Scanning result shows incorrect no: of files, and report mail not working on LMD 1.6.2 latest version

[amalpramesh]

LMD not sending report mail and scan result is incorrect, in this example mentioned below I have to scan only 3 files but the report shows incorrect no: of files. Please help me to send the report at least.

#ls -la
total 16
drwxr-xr-x   2 root root 4096 Aug 18 06:02 .
drw-r-----. 37 root root 4096 Aug 18 06:00 ..
-rw-r--r--   1 root root   68 Aug 18 06:01 eicar.com
-rw-r--r--   1 root root   68 Aug 18 06:02 eicar.com.txt
-rw-r--r--   1 root root    0 Aug 18 06:01 test.txt
#maldet -a  /root/test
Linux Malware Detect v1.6.2
            (C) 2002-2017, R-fx Networks <proj@rfxn.com>
            (C) 2017, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(1006188): {scan} signatures loaded: 15215 (12485 MD5 | 1951 HEX | 779 YARA | 0 USER)
maldet(1006188): {scan} building file list for /root/test, this might take awhile...
maldet(1006188): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(1006188): {scan} file list completed in 0s, found 2752 files...
maldet(1006188): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
maldet(1006188): {scan} scan of /root/test (2752 files) in progress...

maldet(1006188): {scan} scan completed on /root/test: files 2752, malware hits 0, cleaned hits 0, time 13s
maldet(1006188): {scan} scan report saved, to view run: maldet --report 170818-0602.1006188
#
#maldet --report 170818-0602.1006188 fabio.medeir@apalo.tk
Linux Malware Detect v1.6.2
            (C) 2002-2017, R-fx Networks <proj@rfxn.com>
            (C) 2017, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(1008264): {report} report ID 170818-0602.1006188 sent to fabio.medeir@apalo.tk
#
#cat /etc/redhat-release 
CloudLinux Server release 6.9 (Igor Volk)
#
#uname -a
Linux cpanel.testserver.tk 2.6.32-673.26.1.lve1.4.27.el6.x86_64 #1 SMP Sun May 7 19:22:54 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
#

But I can get correct result while using ClamAV

#
#pwd
/root/test
#
#clamscan -r /root/test
/root/test/eicar.com.txt: Eicar-Test-Signature FOUND
/root/test/eicar.com: Eicar-Test-Signature FOUND
/root/test/test.txt: Empty file

----------- SCAN SUMMARY -----------
Known viruses: 6321432
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 2
Infected files: 2
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 29.182 sec (0 m 29 s)
#

[rfxn]

The number of files is relative to scanning temporary paths, as default, with all scans. You can run a manual scan with the '-co' flag to set specific option values during that scan.

e.g: maldet -co scan_ignore_root=0,scan_tmpdir_paths="" -a /root/test/

This would generally provide the results you are expecting.

With relation to the e-mail issue, can you please check your exim_mainlog for your e-mail address and see if it ever hits the queue? It may be rejected due to local settings.

egrep fabio.medeir@apalo.tk /var/log/exim_mainlog

If that is still not the issue, please run the following and send the maldet.debug output to rfxnryan [at] gmail.com

bash -x maldet --report 170818-0602.1006188 fabio.medeir@apalo.tk 2> maldet.debug >> maldet.debug

Thanks

[amalpramesh]

Thanks for your reply.

maldet -co scan_ignore_root=0,scan_tmpdir_paths="" -a /root/test/ is worked.

And I also checked the exim_mainlog and it's seemed maldet mail sending hits are logged properly.

But still I'm not getting emails, and I have checked that debug log of maldet that was created by the shell debugging procedure that you are provided.

While going through the debug log I noticed that the "mail" command is used to sending emails and I have checked it with the server but It's not working, I mean the mail command is not able to send the email. But found that exim is able to send mail, there is any way to change the mailing agent from mail to exim. Please advise.

Thanks once again maldet is working fine.