<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Feb 18, 2020 10:50:05 AM
Inessa Atmachian
Inessa Atmachian
Inessa Atmachian, Technical Writer at CloudLinux. Crafting comprehensive product documentation and keeping users informed with release notes and updates.

Beta: Imunify360 version 4.6 released

IM-beta-release

We’re pleased to announce that the new beta version of Imunify360 is now available.

This new v4.6 beta release includes several security and performance improvements:

  • Reduced system load for the real-time scanner
    The real-time scanner now uses less memory in operation, while conducting faster scans.
  • Proactive Defense/Malware Scanner integration
    These two components are now more tightly integrated, which blocks malware even before it’s cleaned at the file level.
  • Reduced memory usage
    The Malware Scanner and WebShield components now use less memory than before.
  • Enhanced verdicts for detected malware
    When malware is detected, it’s now identified by several salient characteristics.
  • Added support for disabled rules
    In the stand-alone installation type, users can now enable and disable ModSec rules for specific domains.
  • Blamer functionality is enabled by default for new installations.
    In the Proactive Defense component, the Blamer is now enabled by default, for new installations, improving malware detection and prevention in PHP files.
  • SMTP Traffic Management
    Users can employ this experimental feature to manage/block outgoing email traffic for all or specified ports. It serves as a firewall for outgoing email traffic.

 

Let’s explore these changes and additions in detail:

 

Reduced System Load for the Real-Time Scanner

 

In version 4.6, the file watcher for real-time scanning has been redesigned to deliver shorter processing time with less memory usage. It now uses fanotify as a more efficient replacement of inotify.

 

To use fanotify, enable it in the settings via the “Optimize real-time scan” checkbox:

 

 

To enable it in the system configuration, just change optimize_realtime_scan to true in the MALWARE_SCANNING section:

 

MALWARE_SCANNING:

optimize_realtime_scan: true

Or, you can just run this command:

 

imunify360-agent config update '{"MALWARE_SCANNING": {"optimize_realtime_scan": true}}'

 

Proactive Defense/Malware Scanner Integration

 

Tighter integration between the Proactive Defense and Malware Scanner components blocks systems from accessing PHP malware that hasn’t yet been cleaned up. Malicious code that has been injected or included at runtime is deactivated automatically.

 

These changes are enabled automatically, once version 4.6 is installed.

 

Reduced Memory Usage

 

To reduce memory usage, SSL caching has been implemented in WebShield. This makes it possible to use Imunify360 on VPS servers that don’t have much memory installed. The only 10Mb of memory is now required for the SSL caching module, compared to 40MB in the previous version.

 

The Malware Scanner has also been optimized to use less memory. The scanner is now run from the Agent in “detached” mode, so it doesn’t depend on the Agent anymore. Thus, the Agent can go into standby mode while the Malware Scanner is working, which uses fewer memory resources.

 

Enhanced Verdicts for Detected Malware

 

Malware detected by Imunify360 is now identified, in the user interface, with the reason for its detection. The reason, or verdict, is listed next to the detected malware:

 

Verdicts are rendered in this form:

 

<type>-<method>-<ID>-<file-type>.<mlwcategory>.<mlwclassification>

 

<type>: Server malware (SMW) or Client malware (CMW).

<method>: Stand alone (SA), Injections (INJ), or Blackhash (BLKH).

<ID>: The signature ID.

<file-type>: The file type.

<mlwcategory>: The malware category.

<mlwclassification>: The malware classification.

 

Added Support for Disabled Rules

In the Imunify360 4.6, we’ve implemented an ability to enable and disable ModSec rules for specific domains.

There’s more information about these rules at
https://docs.imunify360.com/dashboard/#disabled-rules.

Blamer Functionality Enabled By Default

Within the Proactive Defense component, the Blamer shows how PHP malware was injected into files, pinpointing the exact URL, PHP script, and PHP execution path.

In all new installations of version 4.6, this Blamer functionality is enabled by default.

SMTP Traffic Management

SMTP traffic management provides more control over SMTP traffic. With version 4.6, it’s now possible for an admin to redirect mail traffic to the local MTA, block it completely, or keep it available for local mails only. Admins can also block particular ports, and whitelist specific users or groups for outgoing mail.

This feature extends existing cPanel “Block SMTP” functionality, albeit with more control and capabilities, and replaces similar functionality from CSF.

You can enable the SMTP Traffic Management in the Settings:

 

 

To enable these settings via direct config file update, or the command-line interface, use this command:

/etc/sysconfig/imunify360/imunify360.config

 

The config file should show:

 

SMTP_BLOCKING:

allow_groups:

- mailacc

allow_local: true

allow_users: []

enable: true

ports:

- 25

- 587

- 465

redirect: true

 

Since this feature is experimental, our product team would like to hear from the people using it. If you use it, please send your comments, questions, and feedback to feedback@imunify360.com.

 

Security and Performance improvements.

 

  • Incidents processing performance improvements via the detached Proactive Defense queue. ( DEF-10708 )
  • The malware scanning script is no longer killed when ImunifyAV goes to “stand-by” mode. (DEF-10832).
  • No more errors while restoring files from quarantine if the target files already exist (DEF-10506)
  • The malware scanning invokes a hook “malware-scanning / finished” when the scan is canceled during the scan list preparation. (DEF-10528)

 

Command Line Interface Extension

 

Version 4.6 also extends the output for the “malware on-demand” command with the following fields:


DURATION: The duration of the scan.
COMPLETED: The time the scan finished.

 

COMPLETED CREATED DURATION ERROR PATH SCAN_STATUS SCAN_TYPE SCANID STARTED TOTAL TOTAL_FILES TOTAL_MALICIOUS

None 1580911647 45.48798179626465 None /root/ running on-demand f86dc6c6a7034e39873eb5ab81e31ca2 1580911647.5120182 0 0 0

1580911384 1580911127 257 stopped /root/ stopped on-demand 07f9d5630a7247a68d8ef453709b8f6b 1580911127 0 0 0

1579697452 1579697390 62 None /root/ stopped on-demand 50c6100b76f241d2a333f4b91967df4a 1579697390 4526 4526 21

 

How To Install

To install the new Imunify360 4.6 beta version, please follow the installation instructions.

To upgrade Imunify360 to 4.6 beta on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main' > /etc/apt/sources.list.d/imunify360-testing.list

apt-get update

apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main' > /etc/apt/sources.list.d/imunify360-testing.list

apt-get update

apt-get install --only-upgrade imunify360-firewall

 

Stay in touch

Please give our product team feedback on this version 4.6 beta release, or share your ideas and feature requests, via feedback@cloudlinux.com.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via https://cloudlinux.zendesk.com.

Beta: Imunify360 version 4.6 released

Feb 18, 2020 10:50:05 AM
Inessa Atmachian Inessa Atmachian

IM-beta-release

We’re pleased to announce that the new beta version of Imunify360 is now available.

This new v4.6 beta release includes several security and performance improvements:

  • Reduced system load for the real-time scanner
    The real-time scanner now uses less memory in operation, while conducting faster scans.
  • Proactive Defense/Malware Scanner integration
    These two components are now more tightly integrated, which blocks malware even before it’s cleaned at the file level.
  • Reduced memory usage
    The Malware Scanner and WebShield components now use less memory than before.
  • Enhanced verdicts for detected malware
    When malware is detected, it’s now identified by several salient characteristics.
  • Added support for disabled rules
    In the stand-alone installation type, users can now enable and disable ModSec rules for specific domains.
  • Blamer functionality is enabled by default for new installations.
    In the Proactive Defense component, the Blamer is now enabled by default, for new installations, improving malware detection and prevention in PHP files.
  • SMTP Traffic Management
    Users can employ this experimental feature to manage/block outgoing email traffic for all or specified ports. It serves as a firewall for outgoing email traffic.

 

Let’s explore these changes and additions in detail:

 

Reduced System Load for the Real-Time Scanner

 

In version 4.6, the file watcher for real-time scanning has been redesigned to deliver shorter processing time with less memory usage. It now uses fanotify as a more efficient replacement of inotify.

 

To use fanotify, enable it in the settings via the “Optimize real-time scan” checkbox:

 

 

To enable it in the system configuration, just change optimize_realtime_scan to true in the MALWARE_SCANNING section:

 

MALWARE_SCANNING:

optimize_realtime_scan: true

Or, you can just run this command:

 

imunify360-agent config update '{"MALWARE_SCANNING": {"optimize_realtime_scan": true}}'

 

Proactive Defense/Malware Scanner Integration

 

Tighter integration between the Proactive Defense and Malware Scanner components blocks systems from accessing PHP malware that hasn’t yet been cleaned up. Malicious code that has been injected or included at runtime is deactivated automatically.

 

These changes are enabled automatically, once version 4.6 is installed.

 

Reduced Memory Usage

 

To reduce memory usage, SSL caching has been implemented in WebShield. This makes it possible to use Imunify360 on VPS servers that don’t have much memory installed. The only 10Mb of memory is now required for the SSL caching module, compared to 40MB in the previous version.

 

The Malware Scanner has also been optimized to use less memory. The scanner is now run from the Agent in “detached” mode, so it doesn’t depend on the Agent anymore. Thus, the Agent can go into standby mode while the Malware Scanner is working, which uses fewer memory resources.

 

Enhanced Verdicts for Detected Malware

 

Malware detected by Imunify360 is now identified, in the user interface, with the reason for its detection. The reason, or verdict, is listed next to the detected malware:

 

Verdicts are rendered in this form:

 

<type>-<method>-<ID>-<file-type>.<mlwcategory>.<mlwclassification>

 

<type>: Server malware (SMW) or Client malware (CMW).

<method>: Stand alone (SA), Injections (INJ), or Blackhash (BLKH).

<ID>: The signature ID.

<file-type>: The file type.

<mlwcategory>: The malware category.

<mlwclassification>: The malware classification.

 

Added Support for Disabled Rules

In the Imunify360 4.6, we’ve implemented an ability to enable and disable ModSec rules for specific domains.

There’s more information about these rules at
https://docs.imunify360.com/dashboard/#disabled-rules.

Blamer Functionality Enabled By Default

Within the Proactive Defense component, the Blamer shows how PHP malware was injected into files, pinpointing the exact URL, PHP script, and PHP execution path.

In all new installations of version 4.6, this Blamer functionality is enabled by default.

SMTP Traffic Management

SMTP traffic management provides more control over SMTP traffic. With version 4.6, it’s now possible for an admin to redirect mail traffic to the local MTA, block it completely, or keep it available for local mails only. Admins can also block particular ports, and whitelist specific users or groups for outgoing mail.

This feature extends existing cPanel “Block SMTP” functionality, albeit with more control and capabilities, and replaces similar functionality from CSF.

You can enable the SMTP Traffic Management in the Settings:

 

 

To enable these settings via direct config file update, or the command-line interface, use this command:

/etc/sysconfig/imunify360/imunify360.config

 

The config file should show:

 

SMTP_BLOCKING:

allow_groups:

- mailacc

allow_local: true

allow_users: []

enable: true

ports:

- 25

- 587

- 465

redirect: true

 

Since this feature is experimental, our product team would like to hear from the people using it. If you use it, please send your comments, questions, and feedback to feedback@imunify360.com.

 

Security and Performance improvements.

 

  • Incidents processing performance improvements via the detached Proactive Defense queue. ( DEF-10708 )
  • The malware scanning script is no longer killed when ImunifyAV goes to “stand-by” mode. (DEF-10832).
  • No more errors while restoring files from quarantine if the target files already exist (DEF-10506)
  • The malware scanning invokes a hook “malware-scanning / finished” when the scan is canceled during the scan list preparation. (DEF-10528)

 

Command Line Interface Extension

 

Version 4.6 also extends the output for the “malware on-demand” command with the following fields:


DURATION: The duration of the scan.
COMPLETED: The time the scan finished.

 

COMPLETED CREATED DURATION ERROR PATH SCAN_STATUS SCAN_TYPE SCANID STARTED TOTAL TOTAL_FILES TOTAL_MALICIOUS

None 1580911647 45.48798179626465 None /root/ running on-demand f86dc6c6a7034e39873eb5ab81e31ca2 1580911647.5120182 0 0 0

1580911384 1580911127 257 stopped /root/ stopped on-demand 07f9d5630a7247a68d8ef453709b8f6b 1580911127 0 0 0

1579697452 1579697390 62 None /root/ stopped on-demand 50c6100b76f241d2a333f4b91967df4a 1579697390 4526 4526 21

 

How To Install

To install the new Imunify360 4.6 beta version, please follow the installation instructions.

To upgrade Imunify360 to 4.6 beta on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main' > /etc/apt/sources.list.d/imunify360-testing.list

apt-get update

apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main' > /etc/apt/sources.list.d/imunify360-testing.list

apt-get update

apt-get install --only-upgrade imunify360-firewall

 

Stay in touch

Please give our product team feedback on this version 4.6 beta release, or share your ideas and feature requests, via feedback@cloudlinux.com.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via https://cloudlinux.zendesk.com.
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.