Knowledge Base

Hook Script after file detection

cPGuard allows you to run a script after detecting a bad file, in which you can run necessary actions on the affected file. In hook script, you will get the following details as arguments.

  • The original path of the infected file
  • Path to Quarantined file or "not-quarantined" if the file is not quarantined
  • Virus Description
  • Category of the detected file
  • Username affected
  • User email

 

A sample hook script is available in the following locations for respective control panels and the sample content is also given below. It contains a sample code to push the notification to your Slack channel or send a notification to the end-user. 

 

You need to copy the file as “virus_hook.php” into the same directory with your customization. 

cPanel :-  /usr/local/cpanel/whostmgr/docroot/cgi/cpguard/scripts/virus_hook_sample.php

DirectAdmin :-  /usr/local/directadmin/plugins/cpguard/cpguard/scripts/virus_hook_sample.php

 

<?php
$original_path = $argv[1];      // Original path of infected file
$quarantine_path = $argv[2];    // Path to Quarantined file or "not-quarantined" if file was not quarantined
$virus_definition = $argv[3];   // Virus Description
$category = $argv[4];           // Virus File | Supicious File | Binary File | Symbolic Link
$username = $argv[5];           // Username affected
$user_email = $argv[6];         // User email
/* -------------------------------------------------------------------------
*      SLACK WEBHOOKS
*      REFER https://api.slack.com/messaging/webhooks
* ---------------------------------------------------------------------- */
$server = gethostname();
$webhook_url = "https://hooks.slack.com/xxxxxxxxxxxx";
$data = array(
   "text" => "$category found on $server",
   "blocks" => array(
       array(
           "type" => "section",
           "text" => array(
               "type" => "mrkdwn",
               "text" => "*$category* found on $server"
           )
       ),
       array(
           "type" => "context",
           "elements" => array(array(
                   "type" => "mrkdwn",
                   "text" => "*Original path* : $original_path\n"
                   . "*Quarantine path* : $quarantine_path\n"
                   . "*Definition* : $virus_definition\n"
                   . "*User* : $username\n"
               )
           )
       ),
   )
);
$data_string = json_encode($data);
$ch = curl_init($webhook_url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
   'Content-Type: application/json',
   'Content-Length: ' . strlen($data_string))
);
$result = curl_exec($ch);
/* -------------------------------------------------------------------------
*      SENDING EMAILS TO END USERS
* ---------------------------------------------------------------------- */
$subject = "$category found";
$message = "
<html>
   <head>
       <title>$category found</title>
   </head>
   <body>
       <p>$category found</p>
       <table>
           <tr>
               <th style=\"text-align:left\">Type</th>
               <td>$category</td>
           </tr>
           <tr>
               <th style=\"text-align:left\">Original Path</th>
               <td>$original_path</td>
           </tr>
           <tr>
               <th style=\"text-align:left\">Quarantine path</th>
               <td>$quarantine_path</td>
           </tr>
           <tr>
               <th style=\"text-align:left\">Description</th>
               <td>$virus_definition</td>
           </tr>
           <tr>
               <th style=\"text-align:left\">User</th>
               <td>$username</td>
           </tr>
       </table>
   </body>
</html>
";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= 'From: <webmaster@example.com>' . "\r\n";
$headers .= 'Cc: myboss@example.com' . "\r\n";
mail($user_email, $subject, $message, $headers); 

 

Please contact our support if you need any additional details or want any additional features with the hook script. 

Please rate this article to help us improve our Knowledge Base.

0 0