Wizard IT Products

Hello MagicSpam team,

we currently encounter the following error/warning from rkhunter:
Warning: The following suspicious shared memory segments have been found:
Process: PID: 31601 Owner: magicspam

Normally, those kinds of issue are resolved by adding something like this to "rkhunter.conf":
ALLOWIPCPROC=/opt/psa/admin/sbin/modules/magicspam/magicspam-daemon

Our problem is, that we fail at figuring out what the actual process/script of the given PID "31601" is.
Since "ps" also don't lists the PID, we assume that it might be a child-process?

Could you please give us some hints on how to resolve our issue?
Thanks!

Hello haschu,

Thank you for your post.

The reported issue with rkhunter's report about the IPC shared memory is indeed related to how MagicSpam's rate-limiter system spawns a child process as needed.
Normally, adding the "ALLOWIPCPROC" line with the path to the MagicSpam program in rkhunter.conf would resolve the issue. You do not need the PID of the process for this.
However, there is also a known issue in rkhunter where it could incorrectly report the same PID for such IPC processes repeatedly, even after you have added the ALLOWIPCPROC line for exemption. If this happens in your server, the current suggested workaround/solution is to disable such IPC process checks in rkhunter.

Please let us know if you have any further questions.


-- MagicSpam Support Team --