Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. Imunify Security Products
  3. How do I

How to enable e-mail alerts via hooks or notifications in ImunifyAV+

Vladislav Dagaev
  • Updated

Issue

How to enable e-mail notifications via hooks or notification subsystem in ImunifyAV+.

Environment

  • ImunifyAV+
  • cPanel
  • DirectAdmin

Solution

Note: hooks are deprecated. We recommend using notifications-config instead.

ImunifyAV/AV+ provides a hooks system configuration. Hooks can be configured via the separate UI “Notifications” tab in the Settings, or via the command-line interface (CLI).
https://docs.imunify360.com/imunifyav/#notifications

1. Create a simple script that will send email to your email box in a directory that Imunify has access to, for example, /etc/imunify360 or /home/myhook

Script for notification subsystem.

#!/bin/bash
data=$(cat)
event=$(jq -r '.event_id' <<< ${data})
case ${event} in
    CUSTOM_SCAN_MALWARE_FOUND)
      total_malicious=$(jq -r '.total_malicious' <<<${data})
      malicious_files=$(jq -r '.malicious_files[]' <<<${data})
      path=$(jq -r '.path' <<< ${data})
      echo "The path $path was scanned and there are $total_malicious malisious files were found: ${malicious_files}" | mail -s malware-detected-dda webmaster@domain.net
      ;;
    USER_SCAN_MALWARE_FOUND)
      total_malicious=$(jq -r '.total_malicious' <<<${data})
      malicious_files=$(jq -r '.malicious_files[]' <<<${data})
      path=$(jq -r '.path' <<< ${data})
      echo "The path $path was scanned and there are $total_malicious malisious files were found: ${malicious_files}" | mail -s malware-detected-dda webmaster@domain.net
      ;;
esac

Script for hooks subsystem

#!/bin/bash

data=$(cat)
event=$(jq -r '.event' <<< ${data})
subtype=$(jq -r '.subtype' <<< ${data})

case ${event} in
    malware-detected)
        case ${subtype} in
            critical)
            path=$(jq -r '.params.path' <<< ${data})
            total_malicious=$(jq -r '.params.total_malicious' <<< ${data})
            echo "The path $path was scanned and there are $total_malicious  malisious files were found"  | mail -s malware-detected-dda YOUR@EMAIL.HERE
            ;;
        esac
esac

 2. Add execution permission for your hook script

chmod +x /home/myhook

3. Add this path to the necessary hook, for instance: ImunifyAV+ >>Settings>>Notifications>>"User scan: malware detected".

/home/myhook

https://docs.imunify360.com/imunifyav/#notifications
4. Perform a restart of an imunify-notifier service:     

systemctl restart imunify-notifier

Related logs available in journald:

journalctl -u imunify-notifier

Please, do not create a script in /root folder.

Useful links

Comments

0 comments

Please sign in to leave a comment.

Related articles