Hello to all,
I'm receiving emails with subject: Suspicious process running under user nobody
The executable is: /var/dcc/libexec/dccifd
Command Line (often faked in exploits):
/var/dcc/libexec/dccifd -Inobody -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
Thanks,
Wilson
dcc
dccifd should not be running, it is not used in the default MailScanner installation unless you have altered the configuration. You can try stopping it by killing the process and then removing the binary (/var/dcc/libexec/dccifd). It seems to keep running on some servers even though it is not called by MailScanner.