I can't figure out how to use the scanner ignore mask feature.
I want to run on-demand scans and ignore these paths:
Syntax for several complex paths isn't clearly documented, but in the WHM plugin we get an example if we hover over the "i." So I understand the syntax should look something like the following, correct?
/usr/bin/imunify360-agent malware on-demand start --ignore-mask '/home*/*/mail/,/home*/*/.trash/' --intensity low --path '/home*/*' --no-follow-symlinks
Unfortunately /home*/*/.trash/ is still getting scanned with these options.
To troubleshoot I made a simple test case, placing 2 copies of a known malware sample as follows:
I've tried lots of variations of the on-demand scan, without using wildcards or several ignore mask directories, to make this as simple as possible, for example the following:
/usr/bin/imunify360-agent malware on-demand start --path /root/abuse/scantest --ignore-mask '/root/abuse/scantest/.trash' --intensity=high --no-follow-symlinks
/usr/bin/imunify360-agent malware on-demand start --path /root/abuse/scantest --ignore-mask '/root/abuse/scantest/subdir' --intensity=high --no-follow-symlinks
I've also tried the same scans in the WHM plugin, using ignore mask in the advanced options.
In every case, both files are detected as malicious.
Am I doing something wrong, or is the ignore mask feature not working correctly?
Thanks in advance.