This is an example of the email I recive:
Time: Fri Sep 21 19:38:20 2012 +0100
The following list of files have FAILED the md5sum comparision test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
I have a feeling this may be the software: http://www.configserver.com/cp/csf.html
Edit the Directory File Watching file (csf.dirwatch) - all listed files and directories will be watched for changes by lfd
I do not currently have any files in the list - I wonder if it is using something from cpanel. When I get a bit of time I will add a file and see what happens. May need to find more info of what is what first.