Email notification when virus was found with ZCM 2020UP2

Hello,

is it possible to send an email when a virus on an endpoint was found?

On the reporting server documentation I didn´t find any hint.

Andy

  • I don't believe there is any way to do that directly.  It would be great to put on the ideas page.

    Indirectly, most likely you could do something with Dashboards or ZRS to generate and possibly email reports on virus found on your devices.  I may filddle around with that some...

    --

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Hello Craig,

    now I have installed the reporting server. The problem is to connect to the third/animalware postgresql db . There is no option to do this on the reporting server. We need to access the new "domain". The only option is to access the patch "domain". iIs there a solution to do this?

  • IDK, that may be iffy too....

    But in regards to Email Notifications, there is not an official way to do that.  I raised it in a meeting today with the PM in charge of Anti-Malware.  He agreed it was a needed feature and it was already discussed but there was not time to get it into 20.2.

    He said there are not any plans for any significant feature changes for 20.3 in regard to Anti-Malware.  Rather, they are going to use the initial 20.2 release time to gauge customer feedback with the plan for more significant feature enhancements in the 20.4 time frame.

    Along those lines, he requested to put something in the Ideas Portal to help tracking.  Look for my post there and make some comments when you get a chance.  I will be creating that entry in a couple of minutes.

    --

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Hi Craig,

    I have voted on the portal. I want to access the mailware db with tools like dbeaver. What´s the name of the db to access it ? Username and password i get it with zman ..

  • "zman dgcam" will get the PWD

    amedatasource.properties  in /vastorage/etc/opt/microfocus/zenworks/antimalware has the DB details.

    --

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Any updates on this ? This is number ONE feature which is missing. I'm getting request for this every couple months.

    David

  • The plan was for no feature updates for Anti-Malware in 20.3, but await feedback and then look at 20.4 to add new features around Anti-Malware.  At this stage in 20.4 planning, it is too soon to say what may or may not get planned.  However, it was indicated that it would be a strong candidate for consideration.  

    --

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Was anyone able to setup some kind of workaround ? Any other enterprise AV solution has it, need solve this sooner as next decade.

    David

  •  have you found a way to trigger email alert, when virus is found ? 

    David

  • Yes, I have it. I generate every morning a postgresql report and send it via postfix:

    Linux Script /tmp/Virus-mail.sh:

    #!/bin/bash

    dbuser=zenamadmin

    dbpassword=[Yourpassword]

    dbname=zenamdatabase

    dbport=54327

    emailserver=smtp.yourcompany.de

     

    rm /tmp/virusmail.txt

    rm /tmp/mail.send

     

    export PGPASSWORD=[yourpgpassword]

    /opt/microfocus/zenworks/share/pgsql/bin/psql -h localhost -p $dbport -U $dbuser -d $dbname --no-password -c "select z.hostname ,z.primaryusername, m2.malwarename from public.malwarestatus m inner join zvdevice z on z.deviceseqid = m.deviceseqid inner join malwaredetails m2 on m.malwareid = m2.malwareid where m.infectedfilecount >0 and m.firstdetectedtime >=( current_date - 1);" --output=/tmp/virusmail.txt

    ## sendmail

    cat mail.txt >/tmp/mail.send

    cat virusmail.txt >>/tmp/mail.send

    sendmail -bm -v -t < /tmp/mail.send

    ________________________________________________________

    configfile for sendmail/postfix:

    /etc/postfix/main.cf

    Changes:

     ___________________________________________________________

    /tmp/mail.txt:

    To: support@yourcompany.de

    Subject: Virusmeldung Liste der infizierten Rechner

    From: support@yourcompany.de

      

    Liste of infected PCs and the User:

    _________________________________________________________

    Crontab changes:

    >crontab –e

    This line added:

    00 7 * * * /tmp/Virus-mail.sh >/dev/null

    ________________________________

    The only remaining problem is, this is not working with crontab. So together with the user from here I think, we can resolve this crontab problem together. Manually starting this script is working well. The /tmp/ directory is also not the best, I know.

    Andreas