TCP port 60922 is being used by /usr/bin/rspamd

Hello Experts!
I received a report from rkhunter today:

What should I do?

 

You can check with the commands as shown, but i assume this was an incoming mail that got handed over by postfix to rspamd which had a virus attachted. You can check the /var/log/rspamd/rspamd.log for the symbol "CLAM_VIRUS" and will most likely find the mail that caused this. Make sure to match the time of the rkhunter scan with the mail(s) with CLAM_VIRUS in the rspamd.log, when the time matches that's the explanation.

 

Yes, I find this nasty record in rspamd log:

The time stamp is different from the rkhunter report. I also recall that I received a nasty phishing email yesterday. I immediately deleted it.

I just started a malware detect and clamscan system wide scanning.

 

That's just the info message from rspamd, that the antivirus module added "clamav" as a antivirus engine with the symbol "CLAM_VIRUS". So nothing out of the ordinary.

 

That's the symbol for the ClamAV scan engine and is just informative and is not the indicator that a virus was found.
Also, rkhunter is no longer actively maintained. It's nice to have it as a complementary anti-rootkit tool, but whatever it finds, it has a increased chance of false positives.

 

I see. Thank you.
I did a system wide malware detect and clamscan scanning. No nasty file is found.