Just to confirm that works!
Many thanks for you reply.
-
Hello,
We have a CLI argument `--by-scan-id BY_SCAN_ID` for getting scan results by scan ID: https://docs.imunify360.com/imunifyav/cli/#malware
Here is from my lab server, uploaded a test file:
HTML Code:~]# imunify360-agent malware on-demand list --json | jq '.items' [ { "total_resources": 14, "path": "/home/idtest", "scanid": "72552b2b54e64195a47ff1e186447811", "started": 1709114233, "completed": 1709114243, "error": null, "total_malicious": 1, "scan_type": "user", "resource_type": "file", "scan_status": "stopped", "duration": 10, "total": 14, "created": 1709114233 }, ------------------------------------------------------------------- ~]# imunify360-agent malware malicious list --by-scan-id 72552b2b54e64195a47ff1e186447811 --json | jq '.items' [ { "id": 2, "username": "idtest", "file": "/home/idtest/public_html/id-test.com/test-scan/testing.php", "created": 1709114233, "scan_id": "72552b2b54e64195a47ff1e186447811", "scan_type": "user", "resource_type": "file", "type": "SMW-BLKH-SA-CLOUDAV-eicar.tst-05057-2", "hash": "131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac7 3ae63ffbdfd8267", "size": "69", "malicious": true, "status": "found", "cleaned_at": null, "extra_data": {}, "db_name": null, "app_name": null, "db_host": null, "db_port": null } ]Leave a comment:
-
Listing malicious files by scanid
I'm using the free Imunify version and have been looking for a way to list malicious files for an individual scan. I haven't configured any users (all domains on the server are owned by the same user) and I'm simply scanning paths.
To illustrate, this is one of the scans:
As far as I can tell it's not possible to list files by scanid. The only option seems to be to use the "started" and "completed" dates; I can use the timestamps to limit the output of [CODE][malware history list/CODE] to the files I'm interested in:Code:# imunify-antivirus malware on-demand list --json | jq '.items' [ { "total_resources": 13767, "path": "/var/www/example.com/public_html/", "scanid": "f51850a361484eca919a0dcd0314cc2c", "started": 1709035139, "completed": 1709035156, "error": null, "total_malicious": 97, "scan_type": "on-demand", "resource_type": "file", "scan_status": "stopped", "duration": 17, "total": 13767, "created": 1709035139 } ]
As an aside, the reason I add a second to the "completed" timestamp is that 84 of the 97 malicious files have 1709035157 as the "ctime" value in the output of [CODE][malware history list/CODE]. That's one second after the "completed" timestamp (so it looks like the "completed" timestamp is wrong, maybe because of a rounding error?):Code:# ts_start=$(imunify-antivirus malware on-demand list --json | jq '.items[] | select(.scanid == "f51850a361484eca919a0dcd0314cc2c").started') # ts_end=$(imunify-antivirus malware on-demand list --json | jq '.items[] | select(.scanid == "f51850a361484eca919a0dcd0314cc2c").completed') # ts_end=$((ts_end+1)) # imunify-antivirus malware history list --limit 1000 --json | jq '.items[]'
In any case, I suspect there is an easier way to get malicious files for a particular scan? Is there a way to list malicious files by scanid?Code:# imunify-antivirus malware history list --limit 1000 --json | jq '.items[] | select(.ctime == 1709035157).id' | wc -l 84
Leave a comment: