很抱歉复活了一个老问题。我在每次扫描后尝试让 maldet 通过电子邮件发送报告时遇到了同样的问题。我按照@Tilman 的建议深入研究了源代码。负责发送报告邮件的函数 view_report() 可以在/usr/local/maldetect/internals/functionsv1.6.4 的第 645-706 行找到。具体查看负责的代码（第 681-696 行），我们看到仅当存储为 的 SCANID$rid是后缀时才会发送邮件，即190429-0343.31494，对应于报告的文件/usr/local/maldetect/sess/名session.190429-0343.31494

if [ -f "$sessdir/session.$rid" ] && [ ! -z "$(echo $2 | grep '\@')" ]; then
    if [ -f "$mail" ]; then
        cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
    elif [ -f "$sendmail" ]; then
        if ! grep -q "SUBJECT: " "$sessdir/session.$rid"; then
            echo -e "SUBJECT: $email_subj\n$(cat $sessdir/session.$rid)" > $sessdir/session.$rid
        fi
        cat $sessdir/session.$rid | $sendmail -t "$2"
    else
        eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
        exit
    fi

    eout "{report} report ID $rid sent to $2" 1
    exit
fi

处理空 SCANID 的代码紧随其后（第 697-705 行）：

if [ "$rid" == "" ] && [ -f "$sessdir/session.last" ]; then
    rid=`cat $sessdir/session.last`
    $EDITOR $sessdir/session.$rid
elif [ -f "$sessdir/session.$rid" ]; then
    $EDITOR $sessdir/session.$rid
else
    echo "{report} no report found, aborting."
    exit
fi

我原以为处理空 SCANID 的代码会简单地抓取最新的并通过电子邮件发送。它实际上所做的是查看/usr/local/maldetect/sess/session.lastmaldet 存储最新SCANID 的位置。并且由于某种原因，它会在终端编辑器中打开相应的报告，而不仅仅是打印出来。请注意，实际上没有任何工作代码可以通过电子邮件发送最新报告。

-- 更新修复 - 2019 年 5 月 5 日--

由于阻止 LMD 按照我最初的修复要求执行完整性检查是一个潜在的安全风险，我使用 LMD 的 custom.cron 创建了一个替代解决方案。好处是完整性检查仍然存在，并且电子邮件脚本应该通过更新保持不变。您无需接触 LMD 内部文件或 maldet 每日 cron。

确保$email_alert="1"并$email_addr=设置为至少一个正确的电子邮件地址/usr/local/maldetect/conf.maldet。然后添加以下内容/usr/local/maldetect/cron/custom.cron，它将在 maldet 每日 cron 结束时自动运行：

##
# Please use this file for preservation of custom LMD execution code for the daily cronjob.
# NOTE: scripts in this file are called at the end of maldet daily cron as $custom_cron_exec
##

# log_cron="1" enable logging, log_cron="0" disable logging 
# applies only to the code in this file
log_cron="1"

# logging function borrowed from /maldetect/internals/functions
eout() {
    if [ "$log_cron" == "1" ]; then
        msg="$1"
        stdout="$2"
        appn=maldet
        if [ ! -d "$logdir" ]; then
            mkdir -p $logdir ; chmod 700 $logdir
        fi
        if [ ! -f "$maldet_log" ]; then
            touch $maldet_log
        fi
        log_size=`$wc -l $maldet_log | awk '{print$1}'`
        if [ "$log_size" -ge "20000" ]; then
            trim=1000
            printf "%s\n" "$trim,${log_size}d" w | ed -s $maldet_log 2> /dev/null
        fi
        if [ ! "$msg" == "" ]; then
            echo "$(date +"%b %d %H:%M:%S") $(hostname -s) $appn($$): $msg" >> $maldet_log
            if [ ! -z "$stdout" ]; then
                echo "$appn($$): $msg"
            fi
        fi
    fi
}

eout "{cron} running $cron_custom_exec"

##
# LMD Daily Email v1.0.0
# Author: kdub Email: [email protected] Date: May 5th, 2019
# https://github.com/kdubdev/linux-malware-detect/blob/master/files/cron/custom.cron
# Script to send email of newest report after daily scan. More info:
# https://serverfault.com/questions/805158/how-to-get-an-email-report-of-whatever-the-most-recent-maldet-scan-is
# #
de_version='v1.0.0'
eout "{cron} starting LMD Cron Email $de_version"
eout "{cron} $intcnf shows email_alert=$email_alert email_addr=$email_addr"

# Default email subject defined in /usr/local/maldetect/internals/internals.conf
# is email_subj="maldet alert from $(hostname)"
# comment this line to use the default email_subj or change to what you want
printf -v email_subj '[%s] %s: Scan Report' "$(hostname)" "$appn($$)"

# uncomment email_addr below to override recipients. Separate multiple emails with ,
# use $email_addr to include recipient defined in /usr/local/maldetect/conf.maldet
# email_addr="$email_addr,[email protected],[email protected]"

# this is the email text inserted before the report
body_intro="Here are the results of the latest LMD scan:"
# this is the email text inserted after the report
printf -v body_footer "Email provided by LMD Cron Email %s\nCron file: %s\nLog file: %s" "$de_version" "$cron_custom_exec" "$maldet_log"

# this is a very weak email validation, just looking for @
if [ "$email_alert" == "1" ] && [ ! -z "$(echo $email_addr | grep '\@')" ]; then
# email_alert is true and email provided, send newest report
    if [ -f "$sessdir/session.last" ]; then    
        # Get most recent scan id
        rid=$(cat "$sessdir/session.last")
        if [ ! -z "$rid" ]; then
            # session.list contains something
            if [ -f "$sessdir/session.$rid" ]; then
                # report exists, get contents
                body=$(cat "$sessdir/session.$rid")
                eout "{cron} reading report $sessdir/session.$rid"
            else
                # report doesn't exist   
                body="{cron} unable to find report $sessdir/session.$rid."
            fi
            if [ -z "$body" ]; then
                # report file exists but is empty
                body="{cron} report $sessdir/session.$rid is empty."
            fi          
        else
            # session.last is empty  
            body="{cron} $sessdir/session.last is empty."
        fi
    else    
        # session.last doesn't exist
        body="{cron} unable to find $sessdir/session.last."
    fi
    # log if body starts with {cron} ie there's a problem reading report
    if [[ $body == '{cron}'* ]]; then
        eout "$body"
    fi

    # add intro and footer to body
    body=$(printf "%s\n\n%s\n\n%s\n\n" "$body_intro" "$body" "$body_footer")

    if [ -f "$mail" ]; then
        printf "%s" "$body" | $mail -s "$email_subj" "$email_addr"
        eout "{cron} mail sent using $mail to $email_addr, subject: $email_subj."
    elif [ -f "$sendmail" ]; then
        printf "%s\n%s" "$email_subj" "$body" | $sendmail -t "$email_addr"
        eout "{cron} mail sent using $sendmail to $email_addr, subject: $email_subj."
    fi
fi
eout "{cron} mail latest report finished."
eout "{cron} done running $cron_custom_exec"

您也可以在此处检查更新https://github.com/kdubdev/linux-malware-detect/blob/master/files/cron/custom.cron

在脚本中，您可以禁用日志记录、覆盖电子邮件主题和/或收件人，以及自定义电子邮件正文介绍和页脚。该脚本有大量注释，因此您可以跟进或进行更改。

我欢迎任何反馈或改进建议。

-- 下面的原始修复 --

为了解决这个问题并添加其他改进，我修改了 view_report() 并进行了以下更改：

• 添加选项“最新”作为别名--report并--report ""允许$ maldet --report newest [email protected]
• 使用时正确通过电子邮件发送最新报告$ maldet --report newest [email protected]或$ maldet --report "" [email protected]
• 从不必要地使用编辑器来查看报告，而不是简单地打印到终端
• 改进的日志记录

首先：您需要进行设置autoupdate_version_hashed="0"以/usr/local/maldetect/conf.maldet防止 LMD 在运行更新检查时自动覆盖您所做的任何更改。请注意，这是一个潜在的安全问题：

# This controls validating the LMD executable MD5 hash with known
# good upstream hash value. This allows LMD to replace the the
# executable / force a reinstallation in the event the LMD executable
# is tampered with or corrupted. If you intend to make customizations
# to the LMD executable, you should disable this feature.
# [0 = disabled, 1 = enabled]
autoupdate_version_hashed="0"

第二：将您的当前view_report() /usr/local/maldetect/internals/functions（第 645-706 行）替换为：

view_report() {
    # $1 is first arg passed from command line ex. $ maldet --report $1 $2
    rid="$1"
    # $ maldet --report list
    if [ "$rid" == "list" ]; then
        tmpf="$tmpdir/.areps$$"
        for file in `ls $sessdir/session.[0-9]* 2> /dev/null`; do
            SCANID=`cat $file | grep "SCAN ID" | sed 's/SCAN ID/SCANID/'`
            FILES=`cat $file | grep "TOTAL FILES" | sed 's/TOTAL //'`
            HITS=`cat $file | grep "TOTAL HITS" | sed 's/TOTAL //'`
            CLEAN=`cat $file | grep "TOTAL CLEANED" | sed 's/TOTAL //'`
            TIME=`cat $file | grep -E "^TIME|^STARTED" | sed -e 's/TIME: //' -e 's/STARTED: //' | awk '{print$1,$2,$3,$4}'`
            TIME_U=`date -d "$TIME" "+%s" 2> /dev/null`
                        ETIME=`cat $file | grep "ELAPSED" | awk '{print$1,$2}' | sed 's/ELAPSED/RUNTIME/'`
            if [ -z "$ETIME" ]; then
                ETIME="RUNTIME: unknown"
            fi
            if [ ! -z "$SCANID" ] && [ ! -z "$TIME" ]; then
                clean_zero=`echo $CLEAN | awk '{print$2}'`
                if [ -z "$clean_zero" ]; then
                    CLEAN="CLEANED:  0"
                fi
                echo "$TIME_U | $TIME | $SCANID | $ETIME | $FILES | $HITS | $CLEAN" >> $tmpf
            fi
        done
        if [ -f "$tmpf" ]; then
            if [ "$OSTYPE" == "FreeBSD" ]; then
                cat $tmpf | sort -k1 -n | cut -d'|' -f2-7 | column -t | more
            else
                cat $tmpf | sort -k1 -n | tac | cut -d'|' -f2-7 | column -t | more
            fi
            rm -f $tmpf 2> /dev/null
            exit 0
        else
            eout  "{list} unable to find report data for list, check \$sessdir"
            exit 1
        fi
    fi
    # If no SCANID is provided or "recent" then set $rid to most recent. 
    # $ maldet --report "" or $maldet --report newest
    if { [ "$rid" == "" ] || [ "$rid" == "newest" ]; } && [ -f "$sessdir/session.last" ]; then
        rid=`cat $sessdir/session.last`
    fi
    # make sure report exists
    if [ -f "$sessdir/session.$rid" ]; then
        # if email is provided, then send the report and exit
        if [ ! -z "$(echo $2 | grep '\@')" ]; then
            if [ -f "$mail" ]; then
                cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
            elif [ -f "$sendmail" ]; then
                if ! grep -q "SUBJECT: " "$sessdir/session.$rid"; then
                    echo -e "SUBJECT: $email_subj\n$(cat $sessdir/session.$rid)" > $sessdir/session.$rid
                fi
                cat $sessdir/session.$rid | $sendmail -t "$2"
            else
                # eout is an internal function to log to maldet_log and echo
                eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
                exit
            fi
            eout "{report} report ID $rid sent to $2" 1
            exit        
        # no email is provided so show report and exit
        else
            printf '%b\n' "$(cat $sessdir/session.$rid)"
            exit
        fi
    # can't find requested report so log & echo error
    else
        eout "{report} unable to find report session.\$rid, aborting."
        exit
    fi
}

/usr/local/maldetect/internals/functions您也可以在此处的拉取请求中找到整个更新的文件： https ://github.com/kdubdev/linux-malware-detect/blob/patch-1/files/internals/functions

最后：/etc/cron.daily/maldet如果您希望在每次每日扫描后收到电子邮件 ，请将 以下行添加到末尾：$inspath/maldet --report newest [email protected]

注意：如果不清楚，您可以使用-e或--report互换。

要么的作者maldet没有提供这种可能性，要么忽略了记录它。从外面是不可能猜到的。最好的方法是UTSL：在程序源代码中查找它如何处理-e选项以及是否有办法启动“最近扫描”分支并同时激活电子邮件选项。

您应该/usr/local/maldetect/conf.maldet在第 22 行编辑您的和。替换email_addr="[email protected]"为有效地址。

编辑：

我读错了原帖，但这个设置可以帮助其他人。

这是执行此操作的正确方法：maldet -e reportID email

您不需要 --report 开关