Email Reports - # in Subject Line, and Improved Summary

Post Reply
Jam
Junior Member
Posts: 19
Joined: 10 Jan 2009, 12:21

Email Reports - # in Subject Line, and Improved Summary

Post by Jam »

Hi,

I have a daily cron on each server running cxs, and it sends the report by email... but most days there will be 0 suspicious items, and there really isn't any need for me to receive a daily email report from every server running cxs when there is nothing found...

By adding the total number of suspicious items found to the email's Subject line, I can create a filter to automatically delete or archive reports with 0 suspicious items. I'm sure this would be useful for people running cxs on a lot of servers.

The other issue I have is that the reports are not optimized for reviewing when there are many accounts on the server, for example I have a server with 80+ accounts and I need to scroll down and check each summary individually. Perhaps it would be possible to show the accounts with suspicious items at the top of the report, and then show the other accounts after. Or alternately at the top of the report it could list the account names that contained suspicious items.

Regards,
Leo
Jam
Junior Member
Posts: 19
Joined: 10 Jan 2009, 12:21

Post by Jam »

Of all the suggestions, mine is one of the oldest posts and yet the ONLY suggestion with no reply from the developers ;(

Well I guess maybe someone was listening, after making my suggestion the new nosummary email report option was added which takes care of the 2nd part of my suggestion.

But I still need something different in the subject line or body indicating if no suspicious items were found. Or how about an option to just send NO email if no suspicious items were found? Although the nosummary option is nice, I don't understand why it's even bothering to send me an email 'Report' with a completely blank email body! Not a useful report, imho :) If the email subject or body contained "no suspicious items" then I could create a filter in cPanel, but as it is the subject is the same regardless of items found, and it isn't possible to create a multi-rule filter in cPanel to deal with these blank bodies... i.e. if cPanel allowed multi-rule filters then I could say 'if subject contains ConfigServer eXploit Report AND body doesn't contain Scan Report then forward to ...' but since cPanel only allows single-rule filters then there is no way of filtering these empty-bodied emails. Actually I know that the newer cPanel versions do allow multi-rule filters, but my main mail server is with a host that isn't planning to upgrade due to their 'not broken don't fix it' policy, so I only have access to single-rule filters...

So in summary, please add some unique text to either subject or body when no suspicious items are found :)
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Post by ForumAdmin »

We've added a hit count to the Subject line so you can filter on (Hits:0) if you wish.
Jam
Junior Member
Posts: 19
Joined: 10 Jan 2009, 12:21

Post by Jam »

Great, thank you :)
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Post by tvcnet »

Hi folks,
Seems we are getting there.

btw:
I've done beta testing and improved the appearance and verbiage of many companies services, like ScanAlert, McAfee Secure, Attracta, among others. I'm here to help your service be the best as well.
This is what I do to make the Internet more user friendly.


I posted a detailed note on how to improve the executive summary.
Like to get some input on that please:
showthread.php?t=3445

As for subject line, the hits info if nice, though I believe it would be more helpful to clarify in subject the number of identified "viruses" (really the only thing important to most folks anyway I imagine).

Current subject reads like:
ConfigServer eXploit Report from vs09.xxx.com (Hits:41159)

As you can see this is not terribly valuable since most of the "hits" are false positives. Good to know but not useful for a server admin.

What I propose is something more descriptive, like:
ConfigServer eXploit Report from vs09.xxx.com (Suspicious:41159 Viruses: 20)

What you think?

Thanks,
Jim
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Post by tvcnet »

I'm really liking this latest subject format!
cxs Scan on username (Hits:1084) (Viruses:0) (Fingerprints:0)

Thanks,
Jim
Post Reply