Tweet
Hello all
Since i could not find any option to notify admins when an infection occurs, i have modified this script to do the job
I have tested it by uploading infected files with ftp and cpanel file editor and it seems OK
It sends email to cpanel contact emails with infection path and infection type
This is the first beta , it has many improve potentials
Feel free to test
cd
mkdir hooks
cd hooks
vi hooks.php
### php begins###
#!/usr/local/bin/php -q
<?php
$hostname = gethostname();
stream_set_blocking(STDIN, 0);
$stdin = fopen(php://stdin, r);
$data = stream_get_contents($stdin);
$json = json_decode(trim($data), true);
$output = null;
switch ($json[event]) {
case malware-detected:
$subtype = $json[subtype];
$total_malicious = $json[params][total_malicious];
$report = json_decode(file_get_contents($json[params][tmp_filename]), true);
$by_users = array();
foreach ($report as $entry) {
if (!isset($by_users[$entry[username]]))
{
$by_users[$entry[username]] = array();
}
$by_users[$entry[username]][] = $entry;
}
foreach ($by_users as $user => $user_row)
{
$output.=date(Ymd H:i:s)."
"."Subtype:".$subtype."
";
$output.=User .$user. has .count($user_row). infections;
foreach ($user_row as $fkey => $user_row_item)
{
$output.="
".$user_row_item[file]. .$user_row_item[type]. .$user_row_item[scan_type];
}
$output.="
";
}
break;
}
if($output)
{
$subject = "Imunify on ".$hostname. (Infections:.$total_malicious.);
$recipient = root;
$headers="From: ".$hostname."<root@".$hostname.">
X-Mailer: PHP
Content-type: text/plain; charset=UTF-8";
mail($recipient, $subject, $output, $headers);
}
?>
####php end###
chmod 700 hooks.php
imunify360-agent hook add --event malware-detected --path /root/hooks/hooks.php
Since i could not find any option to notify admins when an infection occurs, i have modified this script to do the job
I have tested it by uploading infected files with ftp and cpanel file editor and it seems OK
It sends email to cpanel contact emails with infection path and infection type
This is the first beta , it has many improve potentials
Feel free to test
cd
mkdir hooks
cd hooks
vi hooks.php
### php begins###
#!/usr/local/bin/php -q
<?php
$hostname = gethostname();
stream_set_blocking(STDIN, 0);
$stdin = fopen(php://stdin, r);
$data = stream_get_contents($stdin);
$json = json_decode(trim($data), true);
$output = null;
switch ($json[event]) {
case malware-detected:
$subtype = $json[subtype];
$total_malicious = $json[params][total_malicious];
$report = json_decode(file_get_contents($json[params][tmp_filename]), true);
$by_users = array();
foreach ($report as $entry) {
if (!isset($by_users[$entry[username]]))
{
$by_users[$entry[username]] = array();
}
$by_users[$entry[username]][] = $entry;
}
foreach ($by_users as $user => $user_row)
{
$output.=date(Ymd H:i:s)."
"."Subtype:".$subtype."
";
$output.=User .$user. has .count($user_row). infections;
foreach ($user_row as $fkey => $user_row_item)
{
$output.="
".$user_row_item[file]. .$user_row_item[type]. .$user_row_item[scan_type];
}
$output.="
";
}
break;
}
if($output)
{
$subject = "Imunify on ".$hostname. (Infections:.$total_malicious.);
$recipient = root;
$headers="From: ".$hostname."<root@".$hostname.">
X-Mailer: PHP
Content-type: text/plain; charset=UTF-8";
mail($recipient, $subject, $output, $headers);
}
?>
####php end###
chmod 700 hooks.php
imunify360-agent hook add --event malware-detected --path /root/hooks/hooks.php
Comment