This instruction will explain what steps are required if you receive a notification such as the following one:
Our system has detected infections that have been injected into a WordPress CMS Database
of a hosted site(s) on your server
Imunify360: Account(s) jdoe on server(s) server.example.com could be infected
Below you can find the information about an affected user(s) whose databases should be cleaned from malware:
192.168.246.90 / IP-12345-123456-abdDEFhi / server.example.com / jdoe
Any supported OS and control panel. For now, Malware Database Scanner (MDS) supports WordPress databases only.
If you receive this notification from our team, this means that some of the websites hosted on your server have database injections caught by our instruction detection system.
Enable MDS feature in Settings > Malware.
Check the list of users provided in the email and scan their accounts additionally.
Go to Imunify360 > Malware Scanner > Users.
Select the users listed in the email.
Click on the "Scan for malware" option.
Make sure to clean up the detected malicious file after this scan finishes if any and in case the "Default action detect" is set to "Just display in dashboard" In Malware Settings.
Access Imunify360 > Malware Scanner > Malicious, sort events by Type/Scan date to find the corresponding event, and check what exact database is infected.
Press on the broom icon to perform the cleanup:
Note that the infection is likely already cleaned if the corresponding option is selected in Imunify360 > Settings > Malware > Default action on detect.