Support

Admin Tools

#28062 file scanner email

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 05 August 2017 17:17 CDT

Tuesday, 04 July 2017 16:37 CDT

ComputerCare Support
Hello,

We are running the php file scanner via CLI which works great, i've uploaded some shell samples and it picks them up 100%, we even found a few shells sitting there that we werent aware of.

How am I able to have this generate a security exception when a threat is detected only? At this stage i seem to only be able to send an email each scan which is not appropriate for us

Wednesday, 05 July 2017 02:03 CDT

tampe125
Hello,

What do you exactly need?
The email is sent so you can get the alert, while you can review the full history of scans from the PHP scan page.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 05 July 2017 17:05 CDT

ComputerCare Support
Hi Davide,

Thank you for your reply, We only want the emails to be sent when a threat is detected by the PHP scan page, say over a certain threshold. Much like the other modules with configurable alerts.

We are monitoring around 30 Joomla pages and do not want to be scanning through these reports manually.

Thanks

Thursday, 06 July 2017 01:28 CDT

nicholas
Technically speaking, the PHP File Change Scanner detects modified and added files. The Threat Score is merely a prioritization tool for manual inspection of these files, i.e. you should prioritize inspecting the files with a high Threat Score and you probably don't need to inspect the files with zero score.

Right now the email is sent to you with all the results, as they are generated. I took that decision thinking that in any other case you would not possibly know if the scanner found no change, it failed to run or a hacker compromised the file to do nothing when run. We can add a switch in the next version to prevent emails when there are zero added / modified / suspicious files but do keep in mind this caveat.

Finally, do note that you are also sent an email from your CRON daemon with the CLI output of the scanner script. This is something we have no control over. If you want to suppress that email append 
1> /dev/null
to your CRON command line. This tells the shell under which PHP runs to suppress standard output. If no system errors are generated you get no email. Of course in case of a system error you will get an email, something very useful to grab your attention when something's failing in the server.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 05 August 2017 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!