Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. Imunify Security Products
  3. How do I

How to submit a false positive/negative results?

Denis Bykov
  • Updated

Issue

We strive to provide an effective malware scanner for websites, consistently updating our malware database and refining our proactive defense rules. Nonetheless there is a chance that you face so-called “false-positives” or “false-negatives” while scanning the websites for malware or when Proactive Defense is triggered:

  1. When Malware Scanner marks a legitimate file as malicious because the file may contain some specific piece of code previously noticed in malware it is called called “false-positives”. 
  2. Also when Proactive Defense prevents legitimate script execution, the rule is "falsing". 
  3. If scanner misses files that are malicious this is called “false-negatives”.

Note:

  1. To be sure it is a "false-negative" it is important to make sure that all protections are active, and a malicious file is not detected by Imunify while Malware Database Scanner and ModSecurity scanner are switched on.
  2. if file is detected and can not be cleaned, it is worth checking whether the owner is not root and the user has sufficient privileges to edit the file. 

When the above is confirmed we ask to submit those files to us for the further analysis.

Environment

  • ImunifyAV
  • Imunify360
  • Malware Scanner
  • Proactive Defense

Solution

  • False positives can be sent to the Imunify team for analysis via a command line (via SSH, on your server console, as a ROOT user. Use the full path to a file, not relative):

    From ImunifyAV product:

    # imunify-antivirus submit false-positive /path/to/file --reason your-reason-here

    From Imunify360 product:

    # imunify360-agent submit false-positive /path/to/file --reason your-reason-here

  • False negatives can be sent to the Imunify team for analysis via a command line (via SSH, on your server console, as a ROOT user. Use the full path to a file, not relative):

    From ImunifyAV product:

    # imunify-antivirus submit false-negative /path/to/file

    From Imunify360 product:

    # imunify360-agent submit false-negative /path/to/file

Useful links

 

https://docs.imunify360.com/command_line_interface/#submit-false-positive-false-negative

https://cloudlinux.zendesk.com/hc/en-us/articles/4408006442002-WAF-rules-prevent-updating-a-website-accessing-the-admin-area

Comments

0 comments

Please sign in to leave a comment.

Related articles