Files on Linux server getting renamed as .SUSPECTED

[z3r0aCc3Ss]

I'm facing a serious problem. I'm using Linux server. Files on that server are getting renamed automatically as .suspected

http://imagehost.suck-o.com/images/2015 ... d_file.jpg

See the last modification date of that file. Suddenly, my client calls me shows me the error. I searched in my code, and didn't find anything stupid. When I searched the entire directory, I found the above error (see the image).

Can anyone tell me what's the problem?

I faced the same issue a couple of days back, when I was setting up WordPress blog for one of my clients. I ignored that error, I thought it's the WordPress issue. But it again caused on non-WordPress.

[bad_brain]

if the file is still on the same server it most likely triggers some kind of security scanner on there.
do you have root access on that server?

and have you checked the content of that file, especially for some Base64 gibberish (most likely at the start of the file)?

[z3r0aCc3Ss]

I do have root access to my server. It's my company server. Me and my 3 teammates handle it.

There's absolutely no change in file contents. It's just that file gets that extension.

[bad_brain]

page 43:
https://www.f-secure.com/system/fsgalle ... manual.pdf" onclick="window.open(this.href);return false;

so either the file IS kinda malicious or it's a false positive and you have to complain at the server admin.

[z3r0aCc3Ss]

Even I saw that PDF last night. File is not malicious at all. I'm using the same file in many different projects. And on Windows server, it didn't give any alerts.
I'll talk to my team.

But then, one more thing:
3-4 days back, on WordPress, wp-config, wp-settings, and 3-4 more files were renamed as .suspected.
What's the meaning of this? Those files are not malicious. Plus, we have WordPress security plugins installed.

[bad_brain]

hmm....post one of those files, it's very unusual a WP core file is labeled as malicious without a reason....