Greg Zemskov

Imunify360 RapidScan: Feel the Need, the Need for Speed

The release of Imunify360 v4.3 brings RapidScan, a feature to improve scanning speeds by as much as 1000%. We're making anti-malware and antivirus scans faster with RapidScan , a new scanning option for Imunify360. Quicker scans mean lower system resource usage, and an opportunity to scan more frequently, further hardening your systems’ security posture. Here's a short summary of how we've managed to get these impressive performance increases. Faster File Integrity Checking – File metadata, such as file hashes, are now stored locally. This means that unchanged files don't need to be rescanned, and no need to schedule complete scans for quiet times of the day. Efficient Cloud-assi...
Continue reading
Tags:
  537 Hits
  0 Comments
Greg Zemskov

Introduction to Imunify Hooks

Hooks are a new addition to our flagship cybersecurity product Imunify360. In my recent post on hooks , I described how they let you capture events from the agent and act on them. For example, you might want to automatically notify a user or suspend a web hosting account if Imunify360 detects malware in the account’s file system. That last scenario is explained in a video presented by our Senior Sales Engineer, Jamie Charleston . He shows you the code and steps needed to set up an automated action based on malware detection. You can watch it here.
Tags:
  263 Hits
  0 Comments
Inessa Atmachian

Beta: ImunifyAV 4.3.0 updated

We are pleased to announce that the new updated ImunifyAV version 4.3.0 beta is now available. Improvements DEF-7539: [Feature Request] date/time of the last scan of each account DEF-8625: [Feature Request] Report file as false-positive under the “Actions” menu in UI. DEF-7264: Re-design - 1st release Tasks DEF-8710: Add support for --with-suspicious flag and suspicious section in reports returned by ai-bolit DEF-9072: Remove ClamAV and hash filter vendors DEF-9075: Remove excessive code from MalwareScanner DEF-9131: Send to MRS files from suspicious section DEF-8405: Process send to MRS events DEF-8406: Process rescan events DEF-8645: Add ability to enable Cloud Assisted Scannin...
Continue reading
Tags:
  605 Hits
  0 Comments
Inessa Atmachian

Beta: Imunify360 4.3.0 release

We are pleased to announce that a new Imunify360 beta version 4.3 is now available for download from our updates-testing repository.​ Enhancements Dashboard Enhanced UI - Detected Malware chart and enhanced summary. We have added the “Malware Detected” chart that shows statistics on the number of detected files per day. The number of issues is shown inside the circle, so you can easily monitor server state.   Malware Scanner Enhanced default actions on malware detection: Added auto-cleanup. Finally, we’ve added the ability to clean up detected malware automatically. Therefore, there’s no need to suspend infected user accounts as the malware will be removed ...
Continue reading
Recent Comments
Greg Zemskov
Hi Lucas, cloud-assisted scan is a part of RapidScan approach to significantly improve scan speed. Cloud-assisted scan is based o... Read More
Thursday, 22 August 2019 08:55
  682 Hits
  2 Comments
Greg Zemskov

Imunify360 Poll: Choose a couple of the best ways to notify you (admin) on critical issues detected by Imunify360?

If you have any suggestions, please, add them in the comments.
  991 Hits
  0 Comments
Greg Zemskov

Attending a WebProsSummit this year? Don’t miss the Imunify Security Products Certification training.

Learn webserver security from those who know it best. This year, cPanel and Imunify team giving you the opportunity to learn more about Imunify through our Imunify Security Products certification training course right at WebProsSummit 2019 .  Jamie Charleston, our Senior Sales Engineer, will teach you all about Imunify Security Products and explain every Imunify feature in detail, showing you the best and safest way to configure it for your web server. You’ll learn how to use the malware scanner, what Proactive Defense is and how it works, how to interpret cybersecurity incidents in the Incident Manager, and find out the best way to secure your server from viruses and malware, and...
Continue reading
  4030 Hits
  0 Comments
Greg Zemskov

Meet Imunify Security team at Webpros Summit

As always, CloudLinux is a proud sponsor of the cPanel’s events and this year, at Webpros Summit we will represent Imunify Security Products.   Traditionally,  CEO of CloudLinux Inc, Igor Seletskiy, will provide the presentation and discuss some hot topic related to the hosting industry. This time, he will talk about Security From a Big Data Perspective and share all the insights about how Imunify Security collects data points from more than a hundred thousand servers, so we can see how attacks unfold in real-time. In this session, Igor will show what Imunify team has learned, how some basic security best practices can immediately give you a 10% improvement in protection agai...
Continue reading
  483 Hits
  0 Comments
Greg Zemskov

ClamAV Zip Bomb Makes CPUs Choke

A new vulnerability has been discovered [1] in the popular ClamAV antivirus scanning engine. ClamAV is one of the antivirus scanning engines used in ImunifyAV and Imunify360. For this reason, we’ve released an update of the ClamAV package so that ImunifyAV and Imunify360 can be protected from this vulnerability. How it works The vulnerability means that certain kinds of highly-compressed zip files can’t be scanned. David Fifield [2], a security researcher, found that, using overlapping techniques, he could generate files with extraordinary compression ratios. In one case, he managed to compress a 281 TB file down to 10 Mb. That’s a compression ratio of more than 28,000...
Continue reading
  655 Hits
  0 Comments
Inessa Atmachian

Beta: ImunifyAV 4.2.7 updated

We are pleased to announce that the new updated ImunifyAV version 4.2.7 beta is now available. Fix DEF-9022: allow 'week' and 'day' for MALWARE_SCAN_SCHEDULE.interval in AV+ Task DEF-9352: implement --intensity which is joint of --intensity-cpu and --intensity-io How to install To install the new ImunifyAV version 4.2.7, please run the commands: wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.shbash imav-deploy.sh --beta To upgrade ImunifyAV on CentOS/CloudLinux systems, run the command: yum update imunify-antivirus --enablerepo=imunify360-testing
Tags:
  417 Hits
  0 Comments
Inessa Atmachian

Beta: Imunify360 4.2.7 updated

We are pleased to announce that the new updated Imunify360 version 4.2.7 beta is now available. Fixes DEF-9022: allow 'week' and 'day' for MALWARE_SCAN_SCHEDULE.interval in AV+ DEF-9318: support new format of modsec_audit.log in concurrent mode Task DEF-9352: implement --intensity which is joint of --intensity-cpu and --intensity-io How to install To install the new Imunify360 version 4.2.7 beta Please follow the instructions in the documentation . To upgrade Imunify360 on CentOS/CloudLinux systems Run the command: yum update imunify360-firewall --enablerepo=imunify360-testing To upgrade Imunify360 on Ubuntu 16.04 Run the command: echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/u...
Continue reading
  423 Hits
  0 Comments
Greg Zemskov

How much freedom should a user have to configure their own settings?

Imunify360 lets you change a lot of settings and customizations in the admin UI. There are also some settings in the user UI too, so users can enable/disable Proactive Defense, or choose the default action when malware is detected. Some of those settings, under certain circumstances, can affect server security. So today’s question is a little trickier than usual...
  342 Hits
  0 Comments
Greg Zemskov

What are the most common security issues you face?

To improve the user experience in Imunify360 we want to ask: What are the most common server security issues you face? What should be the primary focus of our product?
  1116 Hits
  0 Comments
Dmitry Belomestnykh

PHP malware obfuscation using goto

Imunify’s Malware Intelligence Team has been witnessing an increase in malware samples using the goto programming construct. Here’s a chart showing the recent surge of malware using goto as an obfuscating mechanism.

Continue reading
  451 Hits
  0 Comments
Greg Zemskov

Imunify360 Poll: What do you do with infected user accounts on a server?

To improve the user experience in Imunify360 and ImunifyAV we want to know how you deal with infected user accounts. Some hosters instantly block the account to prevent further malware distribution, while others simply notify users when malware is detected. If you have more details or comments on how and why you deal with infected user accounts, please share them. We’d love to hear your views.
  480 Hits
  0 Comments
Greg Zemskov

Announcing: Daily Malware Updates

Malware changes daily, sometimes hourly.

To keep servers safe, you must make sure your Imunify360 malware database is always up to date. We're striving to make Imunify360 the easiest way to keep Linux web servers secure. So we're announcing that, as of July 10, 2019, the Imunify360 and ImunifyAV malware and black hash databases get updates every business day.

Continue reading
  594 Hits
  0 Comments
Greg Zemskov

Imunify360 Poll: CLI vs UI? Give us your input … on how you input.

Do you fight malware from the knife-edge of the command line, or the plush refinement of the GUI? That’s today’s poll—it only takes a second. There are several ways of managing servers and controlling their applications and services. We’re curious what type of interface you prefer while working with Imunify360: Command Line or UI. Which do you prefer? Your feedback helps us improve Imunify360 and make it everything a Linux web hosting ninja needs for all-round server cybersecurity. What type of automation/tools are you using?
  528 Hits
  0 Comments
Greg Zemskov

Share your experience regarding database infection

This time we invite you to share your experience regarding one of the non-typical security issues - database malware injection / infections.  Join the new poll now Also, we are thankful to you for participating in the recent poll and ready to share the results regarding the question "What 3 features are the most valuable for you in Imunify360?" 
  402 Hits
  0 Comments
Sergey Khristich

What 3 features are the most valuable for you in Imunify360?

We really appreciate your participation and want to thank you all for your contribution to the Imunify products. Our last poll was about the security policy you choose for your servers. ~95% of participants voted for the “Block everything but leave some certain ports opened”. This time we’d like you to share thoughts about Imunify features. Please, use comments below the poll for feature requests, advice and other extended comments.
  512 Hits
  0 Comments
Naveen Velusamy

Malware Masquerading as a Web Server Image Processor

Introduction

Your web server's image processor could be malware hiding in plain sight.

I'm going to describe an interesting type of malware the Malware Intelligence Team recently uncovered during a recent research operation.

At the time of writing, there were 11,320 cases of it detected and neutralized on 265 websites across 183 servers.

It is a particularly ingenious and potentially destructive type of malware: it is designed to appear as a legitimate image processor, and can act as a backdoor to your web server.

A backdoor is malicious software that lets a hacker get back into your server even after you detect and remove their access credentials. When a hacker gets into your site, the first thing they do is upload a backdoor.

Continue reading
  844 Hits
  1 Comment
Greg Zemskov

An Introduction to Imunify Hooks

In Imunify360 v4.2 beta, we introduced “Hooks”, a new way to handle asynchronous events coming from the Imunify agent. It works like a simple event handler. For example, you can create a script that will run when malware is detected (right after the on-demand or background scan is finished).

The script is put on the server and registered via the Imunify360 command-line interface. In the script, you can specify a set of actions based on the scanning report received from Imunify360: for example, suspend a user account infected with malware, send out an email notification, or submit a ticket for the client. Hooks are just executables, so they can be written in any language (bash, php, python, etc.).

We’ve had a lot of questions regarding the practical use of hooks. So, we’ve created this article to show you an example of a hook that runs when malware is detected, and suspends the cPanel user account when the number of infected files exceeds three.

Here are the steps to create the hook:

Create a file (e.g. /root/hooks/hook.php) with the following content:

Continue reading
  796 Hits
  0 Comments