linux-malware-detect icon indicating copy to clipboard operation
linux-malware-detect copied to clipboard

Published 20 hours ago verified publisher icon rfxn

Maldet Not Sending Email Report

Open vwesisolak opened this issue 8 years ago • 6 comments

Hello,

I have maldet running on RHEL 6.8 and have found that despite configuring an email address and email_alert="1" it does not send a report. Maldet does not log sending the report (or any errors), nor is there a log of the attempt in maillog.

This is a duplicate of #156, which had been closed. I verified that the fixed mentioned there is in place. As noted in that ticket the --report option does send a mail.

--Eric

vwesisolak avatar Feb 01 '17 21:02 vwesisolak

Is there any hit events in the email? LMD will not send an email alert for scans that have no events.

rfxn avatar Feb 02 '17 15:02 rfxn

Ah, hmm. I think I read the email_ignore_clean option as sending even with 0 hits, but I see now that it clearly indicates cleaned hits.

In that case, It would be awesome to be able to configure sending a report for all scans, even with no hits.

vwesisolak avatar Feb 02 '17 15:02 vwesisolak

That should be fairly easy to accommodate. I will see about getting that into 1.6 release. Thanks for all your feedback and issues :)

rfxn avatar Feb 02 '17 16:02 rfxn

Any news on this subject ? I'm interested too

Mattoje avatar Jul 19 '17 12:07 Mattoje

Do we have an update 2024 here? Looks like maldet v1.6.5. still has this problem - when malware is detected (hit) via "inotify-tools" in monitoring mode and moved to quarantine no mails are sent, only notification in the log file is written - /usr/local/maldetect/logs/event_log with events like {hit}, {quar}, {clean}.

If maldet scanning is started manually [maldet --scan-all path-to-folder], then mails are sent properly in case of hit. And in the log file above no new message (event) is created.

Config in /usr/local/maldetect/conf.maldet: email_alert="1" email_ignore_clean="0" or email_ignore_clean="1" - does not play any role here, for both cases no emails are sent

Because such parameters above are about "reports", and log file is about "events" - maybe we have to configure somehow, that in case of "hit" some new report is generated and then mailing will start to work?

Related issue with some advice: #424

vkush avatar Apr 19 '24 16:04 vkush

Hi, I am facing the same problem with email notifications not working properly. Any info on possible workaround or solution?

Regards

ZocStorm avatar Sep 03 '24 09:09 ZocStorm