Documentation Command-Line Interface
Description
ImunifyAV(+) command-line interface (CLI) makes working with ImunifyAV(+) basics and features from your terminal even simpler.
Note
CLI commands are available only for cPanel and DirectAdmin control panels. Plesk and ISPmanager CLI support is coming soon.
Usage
For access to the ImunifyAV agent features from the command-line interface, use the following command:
imunify-antivirus
Basic usage:
imunify-antivirus [command] [--option1] [--option2]...
Options
The following options are available for all commands.
-h, --help | show this help message and exit |
--console-log-level {ERROR,WARNING,INFO,DEBUG} | level of logging input to the console |
--json | returns data in JSON format |
--verbose, -v | allows to return data in good-looking view if option --json is used |
Examples
- This command allows to show help for the
startcommand:imunify-antivirus start [-h]
Available commands:
add-sudouser | add a user with root privileges |
checkdb | check database integrity |
check-domains | send domain list check |
config update | update configuration file via CLI |
delete-sudouser | remove a user with root privileges |
doctor | collect info about the system and send it to ImunifyAV(+) |
infected-domains | returns infected domain list |
feature-management | manage ImunifyAV(+) features available for users |
hooks | hooks-related operations |
malware | malware-related operations |
register | register the agent |
rstatus | send a query to server to the check if the license is valid |
start | start the agent |
unregister | unregister the agent |
update | update malware signatures |
update-license | force license update |
version | show version |
Add-sudouser
This command adds a user with root privileges to the server.
Usage:
imunify-antivirus add-sudouser <userID> [--optional arguments]
Example:
This command adds the user 11XXX111 with root privileges to the server:
imunify-antivirus add-sudouser 11XXX111
Checkdb
Checks database integrity. In case database is corrupt, then this command saves backup copy of the database at /var/imunifyav and tries to restore integrity of the original database.
Note
If this command cannot restore database integrity, then it will destroy the original broken database.
Usage:
imunify-antivirus checkdb [--optional arguments]
Example:
The following command checks the database integrity:
imunify-antivirus checkdb
Check-domains
Allows to send domains list to check on ImunifyAV central server. This command requires cPanel. After domains checked, the results is available via the infected-domains command.
Note
check-domains command may take a few minutes to complete.
Usage:
imunify-antivirus check-domains [--optional arguments]
Example:
The following command sends the domains list for a check to the Imunify central server:
imunify-antivirus check-domains
Config update
Allows to update configuration file via CLI.
Usage:
imunify-antivirus config update [configuration options]
You can find instructions on how to apply configuration changes from CLI here and configuration options can be taken from the /etc/sysconfig/imunify360/imunify360.config file.
Example:
Set the MALWARE_SCAN_INTENSITY.cpu = 5 configuration option from a command line:
imunify-antivirus config update ‘{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}’
Delete-sudouser
This command removes a user with root privileges from the server.
Usage:
imunify-antivirus delete-sudouser <userID> [--optional arguments]
Example:
The following command removes the user 11XXX111 with root privileges from the server.
imunify-antivirus delete-sudouser 11XXX111
Doctor
This command collects information about ImunifyAV state, generates the report and sends it to the ImunifyAV Support Team. This command can be used in case of any troubles or issues with ImunifyAV. This command will generate a key to be sent to the ImunifyAV Support Team. With that key the ImunifyAV Support Team can help with any problem as fast as possible.
Usage:
imunify-antivirus doctor [--optional arguments]
Infected-domains
Allows to retrieve infected domains list.
Usage:
imunify-antivirus infected-domains [-h] [--optional arguments]
Optional arguments for list:
--limit | Limits the output with the specified number of domains. Must be a number greater than zero. By default, equals 100. |
--offset | Offset for pagination. By default, equals 0. |
Example:
The following command displays the results of the check-domains command:
imunify-antivirus infected-domains
Feature-management
Allows to manage ImunifyAV features available for users.
Usage:
imunify-antivirus feature-management [command] [--optional argument]...
Command can be one of the following:
defaults | show the default value for each feature that is applied for newly created user |
disable | disable a feature for some or all users |
enable | enable a feature for some or all users |
get | obtains the status of all available features for a USER |
list | list all available features |
Optional argument for the enable/disable commands can be one of the following:
[--feature av] | enable/disable Malware Cleanup |
[--feature proactive] | enable/disable Proactive Defense |
[--users [USERS [USERS ...]]] | specifies the list of users which will be affected, otherwise the default value will be changed |
The mandatory argument for the get command:
[--user USER] | specifies a user name to obtain the status of features for |
Example:
The following command enables malware cleanup feature for the user1:
imunify-antivirus feature-management enable --feature av --users user1
Hooks
You can read more about hooks here.
This command allows to manage hooks.
Usage:
imunify-antivirus hook [command] --event [event_name|all] [--path </path/to/hook_script>]
command can be one of the following:
add | register a new event handler |
delete | unregister existing event handler |
list | show existing event handlers |
add-native | register a new native event handler |
--event [event_name|all] | defines a particular event that invokes a registered handler as opposed to all keyword |
--path </path/to/hook_script> | shall contain a valid path to a handler of the event, it shall be any executable or Python Native event handlers that agent will run upon a registered event |
Example:
The following command shows existing event handlers:
imunify-antivirus hook list
Malware
Allows to manage malware options.
Usage:
imunify-antivirus malware [command] [--optional arguments]
Available commands:
ignore | malware Ignore List operations |
malicious | malware Malicious List operations |
on-demand | on-demand Scanner operations |
suspicious | malware Suspicious List operations |
cleanup status | show the status of the cleanup process |
history list | lists the complete history of all malware-related incidents/actions (optional arguments available) |
rebuild patterns | allows to save changes after editing watched and excluded patterns for Malware Scanner. See details here. |
user | allows to perform Malware Scanner operations for a user |
Optional arguments:
--limit LIMIT | Limits the output with the specified number of domains. Must be a number greater than zero. By default, equals 100. |
--offset OFFSET | Offset for pagination. By default, equals 0. |
--since SINCE | Start date. |
--to TO | End date. |
--user USER | Returns results for a chosen user. |
--order-by [ORDER_BY [ORDER_BY ...]] | Sorting order. |
--by-status [BY_STATUS [BY_STATUS ...]] | Return items with selected status. |
--by-scan-id BY_SCAN_ID | Return items with selected ID. |
--items ITEMS | Return selected items. |
--search SEARCH | Search query. |
action is the second positional argument for ignore and can be one of the following:
add | add file PATHS to the Ignore List |
delete | delete file PATHS from the Ignore List |
list | shows Ignore List entries (optional arguments apply) |
where PATHS are the absolute paths to files or folders divided by a whitespace.
command2 is the second positional argument for the malicious command and can be one of the following:
cleanup | clean up infected ITEMS for a USER |
cleanup-all | clean up all files that have been detected as infected for all users |
restore-original | restore the original (malicious/infected) file to its original location |
delete | delete malicious/infected files |
list | list malicious/infected files |
move-to-ignore | move a Malicious List entry to the (malware) Ignore List |
remove-from-list | remove malicious/infected files from the Malicious List |
restore-from-backup | restore a clean version of infected file from backup |
action is the second positional argument for on-demand and can be one of the following:
list | list all on-demand scans performed |
start --path PATH | starts an on-demand scan for a specified PATH |
status | show the on-demand malware scanner status |
stop | stop on-demand malware scanner process |
queue put | put file PATHS to the queue for on-demand scan |
queue remove | remove scans from the queue for on-demand scan |
The optional arguments for on-demand start and on-demand queue put are:
--ignore-mask IGNORE_MASK |
--follow-symlinks |
--no-follow-symlinks |
--file-mask FILE_MASK |
--intensity-cpu {1 to 7} 1 means the lowest intensity, 7 means the highest intensity |
--intensity-io {1 to 7} 1 means the lowest intensity, 7 means the highest intensity |
action is the second positional argument for suspicious and can be one of:
delete | delete a Suspicious List entry |
list | obtain the list of Suspicious List entries |
move-to-ignore | move a Suspicious List entry to the (malware) Ignore List |
action is the second positional argument for user and can be one of the following:
cleanup USER | clean all infected files for a user |
restore-original USER | restore all original files for a user |
list | list all users and their current infection status |
scan | scan all users |
Examples
- The following command starts on-demand scanner for the path specified after the
startcommand:
imunify-antivirus malware on-demand start --path /home/<username>/public_html/
- The following command shows the example of the
ignore-maskusage when you have to scan alld*folders except for thedixon77w.comanddunnrrr.com:
imunify-antivirus malware on-demand start --path='/var/www/vhosts/d*' --ignore-mask='/var/www/vhosts/dixon77w.com/*,/var/www/vhosts/dunnrrr.com/*'
- The following command adds on-demand scans for the selected path(s) to the scan queue
imunify-antivirus malware on-demand queue put "/home/user1/some folder" "/home/user2" --file-mask="*.php"
- The following command removes the selected scans from the scan queue
imunify-antivirus malware on-demand list # get scan_ids for the selected scans from the malicious list
imunify-antivirus malware on-demand queue remove 84f043211dc045ae8e6d641f3b9fdb0a 8c4ee39d4d8f43e296e893940c8e791a
- The following command stops the on-demand Malware Scanner process
imunify-antivirus malware on-demand stop
- The following command stops the on-demand Malware Scanner process and clears the scan queue
imunify-antivirus malware on-demand stop --all
- The following command shows how to get an extended list of malicious files for a particular user. By default, a limit value equals to 50
imunify-antivirus malware malicious list --user cltest --limit 500
- The following command adds the specified path to the Ignore List
imunify-antivirus malware ignore add /home/user1/public_html/ "/home/some user/public_html/index.php"
- The following command lists all users and their current infection status
imunify-antivirus malware user list
Register
Allows to register and activate ImunifyAV. You can use it in case if ImunifyAV was not activated during installation process or in case if activation key of the ImunifyAV was changed for any reason. If you do not know what is an activation key or have any problem with it then, please, read Installation Guide or contact our support team.
Usage:
imunify-antivirus register [--optional arguments] [KEY]
KEY is a positional argument:
KEY | register with activation key (use IPL to register by IP) |
If you will use this command without the KEY argument, then it will try to register and activate current activation key.
Example 1: The following command will register and activate Imunify360 with the provided activation key:
imunify-antivirus register IMAV250jjRRjowbjk56dGN
Example 2:
If you have an IP-based license, you can use IPL argument to register and activate ImunifyAV:
imunify-antivirus register IPL
Rstatus
Allows to check if ImunifyAV server license is valid.
Usage:
imunify-antivirus rstatus [--optional arguments]
Start
This command allows to run the agent.
Usage:
imunify-antivirus start [--optional arguments]
Unregister
Allows to unregister and disable ImunifyAV on the server.
Usage:
imunify-antivirus unregister [--optional arguments]
Update
This command allows updating ImunifyAV malware signatures.
Usage:
imunify-antivirus update [--optional arguments] signatures
Update-license
This command force updating the ImunifyAV license.
Usage:
imunify-antivirus update-license [--optional arguments]
Version
Allows to show the actual ImunifyAV version installed on the server.
Usage:
imunify-antivirus version [--optional arguments]
How to apply changes from CLI
In order to apply changes via command-line interface (CLI), you can use the following command:
imunify-antivirus config update '{"SECTION": {"parameter": value}}'
For example, if you want to set MALWARE_SCAN_INTENSITY.cpu = 5 from a command line, then you should execute the following command:
imunify-antivirus config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}'
imunify-antivirus config update '{"MALWARE_SCANNING": {"rapid_scan": true}}'
It is also possible to apply several parameters at once.
For example:
imunify-antivirus config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5, "io": 7}}'
