- Edited
On my server I always install rkhunter by default. Here my whitelists for grommunio for no false positives.
### Grommunio Dienste
#
# Allow the specified process pathnames to use shared memory segments.
#
ALLOWIPCPROC=/usr/libexec/gromox/delivery-queue
ALLOWIPCPROC=/usr/sbin/php-fpm
#
# The following options can be used to whitelist network ports which are known
# to have been used by malware.
#
PORT_PATH_WHITELIST="/usr/libexec/gromox/timer:TCP:6666"
#
# Allow the specified file to be present in the '/dev' directory, and not
# regarded as suspicious.
#
# -rw------- 1 groas grommunio 488 Jul 15 20:56 rhm.d211992fb283c6a90352
ALLOWDEVFILE=/dev/shm/rhm.????????????????????With this settings there are no warnings:
System checks summary
=====================
File properties checks...
Files checked: 184
Suspect files: 0
Rootkit checks...
Rootkits checked : 380
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 1 minute and 22 seconds
All results have been written to the log file: /var/log/rkhunter.log
No warnings were found while checking the system.