Imunify360 Blog

Malware scanner: File Quarantine is No Longer Effective

Written by Dmitry Tkachuk | Oct 9, 2020 10:54:57 AM
This article wants to inform you about the changes in the next Imunify360 and ImunifyAV versions regarding file quarantining in the Malware Scanner. Explore the new features of Linux malware scanner for web servers below.

During the last few years, Imunify products utilized several ways of handling malicious files in the Malware Scanner, giving users an option to choose a way that fits them best (Delete permanently,  Quarantine file, Cleanup, Just display in dashboard).

At first glance, it might not be obvious why the legacy “Quarantine” or “Delete” actions are no longer effective, so we prepared a short explanation on the Pros and Cons of using the “old-school” methods in comparison with safe and reliable malware cleanup. 

 

Option

Drawbacks

Benefits

Delete permanently

  • High risk of breaking the site
  • Can’t work with malicious injections in legit files
  • No way to restore the original file

Quarantine file

  • High risk of breaking the site
  • Can’t work with malicious injections
  • Can be restored at any time

Cleanup

  • Low risk of breaking the site
  • Can be restored at any time
  • Safe malicious injection removal in legit files

 

As you can see, the Cleanup option includes everything needed to make the malware removal process safe and effective, and the websites remain operational afterward, unlike the quarantining and deletion of malicious files. None of them can deal with injections, which are roughly half of all malicious entries found on infected websites, but the cleanup can.

If you had a chance to test our Malware Scanner a couple of years ago, you might face the issues with an automatic cleanup. Since we’ve fixed everything that may cause issues, we’re confident regarding the stability and reliability.

The Cleanup feature is used by most of our customers and we have not received any negative feedback for a long time. (Details how it works you can find in the Blog post).

Thus, taking into account features, drawbacks, and benefits, we decided to gradually remove Delete and Quarantine options from the Imunify Malware Scanner during the next releases.

The features removal will go gradual and divided into three phases:

 

Phase

Description

Version

1

  • UI changes: Delete permanently or Quarantine file is no longer available in the UI.
  • CLI is still available to change settings.

v5.4

2

  • All users are switched from Delete and Quarantine-related options to Cleanup.
  • GUI and CLI are still available to restore files from the quarantine.

v5.6

3

  • Restore from quarantine feature is completely removed
  • All previously quarantined files become unavailable

v5.8

 

The option Cleanup, Quarantine as fallback, will also be replaced by the - Cleanup, which is more effective.The feature Try to restore from backup first remains available because it can be combined with the Cleanup option.

 

Stay in touch

Please give our product team feedback on these changes, or share your ideas and feature requests via feedback@imunify360.com.

If you encounter any problems with configurations, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

Imunify360 is a comprehensive security suite for Linux web servers with WAF, Network Firewall, Antivirus and Linux malware scanner for web-servers working together to ensure your security.