search

rfxn / linux-malware-detect

Linux Malware Detection (LMD)
http://www.rfxn.com/projects/linux-malware-detect/
GNU General Public License v2.0
1.19k stars 232 forks source link

Maldet Not Sending Email Report #192

Open vwesisolak opened 7 years ago

vwesisolak commented 7 years ago

Hello,

I have maldet running on RHEL 6.8 and have found that despite configuring an email address and email_alert="1" it does not send a report. Maldet does not log sending the report (or any errors), nor is there a log of the attempt in maillog.

This is a duplicate of #156, which had been closed. I verified that the fixed mentioned there is in place. As noted in that ticket the --report option does send a mail.

--Eric

rfxn commented 7 years ago

Is there any hit events in the email? LMD will not send an email alert for scans that have no events.

vwesisolak commented 7 years ago

Ah, hmm. I think I read the email_ignore_clean option as sending even with 0 hits, but I see now that it clearly indicates cleaned hits.

In that case, It would be awesome to be able to configure sending a report for all scans, even with no hits.

rfxn commented 7 years ago

That should be fairly easy to accommodate. I will see about getting that into 1.6 release. Thanks for all your feedback and issues :)

Mattoje commented 7 years ago

Any news on this subject ? I'm interested too

vkush commented 6 months ago

Do we have an update 2024 here? Looks like maldet v1.6.5. still has this problem - when malware is detected (hit) via "inotify-tools" in monitoring mode and moved to quarantine no mails are sent, only notification in the log file is written - /usr/local/maldetect/logs/event_log with events like {hit}, {quar}, {clean}.

If maldet scanning is started manually [maldet --scan-all path-to-folder], then mails are sent properly in case of hit. And in the log file above no new message (event) is created.

Config in /usr/local/maldetect/conf.maldet: email_alert="1" email_ignore_clean="0" or email_ignore_clean="1" - does not play any role here, for both cases no emails are sent

Because such parameters above are about "reports", and log file is about "events" - maybe we have to configure somehow, that in case of "hit" some new report is generated and then mailing will start to work?

Related issue with some advice: #424

ZocStorm commented 1 month ago

Hi, I am facing the same problem with email notifications not working properly. Any info on possible workaround or solution?

Regards