maldet will never send slack notifications in monitor mode.

[zelch]

If we are running in monitor mode, then the daily crontab will simply call 'maldet --monitor-report', this calls genalert in digest mode instead of file mode.

The scan function calls genalert in file mode, but that function doesn't get used by monitor mode.

The trap function calls genalert in file mode, but only if svc is a, r, or f, and for monitor mode it is m.

As such, though it is not documented as such, using monitor mode prevents all slack alerts from being generated.

Would a pull request to add slack notification support to record_hit be accepted? Alternatively, what about one to allow some form of custom command hooks for record_hit and genalert?