2026 update: this was an old ImunifyAV/ClamAV cron noise issue we saw on a cPanel server in 2023. It appears to have been corrected in later Imunify releases, but the troubleshooting lesson is still useful: when a hosting security tool starts creating cron emails, check the log path, confirm the package is current, and make sure malware scanning still runs before you silence alerts. For a broader hardening pass, see our cPanel WordPress hosting security checklist and the cPanel & WHM security update guide.
[Edited Dec. 17th 2023 @ 08:45 U.S. Eastern Time]
Welcome to another fun found bug by Fix IT Phill. Today we will be going over an issue in the free version of ImunifyAV.
This morning we started getting tickets being created by one of our servers saying it was coming from a cron job. The cron job seemed to be set for every 5 minutes and complained that a file for ClamAV did not exist.
Cron <root@genie> /opt/alt/python38/share/imunify360/scripts/purge-clamav > /var/log/imunify360/clamav-purge.log 2>&1
Using ImunifyAV official documentation and the vendor support path, server owners can confirm whether their installed package is current and whether the expected log paths exist. cPanel also keeps a current ImunifyAV for cPanel & WHM installation guide, which is worth checking before assuming a cron alert is harmless.
So the way I was able to put a temporary fix in place was to create /var/log/imunify360 and then create the log file it seemed to want to purge. The following commands were used:
mkdir /var/log/imunify360 touch /var/log/imunify360/clamav-purge.log
As far as we know, they corrected this issue in later releases on WHM/cPanel servers and it was an isolated issue. Please reach out to Imunify support or to us at Help4 Network for assistance if you are still facing this issue on your Help4 Network hosted server.
What To Check If The Alert Comes Back
- Confirm the ImunifyAV or Imunify360 package is fully updated from WHM or the server package manager.
- Check whether the expected Imunify log directory and log file exist.
- Review recent cron mail so you know whether this is a missing log path, a package issue, or a real malware-scan failure.
- Confirm ClamAV and Imunify scanning still run after the alert stops.
- Keep backups and malware cleanup coverage in place before changing security tooling on a production hosting server.
Fix IT Phill
Make sure to check out Help4WordPress.com and Help4Network.com for all of your hosting and support needs.
