Question about email "A malware has been detected - Action Required"

Elizabeta

Well-Known Member
Mar 21, 2018
258
35
28
Mostar
cPanel Access Level
Root Administrator
Hello,

I have got an email "A malware has been detected - Action Required..."

Dear Administrator,
We want to make sure that you are aware of any security threat that your server is exposed to. With this message we are letting you know that a malware was found on your server(s):
  • ******o[.]com
    • Location: hXXp://*****[.]com/ (main page of the website)
Leaving malware files untreated puts your entire environment at risk and creates significant security threats.
We urge you to take action immediately.
· Option 1: Please make sure that server administrator(s) take appropriate actions to remove malware as soon as possible to mitigate security risks.
· Option 2: Upgrade from ImunifyAV to Imunify360. With the use of comprehensive security features, such as real-time malware protection and Malware Database Scanner (MDS) the server-wide risk that malware infections create will be mitigated in a fully automated way.
Should you have any questions, please reach out to our support team.
Faithfully,
Your Imunify360 Security Team
The system generated this notice on Tuesday, October 18, 2022 at 11:52:56 PM UTC.
“Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: https://************:2087/scripts2/editcontact?event=Applicatio
Do not reply to this automated message.

I have open WHM->Imunify->Scan All Users
Result is No malware found.

What this means?

Should I do anything on server with user for which the email came
although the scan result is "No malware found"

Best regards,
Elizabeta


 
Last edited by a moderator:

Elizabeta

Well-Known Member
Mar 21, 2018
258
35
28
Mostar
cPanel Access Level
Root Administrator
Hello,

One more question, my ImunifyAV is version 6.6.3-1,whether it is possible to set the default action to clean infected files? Now in Settings for ImunifyAV 6.6.3-1 I do not see that there is such possibility.

Best regards,
Elizabeta
 

rbairwell

Well-Known Member
May 28, 2022
98
42
18
Mansfield, Nottingham, UK
cPanel Access Level
Root Administrator
WordPress released version 6.0.3 as a security release on the 17th of October which Imunify appears to have picked up on before WordPress Toolkit etc did (so sites didn't have the chance to perform automatic updates). It's just an outdated installation (6.0.2) which, for some reason, has triggered Imunify.

Why it hasn't shown up in the Imunify WHM interface is another issue. I can see in /var/ log/ imunify360/console.log the messages, but nothing in WHM->Plugins->ImunifyAV->Malware Scanner->History or Malicious.

I've logged this as bug as cPanel request 94495883 so the devs are aware.
(also reported in New Thread - Imunify360 - Vulnerabilities found on your Server - Action Required: WordPress )
 

Elizabeta

Well-Known Member
Mar 21, 2018
258
35
28
Mostar
cPanel Access Level
Root Administrator
Hello,

Thank you very much for your answer.
Does this mean that one of my users has some problem even though Imunify after can result is "No malware found"..?


Or is everything just ok with my user (no malwares), everything is related to the latest version of WordPress? It is recommended to install then WordPress Toolkit?
WordPress Toolkit | cPanel & WHM Documentation

Best regards,
Elizabeta
 

rbairwell

Well-Known Member
May 28, 2022
98
42
18
Mansfield, Nottingham, UK
cPanel Access Level
Root Administrator
I just noticed that your notification was slightly different from the one I received " Vulnerabilities found on your Server - Action Required: WordPress .... We are reaching out to you to keep you informed on security threats. The list below shows vulnerable software that has been detected in your environment: " (I'm on cPanel 7.9.2009/imunifyAV 6.6.3-1)

However, since the scan is coming up clean, I'm reasonably confident that the site is okay, but feel free to check it via third party services such as WPSec , Sucuri or VirusTotal - and even Google Safe Browsing .

It's worth while to ensure WordPress is always as up to date as possible and the WordPress Toolkit included for free in cPanel/WHM does make things a lot easier.

ImunifyAV+ does have the ability to cleanup malicious files ( see ImunifyAV: Best Free Linux Server Antivirus ), but the free version included with cPanel (ImunifyAV) does NOT. To upgrade, follow the links in WHM's ImunifyAV panel. It'll give you the chance to buy Imunify360 for $45/pm to cover unlimited sites : however, it's only $25/pm for up to 30 users ($12 for single user) from Imunify directly (the unlimited price is the same). ImunifyAV+ is $6/pm per server (and whilst it looks like it can be order from within WHM, it doesn't work - so you'll have go to the Imunify website)

Hope it helps!
 

jigster

Member
May 17, 2007
21
2
153
I am getting exactly the same issue as the OP, same warning about one particular site then "No malware found" when I run a scan. What's annoying is that the email doesn't state anywhere what or where the 'detected malware' is. Not very useful and is just causing concern and extra work trying to figure out why this warning has been triggered. Cpanel folk, could you elaborate on what could be causing this warning? Thanks
 

jigster

Member
May 17, 2007
21
2
153
It's sent from cpanel ([email protected]), but the email is signed "Your Imunify360 Security Team". At the bottom it says “Imunify::Generic” notifications are currently configured to have an importance of “High” so I guess it's part of cpanel's notifications. The email is exactly the same as the one posted by the OP.
 

jigster

Member
May 17, 2007
21
2
153
It's not a wordpress site. Wordpress has never even been installed on the account/domain.
 

stormy

Well-Known Member
Nov 22, 2003
195
36
178
Spain
cPanel Access Level
Root Administrator
I'm having a similar problem. Malware is being reported on a site that doesn't have any malware (nor a WordPress install). Plus, the Imunify notifications don't appear in Contact Manager.
 

jigster

Member
May 17, 2007
21
2
153
After submitting a ticket to cPanel, the issue was the website simply had a reference to a domain which they considered suspicious (in this case just an example domain listed on the site). That caused the malware warning email, but doesn't show up on a malware scan. Confusing if you ask me - the email should give details of the what triggered the warning.