Imunify360 Blog

Malware scanner: A New Way To Neutralize Infected Files

Written by Greg Zemskov | Mar 19, 2020 11:17:17 AM
Some Imunify360 customers don’t use the Auto Cleanup option because they’re afraid that it will break client web sites. They’re afraid that if a WordPress index.php file gets infected, for instance, the file will be blocked by Malware Scanner for Linux servers, and the web site will go down.

These fears are unfounded. Malware Scanner removes malicious code that’s been injected into a file, while leaving the rest of the file intact. It also removes malicious files that have been included into other files. Enabling Auto Cleanup is completely safe and effective.

Still, some users forget to enable it, so the Imunify team looked for an additional way to neutralize infected files. 

 

Tighter Component Integration

To block malware even before it’s cleaned, we’ve integrated two Imunify360 components more tightly: Proactive Defense and Malware Scanner. These components can now “talk” to each other to a greater degree, which stops systems from accessing PHP malware that hasn’t yet been cleaned up. A malicious script that’s been included at runtime is deactivated automatically. 

Here’s how it works: 

  1. The list of detected malware is passed from Malware Scanner to Proactive Defense
  2. Proactive Defense uses that list to check the verdict on a script. 
  3. If a script is on the list, Proactive Defense prevents it from being executed. 

The same approach is used in Web Application Firewall component to block access to malicious scripts that have not been scanned yet.

Further recommendations

We still recommend that infected files be neutralized by enabling the Auto Cleanup option. To enable it in the graphical interface, go to SettingsMalwareGeneralDefault action on detect:

 

Then check Rapid scan

 

 

 

 

 

 

And finally, select Weekly for Run scanning:

 



 

 

 

 

 

 

 

 

If you prefer, you can enable it using the command-line interface. The following commands will enabled all required settings automatically:

imunify360-agent config update '{"MALWARE_SCANNING": {"rapid_scan": true}}'imunify360-agent config update '{"MALWARE_SCANNING": {"default_action": "cleanup"}, "MALWARE_SCAN_SCHEDULE":{"interval": "week"}}'imunify360-agent config update '{"MALWARE_SCANNING": {"enable_scan_inotify": true}}'

To obtain the new level of Malware Scanner/Proactive Defense integration, just install version 4.6 of Imunify360. This new method of neutralizing infected files is included in version 4.6. 

To enable it, make sure that Proactive Defense is in KILL mode. To do this in the UI, just check the Kill Mode option:

 

To do it through the command-line interface, just use this command:

imunify360-agent config update '{"PROACTIVE_DEFENCE": {"mode": "KILL"}}'

Please stay in touch

The Imunify product team would like to hear from you. To share your ideas, observations, and feature requests, please send them to us at feedback@cloudlinux.com.

If you have questions on how to use Imunify360, or you’d like to resolve a support issue, please contact the Imunify support team at cloudlinux.zendesk.com.

 

Imunify360 is a comprehensive security suite for Linux web-servers. Antivirus firewall, WAF, PHP, Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try free to make your websites and server secure now.

 
View full post