Hi,
I have a daily cron on each server running cxs, and it sends the report by email... but most days there will be 0 suspicious items, and there really isn't any need for me to receive a daily email report from every server running cxs when there is nothing found...
By adding the total number of suspicious items found to the email's Subject line, I can create a filter to automatically delete or archive reports with 0 suspicious items. I'm sure this would be useful for people running cxs on a lot of servers.
The other issue I have is that the reports are not optimized for reviewing when there are many accounts on the server, for example I have a server with 80+ accounts and I need to scroll down and check each summary individually. Perhaps it would be possible to show the accounts with suspicious items at the top of the report, and then show the other accounts after. Or alternately at the top of the report it could list the account names that contained suspicious items.
Regards,
Leo
Email Reports - # in Subject Line, and Improved Summary
Of all the suggestions, mine is one of the oldest posts and yet the ONLY suggestion with no reply from the developers ;(
Well I guess maybe someone was listening, after making my suggestion the new nosummary email report option was added which takes care of the 2nd part of my suggestion.
But I still need something different in the subject line or body indicating if no suspicious items were found. Or how about an option to just send NO email if no suspicious items were found? Although the nosummary option is nice, I don't understand why it's even bothering to send me an email 'Report' with a completely blank email body! Not a useful report, imho
If the email subject or body contained "no suspicious items" then I could create a filter in cPanel, but as it is the subject is the same regardless of items found, and it isn't possible to create a multi-rule filter in cPanel to deal with these blank bodies... i.e. if cPanel allowed multi-rule filters then I could say 'if subject contains ConfigServer eXploit Report AND body doesn't contain Scan Report then forward to ...' but since cPanel only allows single-rule filters then there is no way of filtering these empty-bodied emails. Actually I know that the newer cPanel versions do allow multi-rule filters, but my main mail server is with a host that isn't planning to upgrade due to their 'not broken don't fix it' policy, so I only have access to single-rule filters...
So in summary, please add some unique text to either subject or body when no suspicious items are found
Well I guess maybe someone was listening, after making my suggestion the new nosummary email report option was added which takes care of the 2nd part of my suggestion.
But I still need something different in the subject line or body indicating if no suspicious items were found. Or how about an option to just send NO email if no suspicious items were found? Although the nosummary option is nice, I don't understand why it's even bothering to send me an email 'Report' with a completely blank email body! Not a useful report, imho
If the email subject or body contained "no suspicious items" then I could create a filter in cPanel, but as it is the subject is the same regardless of items found, and it isn't possible to create a multi-rule filter in cPanel to deal with these blank bodies... i.e. if cPanel allowed multi-rule filters then I could say 'if subject contains ConfigServer eXploit Report AND body doesn't contain Scan Report then forward to ...' but since cPanel only allows single-rule filters then there is no way of filtering these empty-bodied emails. Actually I know that the newer cPanel versions do allow multi-rule filters, but my main mail server is with a host that isn't planning to upgrade due to their 'not broken don't fix it' policy, so I only have access to single-rule filters...So in summary, please add some unique text to either subject or body when no suspicious items are found
-
ForumAdmin
- Moderator
- Posts: 1523
- Joined: 01 Oct 2008, 09:24
Hi folks,
Seems we are getting there.
btw:
I've done beta testing and improved the appearance and verbiage of many companies services, like ScanAlert, McAfee Secure, Attracta, among others. I'm here to help your service be the best as well.
This is what I do to make the Internet more user friendly.
I posted a detailed note on how to improve the executive summary.
Like to get some input on that please:
showthread.php?t=3445
As for subject line, the hits info if nice, though I believe it would be more helpful to clarify in subject the number of identified "viruses" (really the only thing important to most folks anyway I imagine).
Current subject reads like:
ConfigServer eXploit Report from vs09.xxx.com (Hits:41159)
As you can see this is not terribly valuable since most of the "hits" are false positives. Good to know but not useful for a server admin.
What I propose is something more descriptive, like:
ConfigServer eXploit Report from vs09.xxx.com (Suspicious:41159 Viruses: 20)
What you think?
Thanks,
Jim
Seems we are getting there.
btw:
I've done beta testing and improved the appearance and verbiage of many companies services, like ScanAlert, McAfee Secure, Attracta, among others. I'm here to help your service be the best as well.
This is what I do to make the Internet more user friendly.
I posted a detailed note on how to improve the executive summary.
Like to get some input on that please:
showthread.php?t=3445
As for subject line, the hits info if nice, though I believe it would be more helpful to clarify in subject the number of identified "viruses" (really the only thing important to most folks anyway I imagine).
Current subject reads like:
ConfigServer eXploit Report from vs09.xxx.com (Hits:41159)
As you can see this is not terribly valuable since most of the "hits" are false positives. Good to know but not useful for a server admin.
What I propose is something more descriptive, like:
ConfigServer eXploit Report from vs09.xxx.com (Suspicious:41159 Viruses: 20)
What you think?
Thanks,
Jim