Email Alerts
PRX-SD can send email notifications when threats are detected, scans complete, or critical events occur. Email alerts complement webhooks for environments where email is the primary communication channel or for reaching on-call personnel.
Usage
bash
sd email-alert <SUBCOMMAND> [OPTIONS]Subcommands
| Subcommand | Description |
|---|---|
configure | Set up SMTP server and recipient settings |
test | Send a test email to verify configuration |
send | Manually send an alert email |
status | Show current email configuration status |
Configuring Email
Interactive Setup
bash
sd email-alert configureThe interactive wizard prompts for:
SMTP Server: smtp.gmail.com
SMTP Port [587]: 587
Use TLS [yes]: yes
Username: [email protected]
Password: ********
From Address [[email protected]]: [email protected]
From Name [PRX-SD]: PRX-SD Scanner
Recipients (comma-separated): [email protected], [email protected]
Min Severity [suspicious]: maliciousCommand-Line Configuration
bash
sd email-alert configure \
--smtp-server smtp.gmail.com \
--smtp-port 587 \
--tls true \
--username [email protected] \
--password "app-password-here" \
--from "[email protected]" \
--from-name "PRX-SD Scanner" \
--to "[email protected],[email protected]" \
--min-severity maliciousConfiguration File
Email settings are stored in ~/.prx-sd/config.toml:
toml
[email]
enabled = true
min_severity = "malicious" # suspicious | malicious
events = ["threat_detected", "ransomware_alert", "scan_completed"]
[email.smtp]
server = "smtp.gmail.com"
port = 587
tls = true
username = "[email protected]"
# Password stored encrypted - use 'sd email-alert configure' to set
[email.message]
from_address = "[email protected]"
from_name = "PRX-SD Scanner"
recipients = ["[email protected]", "[email protected]"]
subject_prefix = "[PRX-SD]"TIP
For Gmail, use an App Password instead of your account password. Go to Google Account > Security > 2-Step Verification > App passwords to generate one.
Testing Email
Send a test email to verify your configuration:
bash
sd email-alert testSending test email to [email protected], [email protected]...
SMTP connection: OK (smtp.gmail.com:587, TLS)
Authentication: OK
Delivery: OK (Message-ID: <[email protected]>)
Test email sent successfully.Sending Manual Alerts
Trigger an alert email manually (useful for testing integrations or forwarding findings):
bash
# Send alert about a specific file
sd email-alert send --file /tmp/suspicious_file --severity malicious \
--message "Found during incident response investigation"
# Send a scan summary
sd email-alert send --scan-report /tmp/scan-results.jsonEmail Content
Threat Detection Email
Subject: [PRX-SD] MALICIOUS: Win_Trojan_AgentTesla detected on web-server-01
PRX-SD Threat Detection Alert
==============================
Host: web-server-01
Timestamp: 2026-03-21 10:15:32 UTC
Severity: MALICIOUS
File: /tmp/payload.exe
SHA-256: e3b0c44298fc1c149afbf4c8996fb924...
Size: 240 KB
Type: PE32 executable (GUI) Intel 80386, for MS Windows
Detection: Win_Trojan_AgentTesla
Engine: YARA (neo23x0/signature-base)
Action Taken: Quarantined (ID: a1b2c3d4)
---
PRX-SD Antivirus Engine | https://openprx.dev/prx-sdScan Summary Email
Subject: [PRX-SD] Scan Complete: 3 threats found in /home
PRX-SD Scan Report
===================
Host: web-server-01
Scan Path: /home
Started: 2026-03-21 10:00:00 UTC
Completed: 2026-03-21 10:12:45 UTC
Duration: 12 minutes 45 seconds
Files Scanned: 45,231
Threats Found: 3
Detections:
1. /home/user/downloads/crack.exe
Severity: MALICIOUS | Detection: Win_Trojan_Agent
Action: Quarantined
2. /home/user/.cache/tmp/loader.sh
Severity: MALICIOUS | Detection: Linux_Backdoor_Generic
Action: Quarantined
3. /home/user/scripts/util.py
Severity: SUSPICIOUS | Detection: Heuristic_HighEntropy
Action: Reported
---
PRX-SD Antivirus Engine | https://openprx.dev/prx-sdSupported Events
| Event | Default Included | Description |
|---|---|---|
threat_detected | Yes | Malicious or suspicious file found |
ransomware_alert | Yes | Ransomware behavior detected |
scan_completed | No | Scan job finished (only if threats found) |
update_completed | No | Signature update completed |
update_failed | Yes | Signature update failed |
daemon_error | Yes | Daemon encountered a critical error |
Configure which events trigger emails:
toml
[email]
events = ["threat_detected", "ransomware_alert", "daemon_error"]Rate Limiting
To prevent email flooding during large outbreaks:
toml
[email.rate_limit]
max_per_hour = 10 # Maximum emails per hour
digest_mode = true # Batch multiple alerts into a single email
digest_interval_mins = 15 # Digest batch windowWhen digest_mode is enabled, alerts within the digest window are combined into a single summary email instead of sending individual notifications.
Checking Status
bash
sd email-alert statusEmail Alert Status
Enabled: true
SMTP Server: smtp.gmail.com:587 (TLS)
From: [email protected]
Recipients: [email protected], [email protected]
Min Severity: malicious
Events: threat_detected, ransomware_alert, daemon_error
Last Sent: 2026-03-21 10:15:32 UTC
Emails Today: 2Next Steps
- Webhook Alerts -- real-time webhook notifications
- Scheduled Scans -- automate recurring scans
- Threat Response -- automated remediation policies
- Daemon -- background protection with alerts