# 4. Malware Reports

Malware Reports track the output of antivirus or anti‐malware scans on servers. Common tools include:

- **ClamAV** (open‐source antivirus)
- **Rootkit** detection scripts

##### Use Cases 

1. **Detecting Server Malware:** A CLAMAV scan detects malware in email attachments. Security isolates the files and marks the report as "In progress" for further analysis.
2. **Rootkit Detection:** A ROOTKIT scan finds hidden malicious processes. Engineers remove the infected files and mark the report as "Resolved".
3. **Scheduled Security Checks:** Weekly malware scans report no issues. Security logs the "Found = false" status and archives the report.
4. **Emergency Malware Response:** Malware is detected during a live incident. The security team performs an immediate investigation, quarantines infected files, and completes a system clean-up.

##### Table View

**Total:** (top-left) shows how many reports are in your system.

**Filter** launches a sidebar to narrow your list by:  
**Scan type** (e.g. CLAMAV, ROOTKIT)  
**State** (Not processed • In progress • Resolved)  
**Project Search** finds any term in server names or descriptions.  
**+ Add** (top-right) opens the “Add malware report” form.

**Columns**

<div class="_tableContainer_16hzy_1" id="bkmrk-%C2%A0-column-name-%E2%87%85-what"><div class="_tableWrapper_16hzy_14 group flex w-fit flex-col-reverse" tabindex="-1"><table class="w-fit min-w-(--thread-content-width)" data-end="1413" data-start="670" style="width: 97.9762%;"><thead data-end="708" data-start="670"><tr data-end="708" data-start="670"><th data-col-size="sm" data-end="673" data-start="670" style="width: 8.23633%;"> </th><th data-col-size="sm" data-end="689" data-start="673" style="width: 29.0559%;">Column Name ⇅</th><th data-col-size="sm" data-end="708" data-start="689" style="width: 62.6876%;">What It Shows</th></tr></thead><tbody data-end="1413" data-start="749"><tr data-end="816" data-start="749"><td data-col-size="sm" data-end="754" data-start="749" style="width: 8.23633%;">☑️</td><td data-col-size="sm" data-end="770" data-start="754" style="width: 29.0559%;">(checkbox)</td><td data-col-size="sm" data-end="816" data-start="770" style="width: 62.6876%;">Select individual rows for bulk actions.</td></tr><tr data-end="891" data-start="817"><td data-col-size="sm" data-end="821" data-start="817" style="width: 8.23633%;">1</td><td data-col-size="sm" data-end="842" data-start="821" style="width: 29.0559%;">**Server name**</td><td data-col-size="sm" data-end="891" data-start="842" style="width: 62.6876%;">Hostname or IP address scanned.</td></tr><tr data-end="965" data-start="892"><td data-col-size="sm" data-end="896" data-start="892" style="width: 8.23633%;">2</td><td data-col-size="sm" data-end="917" data-start="896" style="width: 29.0559%;">**Project**</td><td data-col-size="sm" data-end="965" data-start="917" style="width: 62.6876%;">Link to the project/environment.</td></tr><tr data-end="1039" data-start="966"><td data-col-size="sm" data-end="970" data-start="966" style="width: 8.23633%;">3</td><td data-col-size="sm" data-end="991" data-start="970" style="width: 29.0559%;">**Scan type ⇅**</td><td data-col-size="sm" data-end="1039" data-start="991" style="width: 62.6876%;">Which tool ran (CLAMAV, ROOTKIT, etc.).</td></tr><tr data-end="1116" data-start="1040"><td data-col-size="sm" data-end="1044" data-start="1040" style="width: 8.23633%;">4</td><td data-col-size="sm" data-end="1068" data-start="1044" style="width: 29.0559%;">**Vulnerabilities ⇅**</td><td data-col-size="sm" data-end="1116" data-start="1068" style="width: 62.6876%;">“Detected” or “Not found” based on scan.</td></tr><tr data-end="1190" data-start="1117"><td data-col-size="sm" data-end="1121" data-start="1117" style="width: 8.23633%;">5</td><td data-col-size="sm" data-end="1142" data-start="1121" style="width: 29.0559%;">**Created at ⇅**</td><td data-col-size="sm" data-end="1190" data-start="1142" style="width: 62.6876%;">When the report was first logged.</td></tr><tr data-end="1264" data-start="1191"><td data-col-size="sm" data-end="1195" data-start="1191" style="width: 8.23633%;">6</td><td data-col-size="sm" data-end="1216" data-start="1195" style="width: 29.0559%;">**Updated at ⇅**</td><td data-col-size="sm" data-end="1264" data-start="1216" style="width: 62.6876%;">When any field was last changed.</td></tr><tr data-end="1338" data-start="1265"><td data-col-size="sm" data-end="1269" data-start="1265" style="width: 8.23633%;">7</td><td data-col-size="sm" data-end="1290" data-start="1269" style="width: 29.0559%;">**State ⇅**</td><td data-col-size="sm" data-end="1338" data-start="1290" style="width: 62.6876%;">Processing status (Not processed, etc.).</td></tr><tr data-end="1413" data-start="1339"><td data-col-size="sm" data-end="1343" data-start="1339" style="width: 8.23633%;">8</td><td data-col-size="sm" data-end="1364" data-start="1343" style="width: 29.0559%;">**Actions**</td><td data-col-size="sm" data-end="1413" data-start="1364" style="width: 62.6876%;">• ✏️ Edit • 🗑️ Delete</td></tr></tbody></table>

</div></div><p class="callout info">Security engineers then mark the report as “In progress” to investigate or “Resolved” if no further action is needed.</p>

##### Adding a Malware Report

1\. Click **+ Add**.

2\. In the “Add malware report” form:  
**Server name:** Enter the machine’s name or IP.  
**Scan type:** Choose from your configured tools (ROOTKIT, CLAMAV, etc.).  
**Project:** Link it to the correct project.  
**State:** Select “Not processed,” “In progress,” or “Resolved.”  
**Malware found:** Check this box if the scan flagged any threats (it’ll show “Detected” under Vulnerabilities).  
**Description:** Summarize any details or remediation steps.

3\. Click **Save**. The new row appears in the table.

##### Editing Reports

**Edit:** Click the ✏️ icon in the Actions column to open the side-panel. You can change **Server name**, **Scan type**, **State**, **Malware found**, or update the **Description**. Then hit **Save**.

<p class="callout info">If action is required, they set the State to “Processed” or “Not Processed.”  
</p>

##### Filtering Malware Reports

To narrow down the list of malware reports, use the **Filter** panel available at the top of the Malware Reports table.  
To open filters, click **Filter** in the upper-left corner of the table. A sidebar will appear with the following options:

**State**  
Filter reports by their processing status:

1. Not processed
2. In progress
3. Resolved

This helps track which reports still require investigation versus those already handled.

**Scan type**  
Limit results to reports generated by a specific malware detection tool, such as:

1. CLAMAV
2. ROOTKIT

**Vulnerabilities**  
Use these checkboxes to control whether reports with or without detected threats are shown:

1. Show issues with detected vulnerabilities
2. Show issues without detected vulnerabilities

This is useful for quickly isolating confirmed incidents or reviewing clean scan results.

After selecting the required parameters, click **Save** to apply the filters.  
To change the filter set, reopen the panel and adjust the selected values.