Tweet
I'm using the free Imunify version and have been looking for a way to list malicious files for an individual scan. I haven't configured any users (all domains on the server are owned by the same user) and I'm simply scanning paths.
To illustrate, this is one of the scans:
As far as I can tell it's not possible to list files by scanid. The only option seems to be to use the "started" and "completed" dates; I can use the timestamps to limit the output of [CODE][malware history list/CODE] to the files I'm interested in:
As an aside, the reason I add a second to the "completed" timestamp is that 84 of the 97 malicious files have 1709035157 as the "ctime" value in the output of [CODE][malware history list/CODE]. That's one second after the "completed" timestamp (so it looks like the "completed" timestamp is wrong, maybe because of a rounding error?):
In any case, I suspect there is an easier way to get malicious files for a particular scan? Is there a way to list malicious files by scanid?
To illustrate, this is one of the scans:
Code:
# imunify-antivirus malware on-demand list --json | jq '.items'
[
{
"total_resources": 13767,
"path": "/var/www/example.com/public_html/",
"scanid": "f51850a361484eca919a0dcd0314cc2c",
"started": 1709035139,
"completed": 1709035156,
"error": null,
"total_malicious": 97,
"scan_type": "on-demand",
"resource_type": "file",
"scan_status": "stopped",
"duration": 17,
"total": 13767,
"created": 1709035139
}
]
Code:
# ts_start=$(imunify-antivirus malware on-demand list --json | jq '.items[] | select(.scanid == "f51850a361484eca919a0dcd0314cc2c").started') # ts_end=$(imunify-antivirus malware on-demand list --json | jq '.items[] | select(.scanid == "f51850a361484eca919a0dcd0314cc2c").completed') # ts_end=$((ts_end+1)) # imunify-antivirus malware history list --limit 1000 --json | jq '.items[]'
Code:
# imunify-antivirus malware history list --limit 1000 --json | jq '.items[] | select(.ctime == 1709035157).id' | wc -l 84
Comment