You can use a test malware file to check if it's properly detected by Imunify by the automatic scanning of the file uploaded via the web or FTP. Please note that you need to enable real-time scanning in Imunify360 then you can download an eicar file from https://www.eicar.org/?page_id=3950 and upload it to your server via the File Manager or using an FTP method.
Afterward, you may find the file detected by the scanner in the Imunify360 Dashboard >> Malware Scanner >> Files.
Otherwise, you can find the corresponding logs in the /var/log/imunify360/console.log:
INFO [2020-04-18 02:32:24,053]
defence360agent.internals.the_sink: MalwareScan({'method':
'MALWARE_SCAN', 'results':
{'/home/imunify360test/public_html/test/eicar.com.txt':
{'group': 'imunify360test', 'uid': 1069, 'gid': 1075, 'owner':
'imunify360test', 'size': 68, 'hits': [{'matches':
'SMW-SA-05057-eicar.tst-2', 'vendor': 'ai-bolit', 'suspicious':
False, 'timestamp': 1587166343}], 'hash':
'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f'}},
'summary': {'total_files': 1, 'path':
['/home/imunify360test/public_html/test/eicar.com.txt'],
'total_malicious': 1, 'users': ['imunify360test'],
'started': 1587166342.9, 'by_vendor': {'ai-bolit': {'filesize':
{'distribution_humanreadable': OrderedDict([('256 Bytes', 1)]),
'distribution': OrderedDict([(8, 1)]), 'total': 68,
'total_humanreadable': '68 Bytes'}, 'time': 0.1}}, 'error': None,
'scanid': '73d87778-7422-457d-ba72-ac00d16f8a93', 'completed':
1587166343, 'type': 'realtime'}})
INFO [2020-04-18 02:32:24,060]
defence360agent.internals.the_sink:
HookEvent.MalwareScanningFinished({'total_files': 1,
'total_malicious': 1, 'error': None, 'status': 'ok', 'path':
['/home/imunify360test/public_html/test/eicar.com.txt'], 'users':
['imunify360test'], 'started': 1587166342.9, 'scan_params': {},
'scan_id': '73d87778-7422-457d-ba72-ac00d16f8a93'})
INFO [2020-04-18 02:32:24,075]
defence360agent.internals.the_sink:
HookEvent.MalwareDetectedCritical({'total_files': 1,
'total_malicious': 1, 'DUMP': [{'extra_data': {}, 'scan_type':
'realtime', 'id': 2518, 'file':
'/home/imunify360test/public_html/test/eicar.com.txt',
'hash': '275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f',
'status': 'found', 'username': 'imunify360test', 'type':
'SMW-SA-05057-eicar.tst-2', 'created': 1587166342, 'size': '68',
'scan_id': '73d87778-7422-457d-ba72-ac00d16f8a93', 'malicious': True,
'cleaned_at': None}], 'error': None, 'path':
['/home/imunify360test/public_html/test/eicar.com.txt'], 'users':
['imunify360test'], 'started': 1587166342.9, 'scan_id':
'73d87778-7422-457d-ba72-ac00d16f8a93'})
Alternatively, you can upload the file via CLI and then modify it to check how modified malicious files are detected, e.g.:
-
wget http://www.eicar.org/download/eicar.com.txt -O /tmp/eicar.com.txt
-
scp /tmp/eicar.com.txt user@server_IP:/var/www/vhosts/domain.com/httpdocs
or
scp /tmp/eicar.com.txt user@server_IP:/home/USER/public_html
then
-
mv /home/USER/public_html/test/eicar.com.txt /home/USER/public_html/test/eicar.com
or
mv /var/www/vhosts/domain.com/httpdocs/test/eicar.com.txt /var/www/vhosts/domain.com/httpdocs/test/eicar.com
Voila!
INFO [2020-04-18 02:42:59,853]
defence360agent.internals.the_sink: MalwareScan({'method':
'MALWARE_SCAN', 'results':
{'/home/imunify360test/public_html/test/eicar.com':
{'group': 'imunify360test', 'uid': 1069, 'gid': 1075, 'owner':
'imunify360test', 'size': 68, 'hits':
[{'matches': 'SMW-SA-05057-eicar.tst-2', 'vendor': 'ai-bolit',
'suspicious': False, 'timestamp': 1587166979}], 'hash':
'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f'}},
'summary': {'total_files': 1, 'path':
['/home/imunify360test/public_html/test/eicar.com'],
'total_malicious': 1, 'users': ['imunify360test'], 'started':
1587166978.9, 'by_vendor': {'ai-bolit': {'filesize':
{'distribution_humanreadable': OrderedDict([('256 Bytes', 1)]),
'distribution': OrderedDict([(8, 1)]), 'total': 68,
'total_humanreadable': '68 Bytes'}, 'time': 0.1}}, 'error': None,
'scanid': 'aedd6e6b-e6e5-495b-8804-40a047df2bdd', 'completed':
1587166979, 'type': 'realtime'}})
INFO [2020-04-18 02:42:59,861]
defence360agent.internals.the_sink:
HookEvent.MalwareScanningFinished({'total_files': 1, 'total_malicious':
1, 'error': None, 'status': 'ok', 'path':
['/home/imunify360test/public_html/test/eicar.com'], 'users':
['imunify360test'], 'started': 1587166978.9, 'scan_params': {},
'scan_id': 'aedd6e6b-e6e5-495b-8804-40a047df2bdd'})
INFO [2020-04-18 02:42:59,876]
defence360agent.internals.the_sink:
HookEvent.MalwareDetectedCritical({'total_files': 1,
'total_malicious': 1, 'DUMP': [{'extra_data': {}, 'scan_type':
'realtime', 'id': 2519, 'file':
'/home/imunify360test/public_html/test/eicar.com', 'hash':
'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f',
'status': 'found', 'username': 'imunify360test', 'type':
'SMW-SA-05057-eicar.tst-2', 'created': 1587166978, 'size': '68',
'scan_id': 'aedd6e6b-e6e5-495b-8804-40a047df2bdd', 'malicious': True,
'cleaned_at': None}], 'error': None, 'path':
['/home/imunify360test/public_html/test/eicar.com'], 'users':
['imunify360test'], 'started': 1587166978.9, 'scan_id':
'aedd6e6b-e6e5-495b-8804-40a047df2bdd'})
Comments
0 comments
Please sign in to leave a comment.