Imunify hook to send email to admin on infection
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Nick
  2. Tuesday, 24 December 2019
  3.  Subscribe via email
Hello all

Since i could not find any option to notify admins when an infection occurs, i have modified this script to do the job

https://www.imunify360.com/blog/an-introduction-to-imunify-hooks

I have tested it by uploading infected files with ftp and cpanel file editor and it seems OK

It sends email to cpanel contact emails with infection path and infection type

This is the first beta , it has many improve potentials

Feel free to test

cd
mkdir hooks
cd hooks
vi hooks.php

### php begins###

#!/usr/local/bin/php -q
<?php
$hostname = gethostname();

stream_set_blocking(STDIN, 0);
$stdin = fopen('php://stdin', 'r');
$data = stream_get_contents($stdin);
$json = json_decode(trim($data), true);
$output = null;
switch ($json['event']) {
case 'malware-detected':

$subtype = $json['subtype'];
$total_malicious = $json['params']['total_malicious'];
$report = json_decode(file_get_contents($json['params']['tmp_filename']), true);
$by_users = array();


foreach ($report as $entry) {
if (!isset($by_users[$entry['username']]))
{
$by_users[$entry['username']] = array();
}


$by_users[$entry['username']][] = $entry;
}

foreach ($by_users as $user => $user_row)
{
$output.=date('Ymd H:i:s')."\n\n"."Subtype:".$subtype."\n\n";
$output.='User '.$user.' has '.count($user_row).' infections';
foreach ($user_row as $fkey => $user_row_item)
{
$output.="\n".$user_row_item['file'].' '.$user_row_item['type'].' '.$user_row_item['scan_type'];
}
$output.="\n\n\n";
}

break;
}

if($output)
{

$subject = "Imunify on ".$hostname.' (Infections:'.$total_malicious.')';
$recipient = 'root';
$headers="From: ".$hostname."<[email protected]".$hostname.">\nX-Mailer: PHP\nContent-type: text/plain; charset=UTF-8";
mail($recipient, $subject, $output, $headers);
}
?>

####php end###

chmod 700 hooks.php

imunify360-agent hook add --event malware-detected --path /root/hooks/hooks.php
Rate this post:
  1. 24.12.2019 18:12:11
  2. # 1
Sergey Khristich Accepted Answer
Posts: 504
Joined: 20.05.2019
0
Votes
Undo
Hello Nick,
Thank you for following up! For our part, we can add that CloudLinux is not responsible for this script. Everyone can use it at their discretion. We recommend making a repo on github and uploading the code there.
Thanks.
Marketing Manager
  1. 28.12.2019 10:12:36
  2. # 2
Jawed Hanif Accepted Answer
Posts: 0
Joined: 25.02.2021
0
Votes
Undo
It is much better when server admin get detailed email report of all infections when daily scan run like maldet.
  1. 30.12.2019 10:12:56
  2. # 3
Sergey Khristich Accepted Answer
Posts: 504
Joined: 20.05.2019
0
Votes
Undo
It is much better when server admin get detailed email report of all infections when daily scan run like maldet.

Hello Jawed, thanks for following up!
We plan to release this feature on Q1 2020.
If you have any other questions, feel free to ask here. Thank you for contacting us.
Marketing Manager
  1. 18.10.2020 04:10:53
  2. # 4
Scott Neader Accepted Answer
Posts: 89
Joined: 12.06.2014
0
Votes
Undo
@Nick I know this is an old post, but I wanted to thank you for taking time to document this solution. It is currently impossible to find any good examples of a hook like this, and your example is exactly what I wanted... to notify root upon finding malware. It works PERFECTLY. Thank you again!!

- Scott
  1. 06.01.2021 01:01:16
  2. # 5
Vickyi Accepted Answer
Posts: 0
Joined: 25.02.2021
0
Votes
Undo
The script didnt worked for me, hooks.log says below error, any help will be much appreciated

[email protected] [~]# cat /var/log/imunify360/hook.log
1609894101 : 53fb7664-36fa-4187-9ee9-a47a76992836 : started : malware-detected : critical : /root/hooks/hooks.php
1609894101 : 53fb7664-36fa-4187-9ee9-a47a76992836 : done : malware-detected : critical : /root/hooks/hooks.php : ERROR:2
/root/hooks/hooks.php: line 4: ?php: No such file or directory
/root/hooks/hooks.php: line 5: syntax error near unexpected token `('
/root/hooks/hooks.php: line 5: `$hostname = gethostname();'
  1. 08.01.2021 11:01:53
  2. # 6
Posts: 256
Joined: 31.01.2017
0
Votes
Undo
Hi,
Built-in notifications for detected malware are already there in Imunify360: https://docs.imunify360.com/features/#custom-scan-malware-detected
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Vickyi
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.

EU e-Privacy Directive

We use cookies to ensure you get the best experience using our website and services. Read more about it in our Privacy Policy. Please agree to the use of cookies to proceed. Alternatively, you may disable cookies in your browser at any time.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.