Imunify hook to send email to admin on infection
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Nick
  2. Tuesday, 24 December 2019
  3.  Subscribe via email
Hello all

Since i could not find any option to notify admins when an infection occurs, i have modified this script to do the job

https://www.imunify360.com/blog/an-introduction-to-imunify-hooks

I have tested it by uploading infected files with ftp and cpanel file editor and it seems OK

It sends email to cpanel contact emails with infection path and infection type

This is the first beta , it has many improve potentials

Feel free to test

cd
mkdir hooks
cd hooks
vi hooks.php

### php begins###

#!/usr/local/bin/php -q
<?php
$hostname = gethostname();

stream_set_blocking(STDIN, 0);
$stdin = fopen('php://stdin', 'r');
$data = stream_get_contents($stdin);
$json = json_decode(trim($data), true);
$output = null;
switch ($json['event']) {
case 'malware-detected':

$subtype = $json['subtype'];
$total_malicious = $json['params']['total_malicious'];
$report = json_decode(file_get_contents($json['params']['tmp_filename']), true);
$by_users = array();


foreach ($report as $entry) {
if (!isset($by_users[$entry['username']]))
{
$by_users[$entry['username']] = array();
}


$by_users[$entry['username']][] = $entry;
}

foreach ($by_users as $user => $user_row)
{
$output.=date('Ymd H:i:s')."\n\n"."Subtype:".$subtype."\n\n";
$output.='User '.$user.' has '.count($user_row).' infections';
foreach ($user_row as $fkey => $user_row_item)
{
$output.="\n".$user_row_item['file'].' '.$user_row_item['type'].' '.$user_row_item['scan_type'];
}
$output.="\n\n\n";
}

break;
}

if($output)
{

$subject = "Imunify on ".$hostname.' (Infections:'.$total_malicious.')';
$recipient = 'root';
$headers="From: ".$hostname."<[email protected]".$hostname.">\nX-Mailer: PHP\nContent-type: text/plain; charset=UTF-8";
mail($recipient, $subject, $output, $headers);
}
?>

####php end###

chmod 700 hooks.php

imunify360-agent hook add --event malware-detected --path /root/hooks/hooks.php
Rate this post:
  1. 24.12.2019 18:12:11
  2. # 1
Sergey Khristich Accepted Answer
Posts: 378
Joined: 20.05.2019
0
Votes
Undo
Hello Nick,
Thank you for following up! For our part, we can add that CloudLinux is not responsible for this script. Everyone can use it at their discretion. We recommend making a repo on github and uploading the code there.
Thanks.
Marketing Manager
  1. 28.12.2019 10:12:36
  2. # 2
Jawed Hanif Accepted Answer
Posts: 0
Joined: 08.07.2020
0
Votes
Undo
It is much better when server admin get detailed email report of all infections when daily scan run like maldet.
  1. 30.12.2019 10:12:56
  2. # 3
Sergey Khristich Accepted Answer
Posts: 378
Joined: 20.05.2019
0
Votes
Undo
It is much better when server admin get detailed email report of all infections when daily scan run like maldet.

Hello Jawed, thanks for following up!
We plan to release this feature on Q1 2020.
If you have any other questions, feel free to ask here. Thank you for contacting us.
Marketing Manager
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.