Command-Line Interface


CLI commands are available only for cPanel and DirectAdmin control panels. Plesk and ISPmanager CLI support is coming soon.

For access to ImunifyAV agent features from the command-line interface, use the following command:


Optional arguments:

-h, --help show this help message and exit
--console-log-level {ERROR,WARNING,INFO,DEBUG} level of logging input to the console

Basic usage:

imunify-antivirus [command] [--option1] [--option2]... 

Available commands:

start start the agent
add-sudouser add a user with root privileges
checkdb check database integrity
check-domains send domain list check
delete-sudouser remove a user with root privileges
doctor collect info about the system and send it to ImunifyAV
infected-domains returns infected domain list
register register the agent
rstatus send a query to server to the check if the license is valid
unregister unregister the agent
update update malware signatures
update-license force license update
version show version
feature-management manage ImunifyAV features available for users
malware malware-related operations


This command allows to run the agent.


imunify-antivirus start [--optional arguments]


This command adds a user with root privileges to the server.


imunify-antivirus add-sudouser <userID> [--optional arguments]


Checks database integrity. In case database is corrupt, then this command saves backup copy of the database at /var/imunifyav and tries to restore integrity of the original database.


If this command cannot restore database integrity, then it will destroy the original broken database.


imunify-antivirus checkdb [--optional arguments]


Allows to send domains list to check on ImunifyAV central server. This command requires cPanel. After domains checked, the results is available via the infected-domains command.


check-domains command may take a few minutes to complete.


imunify-antivirus check-domains [--optional arguments]

Optional arguments:

-h, --help show this help message
--json return data in JSON format
--verbose, -v allows to return data in good-looking view if option --json is used


This command removes a user with root privileges from the server.


imunify-antivirus delete-sudouser <userID> [--optional arguments]


This command collects information about ImunifyAV state, generates the report and sends it to the ImunifyAV Support Team. This command can be used in case of any troubles or issues with ImunifyAV. This command will generate a key to be sent to the ImunifyAV Support Team. With that key the ImunifyAV Support Team can help with any problem as fast as possible.


imunify-antivirus doctor [--optional arguments]


Allows to register and activate ImunifyAV. You can use it in case if ImunifyAV was not activated during installation process or in case if activation key of the ImunifyAV was changed for any reason. If you do not know what is an activation key or have any problem with it then, please, read Installation Guide or contact our support team.


imunify-antivirus register [--optional arguments] [KEY]

KEY is a positional argument:

KEY register with activation key (use IPL to register by IP)

If you will use this command without the KEY argument, then it will try to register and activate current activation key.

Example 1: The following command will register and activate Imunify360 with the provided activation key:

imunify-antivirus register IMAV250jjRRjowbjk56dGN

Example 2: If you have an IP-based license, you can use IPL argument to register and activate ImunifyAV:

imunify-antivirus register IPL


Allows to check if ImunifyAV server license is valid.


imunify-antivirus rstatus [--optional arguments]


Allows to unregister and disable ImunifyAV on the server.


imunify-antivirus unregister [--optional arguments]


This command allows updating ImunifyAV malware signatures.


imunify-antivirus update [--optional arguments] signatures


This command force updating the ImunifyAV license.


imunify-antivirus update-license [--optional arguments]


Allows to show the actual ImunifyAV version installed on the server.


imunify-antivirus version [--optional arguments]


Allows to manage ImunifyAV features available for users.


imunify-antivirus feature-management [command] [--optional argument]...

Command can be one of the following:

defaults show the default value for each feature that is applied for newly created user
disable disable a feature for some or all users
enable enable a feature for some or all users
get obtains the status of all available features for a USER
list list all available features

Optional argument for the enable/disable commands can be one of the following:

[--feature cleanup] enable/disable Malware Cleanup
[--feature proactive] enable/disable Proactive Defense
[--users [USERS [USERS ...]]] specifies the list of users which will be affected, otherwise the default value will be changed

The mandatory argument for the get command:

[--user USER] specifies a user name to obtain the status of features for


The following command enables malware cleanup feature for the user1:

imunify-antivirus feature-management enable --feature cleanup --users user1


Allows to manage malware-related operation.


imunify-antivirus malware [command] [--argument]...

command can be one of the following:

cleanup status show the status of the cleanup process
history list lists the complete history of all malware-related incidents/actions (optional arguments available)
ignore malware Ignore List operations
malicious malware Malicious List operations
on-demand on-demand Scanner operations
suspicious malware Suspicious List operations

The optional arguments are:

--order-by [ORDER_BY [ORDER_BY ...]] sorting order
--limit LIMIT limits the output; must be a number greater than zero (by default, equals 100)
--since SINCE start date
--offset OFFSET offset for pagination (by default, equals 0)
--user USER returns results for a chosen user
--by-status [BY_STATUS [BY_STATUS ...]] return items with selected status
--by-scan-id BY_SCAN_ID return items with selected ID
--items ITEMS return selected items
--to TO end date
--search SEARCH search query

action is the second positional argument for ignore and can be one of the following:

add add a file PATH to the Ignore List
delete delete a file PATH from the Ignore List
list shows Ignore List entries (optional arguments apply)

command2 is the second positional argument for the malicious command and can be one of the following:

cleanup clean up infected ITEMS for a USER
cleanup-all clean up all files that have been detected as infected for all users
restore-original restore the original (malicious/infected) file to its original location
delete delete malicious/infected files
list list malicious/infected files
move-to-ignore move a malicious list entry to the (malware) Ignore List
remove-from-list remove malicious/infected files from the Malicious List

action is the second positional argument for on-demand and can be one of the following:

list list all on-demand scans performed
start --path PATH starts an on-demand scan for a specified PATH
status show the on-demand malware scanner status
stop stop on-demand malware scanner process

The optional arguments for on-demand start are:

--ignore-mask IGNORE_MASK
--file-mask FILE_MASK
--intensity {low,moderate,high}

action is the second positional argument for suspicious and can be one of:

delete delete a Suspicious List entry
list obtain the list of Suspicious List entries
move-to-ignore move a Suspicious List entry to the (malware) Ignore List


  1. The following command starts on-demand scanner for the path specified after the start command:
imunify-antivirus malware on-demand start --path /home/<username>/public_html/


Allows to retrieve infected domains list.


imunify-antivirus infected-domains [-h] [--optional arguments]

Optional arguments for list:

--json Returns data in JSON format.
--limit Limits the output with the specified number of domains.
Must be a number greater than zero. By default, equals 100.
--offset Offset for pagination. By default, equals 0.
--verbose, -v Allows to return data in a good-looking view if option --json is used.


Hooks-related command description is available here