Command-Line Interface

Description

ImunifyAV(+) command-line interface (CLI) makes working with ImunifyAV(+) basics and features from your terminal even simpler.

Note

CLI commands are available only for cPanel and DirectAdmin control panels. Plesk and ISPmanager CLI support is coming soon.

Usage

For access to the ImunifyAV agent features from the command-line interface, use the following command:

imunify-antivirus

Basic usage:

imunify-antivirus [command] [--option1] [--option2]... 

Options

The following options are available for all commands.

-h, --help show this help message and exit
--console-log-level {ERROR,WARNING,INFO,DEBUG} level of logging input to the console
--json returns data in JSON format
--verbose, -v allows to return data in good-looking view if option --json is used

Examples

  1. This command allows to show help for the start command:
    imunify-antivirus start [-h]
    

Available commands:

add-sudouser add a user with root privileges
checkdb check database integrity
check-domains send domain list check
config update update configuration file via CLI
delete-sudouser remove a user with root privileges
doctor collect info about the system and send it to ImunifyAV(+)
infected-domains returns infected domain list
feature-management manage ImunifyAV(+) features available for users
hooks hooks-related operations
malware malware-related operations
register register the agent
rstatus send a query to server to the check if the license is valid
start start the agent
unregister unregister the agent
update update malware signatures
update-license force license update
version show version

Add-sudouser

This command adds a user with root privileges to the server.

Usage:

imunify-antivirus add-sudouser <userID> [--optional arguments]

Example:

This command adds the user 11XXX111 with root privileges to the server:

imunify-antivirus add-sudouser 11XXX111

Checkdb

Checks database integrity. In case database is corrupt, then this command saves backup copy of the database at /var/imunifyav and tries to restore integrity of the original database.

Note

If this command cannot restore database integrity, then it will destroy the original broken database.

Usage:

imunify-antivirus checkdb [--optional arguments]

Example:

The following command checks the database integrity:

imunify-antivirus checkdb

Check-domains

Allows to send domains list to check on ImunifyAV central server. This command requires cPanel. After domains checked, the results is available via the infected-domains command.

Note

check-domains command may take a few minutes to complete.

Usage:

imunify-antivirus check-domains [--optional arguments]

Example:

The following command sends the domains list for a check to the Imunify central server:

imunify-antivirus check-domains

Config update

Allows to update configuration file via CLI.

Usage:

imunify-antivirus config update [configuration options]

You can find instructions on how to apply configuration changes from CLI here and configuration options can be taken from the /etc/sysconfig/imunify360/imunify360.config file.

Example:

Set the MALWARE_SCAN_INTENSITY.cpu = 5 configuration option from a command line:

imunify-antivirus config update ‘{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}’

Delete-sudouser

This command removes a user with root privileges from the server.

Usage:

imunify-antivirus delete-sudouser <userID> [--optional arguments]

Example:

The following command removes the user 11XXX111 with root privileges from the server.

imunify-antivirus delete-sudouser 11XXX111

Doctor

This command collects information about ImunifyAV state, generates the report and sends it to the ImunifyAV Support Team. This command can be used in case of any troubles or issues with ImunifyAV. This command will generate a key to be sent to the ImunifyAV Support Team. With that key the ImunifyAV Support Team can help with any problem as fast as possible.

Usage:

imunify-antivirus doctor [--optional arguments]

Infected-domains

Allows to retrieve infected domains list.

Usage:

imunify-antivirus infected-domains [-h] [--optional arguments]

Optional arguments for list:

--limit Limits the output with the specified number of domains.
Must be a number greater than zero. By default, equals 100.
--offset Offset for pagination. By default, equals 0.

Example:

The following command displays the results of the check-domains command:

imunify-antivirus infected-domains

Feature-management

Allows to manage ImunifyAV features available for users.

Usage:

imunify-antivirus feature-management [command] [--optional argument]...

Command can be one of the following:

defaults show the default value for each feature that is applied for newly created user
disable disable a feature for some or all users
enable enable a feature for some or all users
get obtains the status of all available features for a USER
list list all available features

Optional argument for the enable/disable commands can be one of the following:

[--feature av] enable/disable Malware Cleanup
[--feature proactive] enable/disable Proactive Defense
[--users [USERS [USERS ...]]] specifies the list of users which will be affected, otherwise the default value will be changed

The mandatory argument for the get command:

[--user USER] specifies a user name to obtain the status of features for

Example:

The following command enables malware cleanup feature for the user1:

imunify-antivirus feature-management enable --feature av --users user1

Hooks

You can read more about hooks here.

This command allows to manage hooks.

Usage:

imunify-antivirus hook [command] --event [event_name|all] [--path </path/to/hook_script>]

command can be one of the following:

add register a new event handler
delete unregister existing event handler
list show existing event handlers
add-native register a new native event handler
--event [event_name|all] defines a particular event that invokes
a registered handler as opposed to all keyword
--path </path/to/hook_script> shall contain a valid path to a handler of the event,
it shall be any executable or Python Native event handlers
that agent will run upon a registered event

Example:

The following command shows existing event handlers:

imunify-antivirus hook list

Malware

Allows to manage malware options.

Usage:

imunify-antivirus malware [command] [--optional arguments]

Available commands:

ignore malware Ignore List operations
malicious malware Malicious List operations
on-demand on-demand Scanner operations
suspicious malware Suspicious List operations
cleanup status show the status of the cleanup process
history list lists the complete history of all malware-related incidents/actions (optional arguments available)
rebuild patterns allows to save changes after editing watched and excluded patterns for Malware Scanner. See details here.
user allows to perform Malware Scanner operations for a user

Optional arguments:

--limit LIMIT Limits the output with the specified number of domains.
Must be a number greater than zero. By default, equals 100.
--offset OFFSET Offset for pagination. By default, equals 0.
--since SINCE Start date.
--to TO End date.
--user USER Returns results for a chosen user.
--order-by [ORDER_BY [ORDER_BY ...]] Sorting order.
--by-status [BY_STATUS [BY_STATUS ...]] Return items with selected status.
--by-scan-id BY_SCAN_ID Return items with selected ID.
--items ITEMS Return selected items.
--search SEARCH Search query.

action is the second positional argument for ignore and can be one of the following:

add add file PATHS to the Ignore List
delete delete file PATHS from the Ignore List
list shows Ignore List entries (optional arguments apply)

where PATHS are the absolute paths to files or folders divided by a whitespace.

command2 is the second positional argument for the malicious command and can be one of the following:

cleanup clean up infected ITEMS for a USER
cleanup-all clean up all files that have been detected as infected for all users
restore-original restore the original (malicious/infected) file to its original location
delete delete malicious/infected files
list list malicious/infected files
move-to-ignore move a Malicious List entry to the (malware) Ignore List
remove-from-list remove malicious/infected files from the Malicious List
restore-from-backup restore a clean version of infected file from backup

action is the second positional argument for on-demand and can be one of the following:

list list all on-demand scans performed
start --path PATH starts an on-demand scan for a specified PATH
status show the on-demand malware scanner status
stop stop on-demand malware scanner process
queue put put file PATHS to the queue for on-demand scan
queue remove remove scans from the queue for on-demand scan

The optional arguments for on-demand start and on-demand queue put are:

--ignore-mask IGNORE_MASK
--follow-symlinks
--no-follow-symlinks
--file-mask FILE_MASK
--intensity-cpu {1 to 7} 1 means the lowest intensity, 7 means the highest intensity
--intensity-io {1 to 7} 1 means the lowest intensity, 7 means the highest intensity

action is the second positional argument for suspicious and can be one of:

delete delete a Suspicious List entry
list obtain the list of Suspicious List entries
move-to-ignore move a Suspicious List entry to the (malware) Ignore List

action is the second positional argument for user and can be one of the following:

cleanup USER clean all infected files for a user
restore-original USER restore all original files for a user
list list all users and their current infection status
scan scan all users

Examples

  1. The following command starts on-demand scanner for the path specified after the start command:
imunify-antivirus malware on-demand start --path /home/<username>/public_html/
  1. The following command shows the example of the ignore-mask usage when you have to scan all d* folders except for the dixon77w.com and dunnrrr.com:
imunify-antivirus malware on-demand start --path='/var/www/vhosts/d*' --ignore-mask='/var/www/vhosts/dixon77w.com/*,/var/www/vhosts/dunnrrr.com/*'
  1. The following command adds on-demand scans for the selected path(s) to the scan queue
imunify-antivirus malware on-demand queue put "/home/user1/some folder" "/home/user2" --file-mask="*.php"
  1. The following command removes the selected scans from the scan queue
imunify-antivirus malware on-demand list        # get scan_ids for the selected scans from the malicious list
imunify-antivirus malware on-demand queue remove 84f043211dc045ae8e6d641f3b9fdb0a 8c4ee39d4d8f43e296e893940c8e791a
  1. The following command stops the on-demand Malware Scanner process
imunify-antivirus malware on-demand stop
  1. The following command stops the on-demand Malware Scanner process and clears the scan queue
imunify-antivirus malware on-demand stop --all
  1. The following command shows how to get an extended list of malicious files for a particular user. By default, a limit value equals to 50
imunify-antivirus malware malicious list --user cltest --limit 500
  1. The following command adds the specified path to the Ignore List
imunify-antivirus malware ignore add /home/user1/public_html/ "/home/some user/public_html/index.php"
  1. The following command lists all users and their current infection status
imunify-antivirus malware user list

Register

Allows to register and activate ImunifyAV. You can use it in case if ImunifyAV was not activated during installation process or in case if activation key of the ImunifyAV was changed for any reason. If you do not know what is an activation key or have any problem with it then, please, read Installation Guide or contact our support team.

Usage:

imunify-antivirus register [--optional arguments] [KEY]

KEY is a positional argument:

KEY register with activation key (use IPL to register by IP)

If you will use this command without the KEY argument, then it will try to register and activate current activation key.

Example 1: The following command will register and activate Imunify360 with the provided activation key:

imunify-antivirus register IMAV250jjRRjowbjk56dGN

Example 2: If you have an IP-based license, you can use IPL argument to register and activate ImunifyAV:

imunify-antivirus register IPL

Rstatus

Allows to check if ImunifyAV server license is valid.

Usage:

imunify-antivirus rstatus [--optional arguments]

Start

This command allows to run the agent.

Usage:

imunify-antivirus start [--optional arguments]

Unregister

Allows to unregister and disable ImunifyAV on the server.

Usage:

imunify-antivirus unregister [--optional arguments]

Update

This command allows updating ImunifyAV malware signatures.

Usage:

imunify-antivirus update [--optional arguments] signatures

Update-license

This command force updating the ImunifyAV license.

Usage:

imunify-antivirus update-license [--optional arguments]

Version

Allows to show the actual ImunifyAV version installed on the server.

Usage:

imunify-antivirus version [--optional arguments]

How to apply changes from CLI

In order to apply changes via command-line interface (CLI), you can use the following command:

imunify-antivirus config update '{"SECTION": {"parameter": value}}'

For example, if you want to set MALWARE_SCAN_INTENSITY.cpu = 5 from a command line, then you should execute the following command:

imunify-antivirus config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}'
imunify-antivirus config update '{"MALWARE_SCANNING": {"rapid_scan": true}}'

It is also possible to apply several parameters at once.

For example:

imunify-antivirus config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5, "io": 7}}'