Imunify360 4.2.9-2 updated
Updated: September 12, 2019 11 AM EST.
We fixed a vulnerability in the recent release. We advise you to update to the latest stable version available.
We are pleased to announce that the new Imunify360 version 4.2.9-2 is now scheduled for gradual roll-out from our production repository and will be available for all customers in about two weeks or less.
If you want to upgrade to the new Imunify360 version 4.2.9-2 right now, you can run the following commands:
wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh
bash imunify-force-update.sh
Current release info
Version: 4.2.9-2
Rolled out to: 100%
Last updated: September 12, 2019 11 AM EST
Enhancements
Hooks
- Starting from v4.2, Imunify360 supports ‘hooks’. This is a script-based interface for various application events, such as “malware-detected”, “malware-scanning”, “agent”, etc. This is a simple and effective way to automate Imunify360 alerts and event processing. For example, an administrator can have Imunify360 call a script when malicious files are detected or misconfigurations are detected
Malware Scanner
- We have added new settings to limit the resource impact of malware scanning.
- We have introduced a new setting,
disable_user_ignore_list
, that lets you hide the Ignore List tab for end users. - The scanning engine has been enhanced with a new de-obfuscator and decryptor for encoded files.
Dashboard
- Statistics (number of incidents) are now correct in titles.
- Notifications about server security and Imunify360 configuration are shown, along with recommendations for making server security effective and proactive.
Reputation Management
- The list of vendors was expanded and the verdict list enhanced.
Proactive Defense
- Performance is improved, and the scanning of malicious PHP has been optimized by using precompiled signatures.
- Event recording in the Blamer is improved, and new/de-duped events are not recorded.
WebShield
- SSL processing is faster.
Firewall
- We added a new option, “Manage CSF Events and Lists“, to enable/disable the integration between CSF and Imunify360.
Settings
- The support menu item can be hidden via settings (to be used by resellers of Imunify360, for example).
UI
- Added OSSEC “Active Response” setting.
- Enhanced Imunify360 installation process, added slides with feature descriptions while the extension is deploying.
- Newsfeed imports all recent news from the blog.
- Updated translation of the UI.
- “Lists” item renamed to “Firewall” in the menu.
Bug Fixes
- Proactive Defence: Move
extension=i360.so
fromzzzzzzz-pecl.ini
back toalt-phpXX php.ini
(bug) - Proactive Defence: freezes PHP if Imunify360 config file is broken (bug).
- Fixed rare cases where the agent hangs on startup when integrated with CSF.
- Malware Scanner: We now cancel background scanning once settings are updated.
- UI fixes: Fixed the “Restore” link in the quarantine popup, and fixed the charts description in the Dashboard.
The full change log is below.
How to install
To install the new Imunify360 version 4.2.9-2 please follow the instructions in the documentation.
How to upgrade
CentOS/CloudLinux systems:
yum update imunify360-firewall
Ubuntu systems:
apt-get update
apt-get install --only-upgrade imunify360-firewall
Changelog
Bugs
- DEF-9022 - allow
week
andday
for MALWARE_SCAN_SCHEDULE.interval in AV+ - DEF-9318 - support new format of
modsec_audit.log
in concurrent mode - DEF–5736 - Feature’s status (installing/uninstalling) tracking mechanism is unreliable
- DEF–6605 - Deploy-script with
--uninstall
flag should remove all ImunifyAV/Imunify360 requirements - DEF–7105 - TypeError: a bytes-like object is required, not ‘str’
- DEF–7126 - WebshieldDictException: send error: [Errno 111] Connection refused
- DEF–7461 - New Dashboard - UI - Map - fix truncated pins (near sides of the map)
- DEF–7735 - rpm test failure: “database is locked” in on_demand.malware_hashes.Malware hashes applied during on demand scan.Malware hash list command shows added hashes
- DEF–7756 - handle response from FeaturesManagementAPI.editUserFeatures
- DEF–7838 - Fix regular crashes of Visual Review server on Jenkins node
- DEF–7872 - Hide ImunifyAV item in reseller menu in WHM
- DEF–7902 - Failed test_configuration_management.test_managing_modsec_directives[SecAuditEngine-Off] (from pytest)
- DEF–7911 - Incorrect count in blocked ports?
- DEF–7946 -
test_webshield
fails on ubuntu configurations - DEF–8013 - TypeError:
modsec_get_directive()
takes 1 positional argument but 2 were given - DEF–8017 - TypeError:
read_file()
missing 1 required positional argument: ‘path’ - DEF–8049 - Bug from https://sentry.cloudlinux.com/sentry/imunify360-ui/issues/4729709/?referrer=slack
- DEF–8071 - modsec audit log is not parsed properly sometimes
- DEF–8075 - test_malware.test_cleanup.test_keep_in_quarntine[quarantine-quarantined] RPM test fails
- DEF–8076 - When uninstall agent we do not uninstall vendor and brake apache (cPanel)
- DEF–8092 - test_rules_restored.test_existing_chain_on_startup failed
- DEF–8093 - Not all files are detected by black hash filter
- DEF–8097 - cPanel hooks should be executed sequentially for a given target (user) (test_cpanel_events.test_account_is_modified fails)
- DEF–8099 - AttributeError: ‘SubprocessError’ object has no attribute ‘stderr’
- DEF–8111 - geodb is updated but the corresponding country ipset is not
- DEF–8156 - Allow admin to disable ignore list at end user level
- DEF–8163 - test_malware.test_user_list.test_infected failed
- DEF–8166 - Failed test_modsec_vendor_install.test_correct_vendor_installed_plesk
- DEF–8168 - test_malware failed due to missing ‘HOME’ in env
- DEF–8169 - Issue with Imunify360 installation on Ubuntu18 (PLESK)
- DEF–8205 - license_type is not available from UI
- DEF–8225 - OperationalError: too many SQL variables
- DEF–8228 - Quarantined file can’t be uploaded to MRS
- DEF–8236 - Wsshdict, ssl-cache and sentrylogs: rewrite existing PID file silently on start
- DEF–8257 - Do not include unit tests into imunify package
- DEF–8272 - Disable Contact Support in the config
- DEF–8279 - The problem is with the email field validator
- DEF–8281 - SSL is not working, issue with Cloudflare FULL Strict cert
- DEF–8296 - test_malware_user_list unit tests fail sometimes: “jsonschema.exceptions.ValidationError: ‘scan_type’ is a required property”
- DEF–8313 - When upgrading webshield from 1.6 to 1.7 version on Ubuntu it failed to start
- DEF–8327 - CL + cPanel + 1k users: test_cagefs_split_configs: AssertionError
- DEF–8352 - KeyError: ‘url’
- DEF–8361 - RuntimeError: coroutine raised StopIteration
- DEF–8362 - cron file should contain PATH or we should use absolute paths (imunify360-watchdog)
- DEF–8392 - test_malware failed (rpm-test)
- DEF–8393 - Failed whitelisted_ip_after_login.Whitelisting ip after login.ensure that user access to panel is whitelisting ip – @1.1
- DEF–8419 - Fix link in restore from quarantine modal window
- DEF–8427 - Fix looped cpanel hooks
- DEF–8428 - AttributeError: ‘set’ object has no attribute ‘extend’
- DEF–8462 - AttributeError: ‘cPanel’ object has no attribute ‘pure_ftp_conf_cls’
- DEF–8463 - Failed test_malware.test_cleanup (RPM tests) (Directadmin)
- DEF–8483 - Fix Rpc caller service exec should work even if response is divided into several packets
- DEF–8499 - inotify.new_account.Newly created account is automatically added to inotify.Inotify automatically starts watching newly created account
- DEF–8526 - test_malware.test_malware_scanner.test_pure_ftp_scanner fails in RPM tests
- DEF–8544 - Webshield is not picking up panel certificate for cPanel & LiteSpeed
- DEF–8577 - NameError: name ‘itertools’ is not defined
- DEF–8584 - Endpoint not found for RPC method “backup-systems init”
- DEF–8595 - “malware malicious restore-from-backup” does not work
- DEF–8600 - test_malware.test_malware_scanner.test_web_scanner fails
- DEF–8601 - Failure during provisioning on disabling Sentry reporting
- DEF–8605 - test_malware.test_user_list.test_scan_status fails
- DEF–8607 - test_hooks failed on AV
- DEF–8610 - inotify.new_account, malware_read rpm-tests failed
- DEF–8621 - Active response does not work on Debian
- DEF–8659 - Traceback during upgrade 4.1 -> 4.2
- DEF–8671 - test_cagefs_split_configs fails
- DEF–8702 - Broken link
- DEF-8928 - KeyError 'license_type'
- DEF-8786 - Additional properties are not allowed ('errors' was unexpected)
- DEF-8968 - Check schema validation
- DEF-9084 - Disable native feature management in ImunifyAV/AV+
- DEF-9421 - ipset v7.1: Error in line 8: Syntax error: '2592000' is out of range 0-2147483
Tasks
- DEF-9352 -Implement
--intensity
which is joint of--intensity-cpu
and--intensity-io
- DEF–4905 - Improve news component - use RSS to extract news
- DEF–6370 - Plesk mod_security settings
- DEF–7301 - No running process for ImunifyAV when it is not in use - EL7/systemd
- DEF–7347 - Re-work e2e tests as functional/unit & api tests
- DEF–7377 - No running process for ImunifyAV when it is not in use - EL6/separate binary
- DEF–7578 - Optimize SSL processing
- DEF–7635 - Open source ImunifyAV UI - check sources for any information that we might not want to open source
- DEF–7652 - Re-work e2e tests as functional/unit & api tests - add validation to agent’s responses
- DEF–7667 - Re-use a11y tests code for VR tests
- DEF–7702 - create a test for ossec
- DEF–7792 - Display slides in UI during installation
- DEF–7825 - Re-work e2e tests as functional/unit & api tests - fix small issues (marked with FIXME)
- DEF–7908 - prevent regression in memory consumption for imunify-antivirus
- DEF–7933 - Add webshield instance to integration tests
- DEF–7936 - Silence warnings about inconsistent firewall rules
- DEF–7963 - Set typical values with flags, not string values
- DEF–7964 - Add our Jenkins jobs with tests to build.cloudlinux.com to make sure our tests run on every release build
- DEF–8001 - user configs stored in
/etc/imunify360/user_configs
lead to quadratic increase in disk usage with increase in user count - DEF–8023 - Purge Heuristic scan
- DEF–8074 - pytest complains about yaml.load() without Loader=…; possible security issue
- DEF–8098 - Create multiconfiguration job to test ImunifyAV
- DEF–8102 - Add
scan_id
tomalicious list
output - DEF–8139 - ossec active response UI / enable / disable – backend part
- DEF–8144 - Add hook management functionality
- DEF–8145 - Plugin to execute hooks
- DEF–8146 - Native hooks
- DEF–8179 - Dashboard - add recommendations
- DEF–8181 - Dashboard - numbers above charts
- DEF–8182 - Reputation management - update UI
- DEF–8200 - Record the time of last ‘full’ scan per user
- DEF–8204 - update icons and descriptions in Plesk extension
- DEF–8207 - Recursive symlink does not break the scanner case fails
- DEF–8209 - Split HostingPanel code
- DEF–8210 - Remove client360 plugin dependency to (almost) all kind of messages
- DEF–8211 - Move CSF integration to corresponding plugins
- DEF–8212 - Create separate package for imunify360-only code
- DEF–8213 - Move 360 plugins to separate package
- DEF–8214 - Move 360 endpoints to separate package
- DEF–8219 - Remove ip whitelist middleware
- DEF–8220 - Remove KernelCare/HardenedPHP handling from CLN class
- DEF–8230 - Dashboard - add malware chart - server
- DEF–8239 - Update behave rpm-tests which use unoptimized steps
- DEF–8260 - Review and apply new translations
- DEF–8261 - Remove client360 plugin dependency on received messages
- DEF–8316 - Replace “Lists” in the global menu with “Firewall” item
- DEF–8317 - Disable integration with CSF via settings
- DEF–8323 - Reputation management - update agent
- DEF–8358 - [UI + Correlation Server] Screen resolution and other browser’s parameters reporting to CH
- DEF–8372 - ossec active response UI / enable / disable
- DEF–8395 - Fix warning at the end of unit test run
- DEF–8398 - Make ClamAV binary configurable
- DEF–8417 - Move firewall code into im360 package
- DEF–8422 - Fix description for “Alerts total”
- DEF–8435 - Move defence360/api/ips.py into im360 package
- DEF–8436 - Move defence360agent/model/cache_sources.py into im360 package
- DEF–8443 - Cancel background scanning when settings are changed
- DEF–8446 - Move defence360agent.subsys.features into im360
- DEF–8471 - Add a triangle to autocomplete in dashboard
- DEF–8480 - Adjust intensity level and resource consumption while scanning with AI-BOLIT (nice / ionice) - UI part
- DEF–8482 - Process ‘X-Forwarded-For’ header only after vendor-specific headers
- DEF–8489 - Remove messages class dependencies from the_sink.py
- DEF–8516 - Make RPC handlers registration explicit
- DEF–8531 - Add to release of agent 4.2.0 new package of proactive defense 4.2.0
- DEF–8536 - Disable integration with CSF via settings - UI
- DEF-8836 - Add to release of agent 4.2.x new package of proactive defense 4.2.0-1.20
- DEF-8838 - Add to release of agent 4.2.x ai-bolit 4.0.2-1
- DEF-8845 - Bump webshield version to 1.7-12 for 4.2 and master
- DEF-8848 - Add OSSEC 3.1.0-29 to dependencies
- DEF-8919 - OSSEC 3.1.0-30 beta release
- DEF-8922 - the new package of Proactive Defense 4.2.2-1.2 is added to the release of agent 4.2.x
- DEF-8996 - Add to release of agent 4.2.x new package of proactive defense 4.2.2-1.4
- DEF-8639 - Investigate and fix agent response validation errors
- DEF-9078 - Add to release of agent 4.2.x ai-bolit 4.0.3-1
- DEF-9089 - Remove news from av-client side
- DEF-9098 - Include webshield 1.7-13 into 4.2
- DEF-9121 - Add to release of agent 4.2.x new package of proactive defence 4.2.5-1.1
Fixes
- DEF–8687 - Imunify360 is scanning php session files too
- DEF–8731 - Imunify360 service in cPanel service manager should be updated
- DEF–8757 - Sentry tags are missing
- DEF-7932 - Don't block ips that are added manually to {BLACK, GRAY, WHITE} list already
- DEF-8635 - there are imunify-service INFO messages in syslog
- DEF-8761 - AttributeError: 'NoneType' object has no attribute 'groups'
- DEF-8768 - TypeError: Can't convert 'bytes' object to str implicitly
- DEF-8777 - fixed an issue when two admin contacts modal dialogs appear at once right after EULA is accepted
- DEF-9640 - [Sentry, Response validation] None is not of type
string