Issue
Imunify malware scanner issue: 0 files scanned.
After the malware scanner completed its scans the status under the Total files equals zero under some user's account.
For example:
Environment
- Imunify360
- Malware Scanner
Solution
Situations when the issue might occur:
1. The issue with the low UID of affected account(s) for the Malware Scanner and Imunify360 in general. By default, the value for the UID_MIN on CentOS 6 is 500, on other OS it`s 1000. If the values are below, you will see this issue and all files for this account will be skipped during a check.
1.1. The issue can also be present if, for example, OS was migrated from CentOS 6 to 7 - UID for current users will be also moved or it was changed for some reason.
1.2. As a workaround, change UID_MIN from 1000 to 500 in this file:
/etc/login.defs
Note! It's not recommended to change a user ID with the usermod command. Such changes can affect your control panel and need to be checked further, for example, on cPanel it requires resetting permissions for the account.
2. The second possible issue can be related to excludes added to the Ignore List. In this case, such scans also will be skipped and show zero files:
COMPLETED CREATED DURATION ERROR PATH SCAN_STATUS SCAN_TYPE SCANID STARTED TOTAL TOTAL_FILES TOTAL_MALICIOUS
1 >>> 1627374595 1627374591 4 None /home/usertest/public_html/ stopped on-demand 0c1dcb40a3264a21ae07f9e03b4dfa88 1627374591 0 0 0
2 >>> 1627374552 1627374548 4 None /home/usertest/public_html/ stopped on-demand c62e241d6e1646d9aaf55e3ce01f4cd0 1627374548 4 4 0
2.1. Check the path showing zero files is not added to the Ignore Lists.
2.2. Ignore the list:
https://docs.imunify360.com/dashboard/#ignore-list
How to check it via CLI:
# imunify360-agent malware ignore list
2.3 Ignore pattern file:
/etc/sysconfig/imunify360/malware-filters-admin-conf/ignored.txt
If you see that this (or a different pattern) path is present there:
/home/*/public_html
Remove it and check the scan again, do not forget to perform the rebuild pattern command:
# imunify360-agent malware rebuild patterns
3. RapidDB corruption, can lead to abrupt aibolit scans and also result in 0 files scanned.
4. The application being scanned is not a WordPress application. The logic of how IM360 is connecting to a WordPress site is by reading its wp-config.php settings file. Thus, the zero 0 result is the expected one if the database being scanned does not belong to a WordPress application.
Comments
0 comments
Please sign in to leave a comment.