Configure the anti-malware email alert and signature update settings.
sentinel --task=antimalware:antimalwareOption |
Value | Default | Description |
|---|---|---|---|
--email_alert |
<1|0> | 1 | Enable or disable e-mail alerts, this includes application version alerts as well as automated/manual scan reports. On-demand reports can still be sent manually. |
--email_addr |
<string1,string2> | admin@yourdomain.com | The destination e-mail addresses for automated/manual scan reports and application version alerts. (multiple addresses comma (,) spaced) |
--email_ignore_clean |
<1|0> | 1 | Ignore e-mail alerts for scan reports in which all malware hits and application version alerts. |
--email_subj |
<string> | maldet alert from $(hostname) | The subject line for e-mail alerts. |
--email_format |
<html|text|both> | html | The format for e-mail alerts. HTML emails include a professionally designed template with color-coded threat types and scan summary. |
--smtp_relay |
<string> | The SMTP relay for email delivery. When set, emails are sent via this relay instead of the local MTA (mail/sendmail). Supports TLS/SSL. Examples: smtps://smtp.gmail.com:465, smtp://relay.example.com:587 | |
--smtp_from |
<string> | The sender address for SMTP relay delivery. Required when smtp_relay is set. |
|
--smtp_user |
<string> | The SMTP username. Required for authenticated relay delivery. | |
--smtp_pass |
<string> | The SMTP password. Required for authenticated relay delivery. | |
--slack_alert |
<1|0> | 0 | Enable or disable slack alerts, this will upload the scan report as a file into one or more slack channels. |
--slack_subj |
<string> | maldet alert from $(hostname) | The file name of the file that will be uploaded to slack channel(s). |
--slack_token |
<string> | AUTH_TOKEN | Slack authentication token. Requires scope: files:write:user. More information https://api.slack.com/methods/files.upload |
--slack_channels |
<string1,string2> | maldetreports | Comma-separated list of channel names or IDs where the scan report will be shared. |
--telegram_alert |
<1|0> | 0 | Enable or disable Telegram alerts. |
--telegram_file_caption |
<string> | maldet alert from $(hostname) | The caption for the report file that will be sent to Telegram channel. |
--telegram_bot_token |
<string> | TELEGRAM_BOT_TOKEN | The Telegram bot token. More information https://core.telegram.org/bots |
--telegram_channel_id |
<string> | TELEGRAM_CHANNEL_ID | The Telegram channel id. More information https://stackoverflow.com/questions/33858927/how-to-obtain-the-chat-id-of-a-private-telegram-channel?answertab=active#tab-top |
--discord_alert |
<1|0> | 0 | Enable or disable discord alerts, this will upload the scan report via a discord webhook. |
--discord_webhook_url |
<string> | Discord webhook URL for alert delivery. | |
--autoupdate_signatures |
<string> | 1 | Automatic updates of anti-malware signature files and cleaner rules. The signature update process preserves any custom signature or cleaner files. It is highly recommended that this be enabled as new signatures a released multiple times per-week. |
--sigup_interval |
<digit> | 6 | The interval in hours for automatic signature update checks via the independent cron job (/etc/cron.d/maldet-sigup). This runs separately from cron.daily and is idempotent with maldet -u. Set to 0 to disable the independent cron job. |
--autoupdate_version |
<1|0> | 0 | Automatic version updates of LMD. The installation update process preserves all configuration options along with custom signature and cleaner files. It is recommended that this be enabled to ensure the latest version, features and bug fixes are always available. |
--autoupdate_version_hashed |
<1|0> | 0 | Validate the LMD executable MD5 hash with known good upstream hash value. This allows LMD to replace the the executable / force a re-installation in the event the LMD executable is tampered with or corrupted. If you intend to make customizations to the LMD executable, you should disable this feature. |
--cron_prune_days |
<digit> | 21 | The retention period, in days, which quarantine, temporary files and stale session information should be retained. Data older than this value is deleted with the daily cron execution. |
--cron_daily_scan |
<1|0> | 1 | Enable or disable the automatic scanning of standard web directories performed via cron. |
--scan_days |
<digit> | 1 | The number of days to look back for recently modified files during daily cron scans. Files modified within this number of days will be scanned. |
--import_config_url |
<string> | Download the configuration file from a remote URL. The local conf.maldet and internals.conf are parsed followed by the imported configuration file. As such, only variables defined in the imported configuration file are overridden and a full set of configuration options is not explicitly required in the imported file. | |
--import_config_expire |
<string> | 43200 | The expiry interval for refreshing the local cached version of the imported configuration file. The default is every 12h (43200 seconds) which should be ok for most setups. |
--sig_import_md5_url |
<string> | Download custom MD5 signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES! | |
--sig_import_hex_url |
<string> | Download custom HEX signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES! | |
--sig_import_yara_url |
<string> | Download custom YARA signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES! | |
--sig_import_sha256_url |
<string> | Download custom SHA256 signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES! | |
--sig_import_csig_url |
<string> | Download custom CSIG signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES! | |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--reload |
<yes> | Reload the service after saving settings. |
// disable the cron_daily_scan
sentinel --task=antimalware:antimalware --cron_daily_scan=0 --restart=yes
// reset the cron_daily_scan back to its default value
sentinel --task=antimalware:antimalware --default_option=cron_daily_scan --restart=yes
// reset all settings to their default values
sentinel --task=antimalware:antimalware --default=yes --restart=yes