This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email notification when virus was found with ZCM 2020UP2

Hello,

is it possible to send an email when a virus on an endpoint was found?

On the reporting server documentation I didn´t find any hint.

Andy

  • 0  

    I don't believe there is any way to do that directly.  It would be great to put on the ideas page.

    Indirectly, most likely you could do something with Dashboards or ZRS to generate and possibly email reports on virus found on your devices.  I may filddle around with that some...

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Hello Craig,

    now I have installed the reporting server. The problem is to connect to the third/animalware postgresql db . There is no option to do this on the reporting server. We need to access the new "domain". The only option is to access the patch "domain". iIs there a solution to do this?

  • 0   in reply to 

    IDK, that may be iffy too....

    But in regards to Email Notifications, there is not an official way to do that.  I raised it in a meeting today with the PM in charge of Anti-Malware.  He agreed it was a needed feature and it was already discussed but there was not time to get it into 20.2.

    He said there are not any plans for any significant feature changes for 20.3 in regard to Anti-Malware.  Rather, they are going to use the initial 20.2 release time to gauge customer feedback with the plan for more significant feature enhancements in the 20.4 time frame.

    Along those lines, he requested to put something in the Ideas Portal to help tracking.  Look for my post there and make some comments when you get a chance.  I will be creating that entry in a couple of minutes.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Hi Craig,

    I have voted on the portal. I want to access the mailware db with tools like dbeaver. What´s the name of the db to access it ? Username and password i get it with zman ..

  • 0   in reply to 

    "zman dgcam" will get the PWD

    amedatasource.properties  in /vastorage/etc/opt/microfocus/zenworks/antimalware has the DB details.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0   in reply to   

    Any updates on this ? This is number ONE feature which is missing. I'm getting request for this every couple months.

    David

  • 0   in reply to   

    The plan was for no feature updates for Anti-Malware in 20.3, but await feedback and then look at 20.4 to add new features around Anti-Malware.  At this stage in 20.4 planning, it is too soon to say what may or may not get planned.  However, it was indicated that it would be a strong candidate for consideration.  

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0   in reply to   

    Was anyone able to setup some kind of workaround ? Any other enterprise AV solution has it, need solve this sooner as next decade.

    David

  • 0   in reply to   

     have you found a way to trigger email alert, when virus is found ? 

    David

  • 0 in reply to   

    Yes, I have it. I generate every morning a postgresql report and send it via postfix:

    Linux Script /tmp/Virus-mail.sh:

    #!/bin/bash

    dbuser=zenamadmin

    dbpassword=[Yourpassword]

    dbname=zenamdatabase

    dbport=54327

    emailserver=smtp.yourcompany.de

     

    rm /tmp/virusmail.txt

    rm /tmp/mail.send

     

    export PGPASSWORD=[yourpgpassword]

    /opt/microfocus/zenworks/share/pgsql/bin/psql -h localhost -p $dbport -U $dbuser -d $dbname --no-password -c "select z.hostname ,z.primaryusername, m2.malwarename from public.malwarestatus m inner join zvdevice z on z.deviceseqid = m.deviceseqid inner join malwaredetails m2 on m.malwareid = m2.malwareid where m.infectedfilecount >0 and m.firstdetectedtime >=( current_date - 1);" --output=/tmp/virusmail.txt

    ## sendmail

    cat mail.txt >/tmp/mail.send

    cat virusmail.txt >>/tmp/mail.send

    sendmail -bm -v -t < /tmp/mail.send

    ________________________________________________________

    configfile for sendmail/postfix:

    /etc/postfix/main.cf

    Changes:

     ___________________________________________________________

    /tmp/mail.txt:

    To: support@yourcompany.de

    Subject: Virusmeldung Liste der infizierten Rechner

    From: support@yourcompany.de

      

    Liste of infected PCs and the User:

    _________________________________________________________

    Crontab changes:

    >crontab –e

    This line added:

    00 7 * * * /tmp/Virus-mail.sh >/dev/null

    ________________________________

    The only remaining problem is, this is not working with crontab. So together with the user from here I think, we can resolve this crontab problem together. Manually starting this script is working well. The /tmp/ directory is also not the best, I know.

    Andreas