How to Identify and Restore Files from Quarantine?

When cPFence quarantines a file that you know is clean, it’s important to identify it and restore it if necessary. This guide will walk you through the steps to locate quarantined files and restore them to their original locations.

Where to Find Information About Quarantined Files

When cPFence detects an infection and quarantines a file, you can find out about it in two main ways:

  1. Notification Email: cPFence will send you an email with details about the infected file. The email will look something like this:
Email Scan Results:
--------------------------
/var/local/enhance/email/mailboxes/XXXXXXX/[email protected]/mail/.Spam/new/1727788010.M881042P1826419.server22,S=1340011,W=1358412: cPFence_app.Foxhole.Mail_z.UNOFFICIAL FOUND
/var/local/enhance/email/mailboxes/XXXXXXX/[email protected]/mail/.Spam/new/1727788010.M881042P1826419.server22,S=1340011,W=1358412: moved to '/opt/cpfence/quarantined/1727788010.M881042P1826419.server22,S=1340011,W=1358412'

----------- SCAN SUMMARY -----------
Known viruses: 9529696
Engine version: 1.0.7
Scanned directories: 0
Scanned files: 3
Infected files: 1
Data scanned: 11.23 MB
Data read: 3.66 MB (ratio 3.06:1)
Time: 43.739 sec (0 m 43 s)
Start Date: 2024:10:01 16:50:05
End Date:   2024:10:01 16:50:49

The email shows the exact file that was quarantined and where it has been moved for isolation.

  1. Log File: You can also check the infection history in the following log file:
nano /var/log/cpfenceav/infections.history

Here is an example of what the log might show:

===== Incident on 2024-08-14 20:50:04 =====

2024-08-14 19:37:41 A Smart scanning job started. This may take 30 minutes up to 2 hours to finish. Check back here later for scanning results.
/var/www/XXXXXXX/eicar.com: Win.Test.EICAR_HDB-1 FOUND
/var/www/XXXXXXX/eicar.com: moved to '/opt/cpfence/quarantined/eicar.com'
/var/www/XXXXXXX/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/var/www/XXXXXXX/eicar_com.zip: moved to '/opt/cpfence/quarantined/eicar_com.zip'

You can see details of the file that was detected and where it has been quarantined.

Step 1: Whitelist the File

If you are sure the file is safe and do not want it to be quarantined again, you can whitelist it by using the following command:

cpfence --exclude-path /example-file.php

This will exclude the file from future scans and prevent it from being flagged or quarantined again.

Step 2: Restore the Quarantined File

Once you know which file has been quarantined, you can restore it to its original location by using the mv command. For example, if the quarantined file is example-file.php, you would run the following command:

mv /opt/cpfence/quarantined/example-file.php /var/www/XXXXXXX/public_html/wp-content/plugins/example-plugin/example-file.php

This command will move the file from the quarantine directory back to its original folder.

Optional: Identifying the Website

If you would like to know which website the quarantined file belongs to, you can use the Website ID found in the file path. To identify the website:

  1. Log in to your Enhance control panel.
  2. Navigate to the "Manage Websites" page.
  3. Enter the Website ID (found in the quarantined file path) in the search field to locate the associated website.

Step 3: Report a False Positive (Optional)

If you believe the file was quarantined in error, you can report it as a false positive by attaching the quarantined file to your support ticket. Our team will investigate and provide assistance.


Need Further Assistance?

If you encounter any issues or have additional questions, feel free to reach out to our support team via your client portal.

  • 0 utilizatori au considerat informația utilă
Răspunsul a fost util?

Articole similare

How to Enable / Disable Malware Real-Time Protection?

This guide provides instructions for managing Malware Real-Time Protection (MRTP). Enable MRTP...

Does cPFence Provide Protection for Mail Servers?

Yes, cPFence provides email protection, including virus-infected attachments, spam, and...

What is Proactive Scan & How to Enable it?

The Proactive Scan option in cPFence controls the speed of detection and scanning in the Malware...

How to Use cPFence Virus Scanner?

cPFence provides various scanning options to detect and manage potential threats. This guide...

How to Enable/Disable Auto Quarantine in cPFence ?

See also : How Restore Files from Quarantine   The Auto Quarantine feature in cPFence allows...