Beta: Imunify360 4.3.0 release

Beta: Imunify360 4.3.0 release

We are pleased to announce that a new Imunify360 beta version 4.3 is now available for download from our updates-testing repository.​

Enhancements

Dashboard

  • Enhanced UI - Detected Malware chart and enhanced summary.

    We have added the “Malware Detected” chart that shows statistics on the number of detected files per day. The number of issues is shown inside the circle, so you can easily monitor server state.

 

Malware Scanner

  • Enhanced default actions on malware detection: Added auto-cleanup.

    Finally, we’ve added the ability to clean up detected malware automatically. Therefore, there’s no need to suspend infected user accounts as the malware will be removed by Imunify360 automatically. Just select “Clean Up” as the default action for detected malware. It will keep your server malware-free.

  • RapidScan - a new approach to rescan files in a smarter way.

    The scanning engine has been significantly reworked to improve the speed of scan and reduce resource consumption when the antivirus engine is running. The current scanning engine supports cloud-assisted scan as well as an integrity checker to optimize the list of scanning files. Re-scanning a user account is now 5x faster. The cleanup procedure has also been improved.

  • ClamAV removal.

    Starting from v4.3 we’re no longer using ClamAV as a scanning vendor. It has produced a lot of “false positives” during file scanning. At the moment, our malware scanner is based on our proprietary scan engine with daily signatures updates, so we expect a dramatic improvement in detection rates and a reduction in the “false positives” count.

  • Last scan date added in the UI.

    We’ve improved the Malware Scanner UI by adding a “Last Scan” field to show when the last scan happened.

Firewall

  • Custom/external blacklist/whitelist support.

    One of the most-requested features of hosting providers is an external blacklist/whitelist and centralized management of them. Now, Imunify360 is supporting external blacklist/whitelist that are loaded from text files. So you can drop the files to a specific location and update the list of blocked or whitelisted IPs instantly and automatically.

  • DOS / brute force protection for WordPress login page and some other popular pages based on RBL.

    Imunify360 has become more advanced and responsive to attacks against WordPress. It’s using modsec RBL (Real-Time Blacklists) to identify attackers and bad bots scanning or brute-forcing WordPress login pages, xmlrpc.php, and other popular URLs.

  • Improved heuristics against brute-force attacks.

    Server-side heuristics have been improved and enhanced so they can block more attacks.

WebShield

  • Our own ‘SplashScreen’ instead of Google ReCaptcha for Chinese customers.

    It is a known fact that Google’s ReCaptcha does not show for Chinese visitors. But we’ve developed a replacement called SplashScreen. It pops up a challenge page that checks if the visitor is a legitimate one or a bad bot.

General

  • Optimized Imunify360 Agent - less memory required.

    We’re want Imunify360 to use as little system resources as possible. This release introduces a lot of improvements that save memory and reduce CPU consumption during the working cycle.

  • Enhanced list of supported CDNs: Cloudflare, MaxCDN, StackPath CDN, KeyCDN, Dartspeed, QUIC.cloud

    We’re extending the list of supported CDN services and proxies, and have just added a couple more.

Bug fixes and small changes

  • Correct HardenedPHP support for CloudLinux OS
  • Updated RSS link for newsfeed
  • A lot of other bug fixes

The full changelog is below.

How to upgrade

To install the new Imunify360 version 4.3 beta please follow the instructions in the documentation.

To upgrade Imunify360 on CentOS/CloudLinux systems

Run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04

Run the command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04

Run the command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

+ Changelog

    Improvements

    • DEF-7539: [Feature Request] date/time of the last scan of each account
    • DEF-8625: [Feature Request] Report file as false-positive under the “Actions” menu in UI.
    • DEF-7264: Re-design - 1st release
    • DEF-8663: Add handling of modsec data (.PAG) files for Imunify360 package

    Tasks

    • DEF-8710: Add support for --with-suspicious flag and suspicious section in reports returned by ai-bolit
    • DEF-9072: Remove ClamAV and hash filter vendors
    • DEF-9075: Remove excessive code from MalwareScanner
    • DEF-9131: Send to MRS files from suspicious section
    • DEF-8405: Process send to MRS events
    • DEF-8406: Process rescan events
    • DEF-8645: Add ability to enable Cloud Assisted Scanning in Imunify360 and ImunifyAV
    • DEF-8646: Cleanup of files blacklisted by hash
    • DEF-8877: Create script/documentation to install latest version of Imunify by-passing gradual roll out
    • DEF-6093: Add ClusterLogics backup backend
    • DEF-6547: Review peewee in_() usage in agent project
    • DEF-6715: Resolve expanded paths before scan
    • DEF-7047: update sentry client in the agent
    • DEF-7079: Bring back splashscreen to webshield
    • DEF-7242: Re-design Imunify - toggles (mostly), checkboxes, radiobuttons
    • DEF-8180: Dashboard - add malware chart (histogram)
    • DEF-8203: Add malicious & suspicious files for rescan when using c/mtime
    • DEF-8249: Clean /var/imunify360/tmp regularly
    • DEF-8254: Default actions on malware detection (Cleanup / Restore from Backup)
    • DEF-8431: Implement Native FM for AV/ AV+
    • DEF-8457: No control panel ImunifyAV - PHP & Python to handle requests
    • DEF-8478: [No control panel IM.AV] auth in agent (PAM) - add RPC method
    • DEF-8514: Increase max sample size up to 8MB on Agent side
    • DEF-8515: Create hook for license check (expiration/installation)
    • DEF-8533: Add information to `doctor` output about agent's opened file descriptors
    • DEF-8537: Separate defence360agent/files to AV and im360 parts
    • DEF-8558: Remove dependencies on im360 package from send_server_config plugin
    • DEF-8582: Last scanning date in scanning results
    • DEF-8585: [No control panel IM.AV] create rpm & deb packages
    • DEF-8587: [No control panel IM.AV] get list of users for agent
    • DEF-8588: [No control panel IM.AV] update deploy script
    • DEF-8611: Refactor accumulate plugin
    • DEF-8623: update imav/im360 dependencies without breaking `yum update` on customer's hosts
    • DEF-8701: Use webpack-manifest-plugin instead of Imunify version in query params for caching
    • DEF-8709: Implement suspicious file detection for ai-bolit
    • DEF-8711: remove CLAMAV & HashFilter
    • DEF-8712: [No control panel IM.AV] hide file upload input and disable that method
    • DEF-8719: Remove dependencies from AV package that not needed anymore
    • DEF-8732: Get rid of cryptography dependency
    • DEF-8743: Default actions on malware detection (Cleanup / Restore from Backup) - UI
    • DEF-8794: Update news RSS link
    • DEF-8798: Remove migration from the main process in Imunify-AV
    • DEF-8839: "Scan only modified files" setting - Agent
    • DEF-8842: Rapid scan integration in the agent
    • DEF-8879: Check how files downloading framework affects memory usage
    • DEF-8893: Remove aiohttp dependency from AV
    • DEF-8933: [No control panel IM.AV] auth - integrate login RPC method in UI
    • DEF-8934: [No control panel IM.AV] add method for reading integration.conf
    • DEF-8935: [No control panel IM.AV] UI e2e tests - run current e2e tests on no-cp IM.AV
    • DEF-8959: [No control panel IM.AV] e2e tests - cover integration points with e2e tests
    • DEF-8966: Do not send to sentry such errors [Errno 2] No such file or directory
    • DEF-8986: [No control panel IM.AV] UI e2e tests - fix failing tests
    • DEF-9002: Fix misprint in tmpwatch command
    • DEF-9021: [No control panel IM.AV] fix upgrade page and cover it with tests
    • DEF-9057: [No control panel IM.AV] optimize agent memory comsumption on cpanel
    • DEF-9058: Dashboard improvements for 4.3
    • DEF-9060: Add parameter to log to stdout
    • DEF-9071: [No control panel IM.AV] display current user name
    • DEF-9085: Create an RPM-test to check integration with ai-bolit suspicious file detection
    • DEF-9087: [AI-BOLIT] Signature format of the binary/blacklisted file should be BL-crc
    • DEF-9101: Make change due to procu2 signature change of blackisted files
    • DEF-9103: [No control panel IM.AV] add root-only "login get" RPC method
    • DEF-9104: Rapid scan integration in UI
    • DEF-9162: Disable autocleanup when AV+ unregistered/expired
    • DEF-9219: Disable ftp integration for upload scan if inotify enabled
    • DEF-9275: Completely remove ClamAV from UI
    • DEF-9341: Use php 7.3 for AI-BOLIT 4.1
    • DEF-9373: [AI-BOLIT] Some malicious files with randomly generated names are not detected
    • DEF-9402: Re-design Imunify - pick checkboxes, radio buttons and switchers from re-design branch to 4.3
    • DEF-9404: Enable Cloud Assisted Scan by default

    Bugs

    • DEF-7857: eula is constantly downloaded from server in AV
    • DEF-8018: FileNotFoundError: [Errno 2] No such file or directory: '/etc/sudoers'
    • DEF-8177: Cleanup of >1000 files freezes the agent
    • DEF-8298: No progress tracking during AI-BOLIT scan
    • DEF-8504: Reading of non-existent malware file causes a 'quarantine error' message
    • DEF-8569: Change malware found list location
    • DEF-8784: 'weekly' is not one of ['monthlyByDaysOfMonth']
    • DEF-8907: Fix "near "?": syntax error" in malware user list
    • DEF-8927: fix iteration on subprocess out put
    • DEF-8968: Check schema validation
    • DEF-8999: Lock on-demand page until data is loaded
    • DEF-9217: Fix migration 122_cagefs_unmount which has never run
    • DEF-9238: [Response validation] fix "None is not of type 'string'"
    • DEF-9255: [Response validation] None is not of type 'boolean'
    • DEF-9287: Fix plugin icon in DA Evolution skin, "icons grid" layout
    • DEF-9379: Allow enduser to set default_action=CLEANUP
    • DEF-9432: [AI-BOLIT] eicar isn't detected in 4.1.1-2
Beta: ImunifyAV 4.3.0 updated
Imunify360 Poll: Choose a couple of the best ways ...

Related Posts

 

Comments 2

Guest - Lucas rolff on Thursday, 22 August 2019 05:14

Can I ask what cloud assisted scan is? Sounds interesting!

Can I ask what cloud assisted scan is? Sounds interesting!
Greg Zemskov on Thursday, 22 August 2019 08:55

Hi Lucas,
cloud-assisted scan is a part of RapidScan approach to significantly improve scan speed. Cloud-assisted scan is based on file hash check that is cloud-based. Once we know file hashes we can check if the files are legitimate (whitelisted) or malicious. For the files that're not in cloud-assisted hash database we perform common scan based on heuristics and signatures as before. Combination of several approaches gives significant speed improvement. So please, try it out and let us know how it works for you.
Thanks!

Hi Lucas, cloud-assisted scan is a part of RapidScan approach to significantly improve scan speed. Cloud-assisted scan is based on file hash check that is cloud-based. Once we know file hashes we can check if the files are legitimate (whitelisted) or malicious. For the files that're not in cloud-assisted hash database we perform common scan based on heuristics and signatures as before. Combination of several approaches gives significant speed improvement. So please, try it out and let us know how it works for you. Thanks!
Already Registered? Login Here
Guest
Sunday, 22 September 2019

Captcha Image