-7f0d3df6b000 ---p 00002000 fd:00 10355371 /usr/lib/apache2/modules/mod_proxy_connect.so 
7f0d3df6b000-7f0d3df6c000 r--p 00001000 fd:00 10355371 /usr/lib/apache2/modules/mod_proxy_connect.so 
7f0d3df6c000-7f0d3df6d000 rw-p 00002000 fd:00 10355371 /usr/lib/apache2/modules/mod_proxy_connect.so 
7f0d3df6d000-7f0d3df73000 r-xp 00000000 fd:00 10355405 /usr/lib/apache2/modules/mod_proxy_balancer.so 
7f0d3df73000-7f0d3e172000 ---p 00006000 fd:00 10355405 /usr/lib/apache2/modules/mod_proxy_balancer.so 
7f0d3e172000-7f0d3e173000 r--p 00005000 fd:00 10355405 /usr/lib/apache2/modules/mod_proxy_balancer.so 
7f0d3e173000-7f0d3e174000 rw-p 00006000 fd:00 10355405 /usr/lib/apache2/modules/mod_proxy_balancer.so 
7f0d3e174000-7f0d3e188000 r-xp 00000000 fd:00 10355365 /usr/lib/apache2/modules/mod_proxy.so 
7f0d3e188000-7f0d3e387000 ---p 00014000 fd:00 10355365 /usr/lib/apache2/modules/mod_proxy.so 
7f0d3e387000-7f0d3e388000 r--p 00013000 fd:00 10355365 /usr/lib/apache2/modules/mod_proxy.so 
7f0d3e388000-7f0d3e389000 rw-p 00014000 fd:00 10355365 /usr/lib/apache2/modules/mod_proxy.so 
7f0d3e389000-7f0d3e38c000 r-xp 00000000 fd:00 5508169 /lib/x86_64-linux-gnu/libkeyutils.so.1.4 
7f0d3e38c000-7f0d3e58b000 ---p 00003000 fd:00 5508169 /lib/x86_64-linux-gnu/libkeyutils.so.1.4 
7f0d3e58b000-7f0d3e58c000 r--p 00002000 fd:00 5508169 /lib/x86_64-linux-gnu/libkeyutils.so.1.4 
7f0d3e58c000-7f0d3e58d000 rw-p 00003000 fd:00 5508169 /lib/x86_64-linux-gnu/libkeyutils.so.1.4 
7f0d3e58d000-7f0d3e595000 r-xp 00000000 fd:00 9962180 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 
7f0d3e595000-7f0d3e794000 ---p 00008000 fd:00 9962180 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 
7f0d3e794000-7f0d3e795000 r--p 00007000 fd:00 9962180 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 
7f0d3e795000-7f0d3e796000 rw-p 00008000 fd:00 9962180 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 
7f0d3e796000-7f0d3e7b8000 r-xp 00000000 fd:00 5505064 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 
7f0d3e7b8000-7f0d3e9b7000 ---p 00022000 fd:00 5505064 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 
7f0d3e9b7000-7f0d3e9b8000 r--p 00021000 fd:00 5505064 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 
7f0d3e9b8000-7f0d3e9b9000 rw-p 00022000 fd:00 5505064 /lib/x86_64-linux-gnu/liblzma.so.5.0.0 
7f0d3e9b9000-7f0d3e9df000 r-xp 00000000 fd:00 9962171 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 
7f0d3e9df000-7f0d3ebdf000 ---p 00026000 fd:00 9962171 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 
7f0d3ebdf000-7f0d3ebe0000 r--p 00026000 fd:00 9962171 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 
7f0d3ebe0000-7f0d3ebe1000 rw-p 00027000 fd:00 9962171 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 
7f0d3ebe1000-7f0d3ebe2000 rw-p 00000000 00:00 0 
... 

Another example:

Time: Tue Mar 17 15:01:28 2015 +0100 
PID: 3347 (Parent PID:2916) 
Account: mysql 
Uptime: 1221238 seconds 
 
 
Executable: 
 
/usr/sbin/mysqld 
 
 
Command Line (often faked in exploits): 
 
/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306 
 
 
Network connections by the process (if any): 
 
tcp: 127.0.0.1:3306 -> 0.0.0.0:0 
 
 
Files open by the process (if any): 
 
/dev/null 
/var/lib/mysql/ibdata1 
/tmp/ibjvuUGG (deleted) 
/tmp/iboD5Six (deleted) 
/tmp/ibVh0RUn (deleted) 
/tmp/ibp3OiA5 (deleted) 
/var/lib/mysql/ib_logfile0 
/var/lib/mysql/ib_logfile1 
/var/lib/mysql/client3@002enet_webmail/session.ibd 
/var/lib/mysql/client3@002enet_webmail/users.ibd 
/var/lib/mysql/client3@002enet_webmail/cache.ibd 
/var/lib/mysql/client3@002enet_webmail/cache_shared.ibd 
/var/lib/mysql/client3@002enet_webmail/cache_index.ibd 
/var/lib/mysql/client3@002enet_webmail/cache_thread.ibd 
/var/lib/mysql/client3@002enet_webmail/cache_messages.ibd 
/var/lib/mysql/client3@002enet_webmail/contacts.ibd 
/var/lib/mysql/client3@002enet_webmail/contactgroups.ibd 
/var/lib/mysql/client3@002enet_webmail/contactgroupmembers.ibd 
/var/lib/mysql/client3@002enet_webmail/identities.ibd 
/tmp/ibYAIWk2 (deleted) 
/var/lib/mysql/mysql/host.MYI 
/var/lib/mysql/mysql/host.MYD 
/var/lib/mysql/mysql/user.MYI 
/var/lib/mysql/mysql/user.MYD 
/var/lib/mysql/mysql/db.MYI 
/var/lib/mysql/mysql/db.MYD 
/var/lib/mysql/mysql/proxies_priv.MYI 
/var/lib/mysql/mysql/proxies_priv.MYD 
/var/lib/mysql/mysql/tables_priv.MYI 
/var/lib/mysql/mysql/tables_priv.MYD 
/var/lib/mysql/mysql/columns_priv.MYI 
/var/lib/mysql/mysql/columns_priv.MYD 
/var/lib/mysql/mysql/procs_priv.MYI 
/var/lib/mysql/mysql/procs_priv.MYD 
/var/lib/mysql/mysql/servers.MYI 
/var/lib/mysql/mysql/servers.MYD 
/var/lib/mysql/mysql/event.MYI 
/var/lib/mysql/mysql/event.MYD 
/var/lib/mysql/client4/cache.ibd 
/var/lib/mysql/client4/cache_index.ibd 
/var/lib/mysql/mysql/proc.MYI 
/var/lib/mysql/mysql/proc.MYD 
/var/lib/mysql/client3@002enet_webmail/dictionary.ibd 
/var/lib/mysql/client3@002enet_webmail/searches.ibd 
/var/lib/mysql/client3@002enet_webmail/system.ibd 
/var/lib/mysql/mysql/func.MYI 
/var/lib/mysql/mysql/func.MYD 
/var/lib/mysql/mysql/general_log.CSM 
/var/lib/mysql/mysql/general_log.CSV 
/var/lib/mysql/mysql/help_category.MYI 
/var/lib/mysql/mysql/help_category.MYD 
/var/lib/mysql/mysql/help_keyword.MYI 
/var/lib/mysql/mysql/help_keyword.MYD 
/var/lib/mysql/mysql/help_relation.MYI 
/var/lib/mysql/mysql/help_relation.MYD 
/var/lib/mysql/mysql/help_topic.MYI 
/var/lib/mysql/mysql/help_topic.MYD 
/var/lib/mysql/mysql/ndb_binlog_index.MYI 
/var/lib/mysql/mysql/ndb_binlog_index.MYD 
/var/lib/mysql/mysql/plugin.MYI 
/var/lib/mysql/mysql/plugin.MYD 
/var/lib/mysql/mysql/slow_log.CSM 
/var/lib/mysql/mysql/slow_log.CSV 
/var/lib/mysql/mysql/time_zone.MYI 
/var/lib/mysql/mysql/time_zone.MYD 
/var/lib/mysql/mysql/time_zone_leap_second.MYI 
/var/lib/mysql/mysql/time_zone_leap_second.MYD 
/var/lib/mysql/mysql/time_zone_name.MYI 
/var/lib/mysql/mysql/time_zone_name.MYD 
/var/lib/mysql/mysql/time_zone_transition.MYI 
/var/lib/mysql/mysql/time_zone_transition.MYD 
/var/lib/mysql/mysql/time_zone_transition_type.MYI 
/var/lib/mysql/mysql/time_zone_transition_type.MYD 
/var/lib/mysql/client2@002ebe_webmail/cache.ibd 
/var/lib/mysql/client2@002ebe_webmail/cache_index.ibd 
/var/lib/mysql/client2@002ebe_webmail/cache_messages.ibd 
/var/lib/mysql/client2@002ebe_webmail/cache_shared.ibd 
/var/lib/mysql/client2@002ebe_webmail/cache_thread.ibd 
/var/lib/mysql/client2@002ebe_webmail/contactgroupmembers.ibd 
/var/lib/mysql/client2@002ebe_webmail/contactgroups.ibd 
/var/lib/mysql/client2@002ebe_webmail/contacts.ibd 
/var/lib/mysql/client2@002ebe_webmail/dictionary.ibd 
/var/lib/mysql/client2@002ebe_webmail/identities.ibd 
/var/lib/mysql/client2@002ebe_webmail/searches.ibd 
/var/lib/mysql/client2@002ebe_webmail/session.ibd 
/var/lib/mysql/client2@002ebe_webmail/system.ibd 
...

Please tell me that I can safely ignore these e-mails?

Tue, 03/17/2015 - 10:52
andreychek

Howdy,

While I'm not familiar with CFS and the emails it sends, at first glance, those all appear normal.

One is Apache, with a number of open Apache log files, and the other is MySQL, with a series of databases open.

Are you experiencing a problem of any sort though?

-Eric

Tue, 03/17/2015 - 13:20
remibruggeman

Hey Eric,

Thanks for your quick answer. I do not note any other suspicious behaviour. Any other then the about 600 e-mails per day of these issues cfs is reporting.

I will have a look to change the intensity that cfs is scanning with ...

Topic locked