How to delete the scan results in Imunify360’s database

Issue

Sometimes, you may need to delete some or all users’ scan results from the Malware History Tab. It is currently posisble to achieve this using CLI.

Environment

• Imunify360
• Any supported OS

Solution

To clean the the results of Imunify360 scans, it is required:

1. To find the IDs of the events with the below command:

imunify360-agent malware malicious list --limit 9999

Also the entries to clean (IDs) can be filter by user, for example as per:

imunify360-agent malware malicious list --user user1

2. All the Malware hits can be removed with:

for i in $(imunify360-agent malware malicious list --limit 9999 | awk '{ print $10 }' | grep -v ID); do imunify360-agent malware malicious remove-from-list $i; done

While a particular events related to a user can be removed with:

for i in $(imunify360-agent malware malicious list --user user1 | awk '{ print $10 }' | grep -v ID); do imunify360-agent malware malicious remove-from-list $i; done 

There are also --by-status and --by-scan-id filters that can help with more granular cleaning.

Worth mentioning that the Database with Incidents and Malware hits is automatically cleaned of entries older than 30 days.

Cause

Unfortunately there is currently no way to delete the entries from the UI Tab.

Useful links

• https://cloudlinux.zendesk.com/hc/en-us/articles/360014490279--Imunify-agent-is-not-running-troubleshooting
• https://docs.imunify360.com/faq_and_known_issues/#_13-how-to-delete-malware-scan-results-from-imunify360-s-database