Skip to main content
Sign in

How to test that real-time Malware Scanner works?

Inessa Atmachian
  • Updated

You can use a test malware file to check if it's properly detected by Imunify by the automatic scanning of the file uploaded via the web or FTP. Please note that you need to enable real-time scanning in Imunify360 then you can download an eicar file from https://www.eicar.org/?page_id=3950 and upload it to your server via the File Manager or using an FTP method.

Afterward, you may find the file detected by the scanner in the Imunify360 Dashboard >> Malware Scanner >> Files.

Img1.png

Otherwise, you can find the corresponding logs in the /var/log/imunify360/console.log:

INFO  [2020-04-18 02:32:24,053] 
defence360agent.internals.the_sink: MalwareScan({'method': 
'MALWARE_SCAN', 'results': 
{'/home/imunify360test/public_html/test/eicar.com.txt': 
{'group': 'imunify360test', 'uid': 1069, 'gid': 1075, 'owner': 
'imunify360test', 'size': 68, 'hits': [{'matches': 
'SMW-SA-05057-eicar.tst-2', 'vendor': 'ai-bolit', 'suspicious': 
False, 'timestamp': 1587166343}], 'hash': 
'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f'}}, 
'summary': {'total_files': 1, 'path': 
['/home/imunify360test/public_html/test/eicar.com.txt'], 
'total_malicious': 1, 'users': ['imunify360test'], 
'started': 1587166342.9, 'by_vendor': {'ai-bolit': {'filesize': 
{'distribution_humanreadable': OrderedDict([('256 Bytes', 1)]), 
'distribution': OrderedDict([(8, 1)]), 'total': 68, 
'total_humanreadable': '68 Bytes'}, 'time': 0.1}}, 'error': None, 
'scanid': '73d87778-7422-457d-ba72-ac00d16f8a93', 'completed': 
1587166343, 'type': 'realtime'}})

INFO  [2020-04-18 02:32:24,060] 
defence360agent.internals.the_sink: 
HookEvent.MalwareScanningFinished({'total_files': 1, 
'total_malicious': 1, 'error': None, 'status': 'ok', 'path': 
['/home/imunify360test/public_html/test/eicar.com.txt'], 'users': 
['imunify360test'], 'started': 1587166342.9, 'scan_params': {}, 
'scan_id': '73d87778-7422-457d-ba72-ac00d16f8a93'})

INFO  [2020-04-18 02:32:24,075] 
defence360agent.internals.the_sink: 
HookEvent.MalwareDetectedCritical({'total_files': 1, 
'total_malicious': 1, 'DUMP': [{'extra_data': {}, 'scan_type': 
'realtime', 'id': 2518, 'file': 
'/home/imunify360test/public_html/test/eicar.com.txt', 
'hash': '275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f', 
'status': 'found', 'username': 'imunify360test', 'type': 
'SMW-SA-05057-eicar.tst-2', 'created': 1587166342, 'size': '68', 
'scan_id': '73d87778-7422-457d-ba72-ac00d16f8a93', 'malicious': True, 
'cleaned_at': None}], 'error': None, 'path': 
['/home/imunify360test/public_html/test/eicar.com.txt'], 'users': 
['imunify360test'], 'started': 1587166342.9, 'scan_id': 
'73d87778-7422-457d-ba72-ac00d16f8a93'})

Alternatively, you can upload the file via CLI and then modify it to check how modified malicious files are detected, e.g.: 

  1. wget http://www.eicar.org/download/eicar.com.txt -O /tmp/eicar.com.txt
  2. scp /tmp/eicar.com.txt user@server_IP:/var/www/vhosts/domain.com/httpdocs

    or

    scp /tmp/eicar.com.txt user@server_IP:/home/USER/public_html

    then

  3. mv /home/USER/public_html/test/eicar.com.txt /home/USER/public_html/test/eicar.com

    or

    mv /var/www/vhosts/domain.com/httpdocs/test/eicar.com.txt /var/www/vhosts/domain.com/httpdocs/test/eicar.com

Voila!

 img2.png

INFO  [2020-04-18 02:42:59,853] 
defence360agent.internals.the_sink: MalwareScan({'method': 
'MALWARE_SCAN', 'results': 
{'/home/imunify360test/public_html/test/eicar.com': 
{'group': 'imunify360test', 'uid': 1069, 'gid': 1075, 'owner': 
'imunify360test', 'size': 68, 'hits': 
[{'matches': 'SMW-SA-05057-eicar.tst-2', 'vendor': 'ai-bolit', 
'suspicious': False, 'timestamp': 1587166979}], 'hash': 
'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f'}}, 
'summary': {'total_files': 1, 'path': 
['/home/imunify360test/public_html/test/eicar.com'], 
'total_malicious': 1, 'users': ['imunify360test'], 'started': 
1587166978.9, 'by_vendor': {'ai-bolit': {'filesize': 
{'distribution_humanreadable': OrderedDict([('256 Bytes', 1)]), 
'distribution': OrderedDict([(8, 1)]), 'total': 68, 
'total_humanreadable': '68 Bytes'}, 'time': 0.1}}, 'error': None, 
'scanid': 'aedd6e6b-e6e5-495b-8804-40a047df2bdd', 'completed': 
1587166979, 'type': 'realtime'}})

INFO  [2020-04-18 02:42:59,861] 
defence360agent.internals.the_sink: 
HookEvent.MalwareScanningFinished({'total_files': 1, 'total_malicious': 
1, 'error': None, 'status': 'ok', 'path': 
['/home/imunify360test/public_html/test/eicar.com'], 'users': 
['imunify360test'], 'started': 1587166978.9, 'scan_params': {}, 
'scan_id': 'aedd6e6b-e6e5-495b-8804-40a047df2bdd'})

INFO  [2020-04-18 02:42:59,876] 
defence360agent.internals.the_sink: 
HookEvent.MalwareDetectedCritical({'total_files': 1, 
'total_malicious': 1, 'DUMP': [{'extra_data': {}, 'scan_type': 
'realtime', 'id': 2519, 'file': 
'/home/imunify360test/public_html/test/eicar.com', 'hash': 
'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f', 
'status': 'found', 'username': 'imunify360test', 'type': 
'SMW-SA-05057-eicar.tst-2', 'created': 1587166978, 'size': '68', 
'scan_id': 'aedd6e6b-e6e5-495b-8804-40a047df2bdd', 'malicious': True, 
'cleaned_at': None}], 'error': None, 'path': 
['/home/imunify360test/public_html/test/eicar.com'], 'users': 
['imunify360test'], 'started': 1587166978.9, 'scan_id': 
'aedd6e6b-e6e5-495b-8804-40a047df2bdd'})

Related articles

Comments

0 comments

Please sign in to leave a comment.