ImunifyAV: malware-scanning hook gets triggered when ignoring
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Ignacio
  2. Wednesday, 26 February 2020
  3.  Subscribe via email
Hi,

I've detected that the "malware-scanning" hook gets triggered when deleting a ignore file or folder from the cPanel plugin:


# ps aux | grep imuni
root 2298531 66.5 0.3 280016 54900 ? R 12:59 0:02 /opt/alt/php73/usr/bin/php -n -d short_open_tag=on -d extension=json.so -d extension=mbstring.so -d extension=leveldb.so /opt/ai-bolit/ai-bolit-hoster.php --smart --deobfuscate --avdb /var/imunify360/files/sigs/v1/aibolit/ai-bolit-hoster.db --no-html --json_report . --json-stdout --memory NoneM --listing /var/imunify360/tmp/tmp387qb_lz --progress /var/imunify360/tmp/ai_bolit_progress_15827327669387074.json --with-suspicious --size 1048576 --cloud-assist IP-76927-448245-Ydk8fJrf --cloudscan-size 10485760

# tail -f /var/log/imunify360/hook.log
1582733068 : 7901936a-28f6-4d22-8eb0-68aea9d4b9aa : started : malware-scanning : finished : /usr/local/xxxx/imunifyavscan_hook.sh
1582733071 : 7901936a-28f6-4d22-8eb0-68aea9d4b9aa : done : malware-scanning : finished : /usr/local/xxxx/imunifyavscan_hook.sh : OK


Is this normal behaviour?

Thanks,

Ignacio
Attachments (1)
Rate this post:
  1. 26.02.2020 19:02:18
  2. # 1
Sergey Khristich Accepted Answer
Posts: 264
Joined: 20.05.2019
0
Votes
Undo
Hello Ignacio,
This shouldn't have happened, we need to check. Can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and we'll link this thread to it. Thank you.
Marketing Manager
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.