Symptoms
Occasionally, you might run into a situation when editing or saving a file with cPanel's File Manager interface fails with the "ERROR:BAILOUT Malware Detected" error. You might also see the following error message in the error logs:
Call stack:
File "/usr/libexec/imunify360/cpanel_fileman_hook", line 241, in <module>
code = main(ctx)
[...............]
File "/opt/alt/python38/lib64/python3.8/logging/__init__.py", line 1587, in handle
self.callHandlers(record)
File "/opt/alt/python38/lib/python3.8/site-packages/sentry_sdk/integrations/logging.py", line 69, in sentry_patched_callhandlers
return old_callhandlers(self, record)
Message: 'file %s is sent for scanning'
Arguments: ('/home/$username/tmp/tmpdb9b45x8',)
Description
This is caused by Imunify services detecting the file as malware and disallowing modification.
Workaround
To get around this issue, you might need to specifically add the file that you are trying to edit to Imunify's ignore list:
imunify360-agent malware ignore add $PATH_TO_FILE
If this does not resolve the issue, then you need to stop the service entirely with the following command:
systemctl stop imunify360.service
If the issue is not resolved even after stopping the service, then you need to disable all of Imunify's hooks. You can list the hooks and the their ID with the following command:
whmapi1 list_hooks | grep -Ei imunify -A 1
hook: /usr/libexec/imunify360/cpanel_fileman_hook --upload
id: 854feb1d-254c-463f-bc23-9826f47bea47
--
hook: /usr/libexec/imunify360/cpanel_fileman_hook --save
id: 10f2dc55-3a28-4d6b-8682-75f298105641
--
hook: /usr/libexec/imunify360/cpanel_fileman_hook --save
id: 563d9b71-9a77-4d7b-a77b-85f9cfed2665
And then you can disable them one by one via the command line as follows: (Replace the ID with the ID of the hooks from the above command)
whmapi1 edit_hookid=HzEpGvT6QGUYwxuX3hWB8AUq enabled=0
Comments
0 comments
Article is closed for comments.