Question about email "A malware has been detected - Action Required"

[cPRex]

It looks like this actually was escalated to CloudLinux because it was an Imunify issue and they replied with this:

This is to let you know that we have heard from the malware analysts team, and it's been advised that absolute-email.net was flagged due to the blacklisted domain yourbusiness.com being present in the dummy text on the site, as per the screenshot below:

so that seems like a good resolution. Is that not what you expected? I don't see a reply after that on the ticket, so I'm wondering if you didn't receive that.

 

[stormy]

If I may chime in, how come these emails mention that they can be turned off in WHM's Contact Manager, but they're nowhere to be found?

 

[cPRex]

@stormy - you're not wrong, it doesn't exist there at all! There's been a bit of back and forth on where that notification should be adjusted as Imunify updates the plugin for WHM. Currently, you can adjust it directly in WHM >> ImunifyAV. I've let our team know about this through an internal case and I'll be sure to report back if I here more details.

 

[stormy]

Thanks @cPRex but I don't see that option. I don't have the paid version of Imunify, and the free one doesn't have any email notification settings.

 

[jigster]

@cPRex Thanks for the update, yes I did see the reply I just completely forgot to reply to the ticket! I was happy with the answer I received, I was just commenting that the warning email that is received should state what the problem is because it is very disconcerting to receive a notice that malware is on your website, then when you do a scan it shows there is no malware. In this case some dummy text on the website is not what I would consider malware, so I worried over nothing.

 

[cPRex]

@stormy - near the top right, you'll want to click the gear wheel:



Then you'll see the notifications area:

 

[stormy]

Yes, but there's no email notifications in the notifications area. Not on the regular Imunify, that's a Imunify360 feature. All I have available there is the possibility of running a script.

 

[cPRex]

It's just not very clear - all of those options are email notifications.

 

[stormy]

No they are not! I can't enable or disable anything. And there's nothing related to the notification that we are talking about.

 

[cPRex]

Can you make a ticket with our team?

 

[stormy]

@cPRex I think you are mistaking the versions. Imunify360 does have email fields in that same screen, as described here:

Features

To use external files with the list of Black/White IPs, place this list into the following directory:

docs.imunify360.com

The regular Imunify doesn't (checked on multiple servers, by the way).

And also, none of this correspond with the “Imunify::Generic” notifications.

Furthermore, these scans are not requested by us, nor scheduled. It's something that Imunify does of its own accord, apparently to publicise Imunify360. That's why I need to turn it off. I don't need it and it's a false positive.

If you still think I should open a ticket, I will, of course.

 

[cPRex]

Nothing will correspond with "Imunify::Generic" as that wording doesn't match anything. But, from what I can find, the very last option on the page of "User Scan: Malware Detected" is supposed to control that email option. If that isn't happening, we'd need a ticket.

 

[stormy]

Nothing will correspond with "Imunify::Generic" as that wording doesn't match anything.

That text is taken verbatim from the cPanel email that's in the opening of the thread.

Imunify, in its free version, doesn't have any email options. I will open a ticket, maybe it's easier, but the correct reply to that ticket is "Sorry, the free version of Imunify doesn't have any email options".

 

[stormy]

Today I got another one of these "A malware has been detected - Action Required" email alerts from cPanel.

Here's footer from the cPanel email alert:

“Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: hostnameedited-:2087/scripts2/editcontact?event=Application

I also got a "Vulnerabilities found on your Server - Action Required" with the same footer.

As I said, I never enabled these notifications, and they are not in Contact Manager. It seems to be a similar case to Nowhere to disable WPT notifications?

 

[cPRex]

Right, there is no way to do that from Contact Manager.

 

[stormy]

So will a case be opened for this bug?

 

[cPRex]

On Tuesday I said this:

"I've let our team know about this through an internal case and I'll be sure to report back if I here more details."

Since it's a case between us and Imunify I don't have a number to share publicly that you can follow, but I'll be sure to post updates if I hear more.