An update in August 2024 for cPanel caused LFD to produce hourly alerts with regards to spamassassin tmp files. The alerts look like this:
Time: Thu Aug 29 08:54:52 2024 +1000
File: /tmp/.spamassassin1718865sGWF5rtmp
Reason: Suspicious directory
Owner: nobody:nobody (99:99)
Action: No action taken
The current solution is to whitelist any spamassassin tmp files in the /tmp folder from being checked by CSF/LFD.
To do this open WHM -> Terminal or login to SSH and type:
echo "/tmp\/.spamassassin*" >> /etc/csf/csf.fignore; csf -ra
This will whitelist /tmp/.spamassassin******* files and reload csf.