Hello,
is it possible to send an email when a virus on an endpoint was found?
On the reporting server documentation I didn´t find any hint.
Andy
Cybersecurity
DevOps Cloud
IT Operations Cloud
If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it! Learn more
I don't believe there is any way to do that directly. It would be great to put on the ideas page.
Indirectly, most likely you could do something with Dashboards or ZRS to generate and possibly email reports on virus found on your devices. I may filddle around with that some...
--
If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button
Be sure to "Like" My (and a few others) Cool Solutions below!
https://community.microfocus.com/members/craigdwilson/bookmarks
Hello Craig,
now I have installed the reporting server. The problem is to connect to the third/animalware postgresql db . There is no option to do this on the reporting server. We need to access the new "domain". The only option is to access the patch "domain". iIs there a solution to do this?
IDK, that may be iffy too....
But in regards to Email Notifications, there is not an official way to do that. I raised it in a meeting today with the PM in charge of Anti-Malware. He agreed it was a needed feature and it was already discussed but there was not time to get it into 20.2.
He said there are not any plans for any significant feature changes for 20.3 in regard to Anti-Malware. Rather, they are going to use the initial 20.2 release time to gauge customer feedback with the plan for more significant feature enhancements in the 20.4 time frame.
Along those lines, he requested to put something in the Ideas Portal to help tracking. Look for my post there and make some comments when you get a chance. I will be creating that entry in a couple of minutes.
--
If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button
Be sure to "Like" My (and a few others) Cool Solutions below!
https://community.microfocus.com/members/craigdwilson/bookmarks
"zman dgcam" will get the PWD
amedatasource.properties in /vastorage/etc/opt/microfocus/zenworks/antimalware has the DB details.
--
If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button
Be sure to "Like" My (and a few others) Cool Solutions below!
https://community.microfocus.com/members/craigdwilson/bookmarks
Any updates on this ? This is number ONE feature which is missing. I'm getting request for this every couple months.
David
The plan was for no feature updates for Anti-Malware in 20.3, but await feedback and then look at 20.4 to add new features around Anti-Malware. At this stage in 20.4 planning, it is too soon to say what may or may not get planned. However, it was indicated that it would be a strong candidate for consideration.
--
If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button
Be sure to "Like" My (and a few others) Cool Solutions below!
https://community.microfocus.com/members/craigdwilson/bookmarks
Was anyone able to setup some kind of workaround ? Any other enterprise AV solution has it, need solve this sooner as next decade.
David
Yes, I have it. I generate every morning a postgresql report and send it via postfix:
#!/bin/bash
dbuser=zenamadmin
dbpassword=[Yourpassword]
dbname=zenamdatabase
dbport=54327
emailserver=smtp.yourcompany.de
rm /tmp/virusmail.txt
rm /tmp/mail.send
export PGPASSWORD=[yourpgpassword]
/opt/microfocus/zenworks/share/pgsql/bin/psql -h localhost -p $dbport -U $dbuser -d $dbname --no-password -c "select z.hostname ,z.primaryusername, m2.malwarename from public.malwarestatus m inner join zvdevice z on z.deviceseqid = m.deviceseqid inner join malwaredetails m2 on m.malwareid = m2.malwareid where m.infectedfilecount >0 and m.firstdetectedtime >=( current_date - 1);" --output=/tmp/virusmail.txt
## sendmail
cat mail.txt >/tmp/mail.send
cat virusmail.txt >>/tmp/mail.send
sendmail -bm -v -t < /tmp/mail.send
________________________________________________________
configfile for sendmail/postfix:
/etc/postfix/main.cf
Changes:
___________________________________________________________
_________________________________________________________
>crontab –e
This line added:
00 7 * * * /tmp/Virus-mail.sh >/dev/null
________________________________
The only remaining problem is, this is not working with crontab. So together with the user from here I think, we can resolve this crontab problem together. Manually starting this script is working well. The /tmp/ directory is also not the best, I know.
Andreas