I am extremely worried, today on my server it issued several alerts about a lefthook.exe, coming from the discourse folders, in this warning it said that it was a malware "ML:Generic.MaliciousExe, how can I guarantee that this really is an authentic file and a fake positive, remembering that the server removed these files 4 times lefthook.exe, can anyone with more experience tell me if I should really accept the deletion or should I restore the files on the server?
Please share the full message text, along with screenshots of what you mean. It is not apparent from your description of how your server is run or how you are being sent “alerts”.
Can I call you in private? Because there are some “messages” evident in these alerts, I may not be able to publish them for everyone.
Sorry that will not work: our community support is for discussing issues in public; if you are running into an issue with your server you will need to share enough for others to help you, or you should seek out someone who can help you privately.
The path where he claimed to have found malware was like this
/tmp/.temp_mount_<MOUNT_ID>/var/lib/docker/overlay2/<LAYER_HASH>/diff/home/discourse/.cache/yarn/v6/npm-lefthook- windows-arm64--<PACKAGE_HASH>-integrity/node_modules/lefthook-windows-arm64/bin