Imunify360 4.3 released
We are pleased to announce that the new Imunify360 version 4.3 is now scheduled for gradual roll-out from our production repository and will be available for all customers in about two weeks or less.
If you want to upgrade to the new Imunify360 version 4.3 right now, you can run the following commands:
wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh
bash imunify-force-update.sh
Current release info
Version: 4.3.6-1
Rolled out to: 1%
Last updated: September 24, 2019 11 am EST
Enhancements
Dashboard
- Enhanced UI - Detected Malware chart and enhanced summary. We have added the “Malware Detected” chart that shows statistics on the number of detected files per day. The number of issues is shown inside the circle, so you can easily monitor server state.
Malware Scanner
- Enhanced default actions on malware detection: Added auto-cleanup. Finally, we’ve added the ability to clean up detected malware automatically. Therefore, there’s no need to suspend infected user accounts as the malware will be removed by Imunify360 automatically. Just select “Clean Up” as the default action for detected malware. It will keep your server malware-free.
- RapidScan - a new approach to rescan files in a smarter way. The scanning engine has been significantly reworked to improve the speed of scan and reduce resource consumption when the antivirus engine is running. The current scanning engine supports cloud-assisted scan as well as an integrity checker to optimize the list of scanning files. Re-scanning a user account is now 5x faster. The cleanup procedure has also been improved.
- ClamAV removal. Starting from v4.3 we’re no longer using ClamAV as a scanning vendor. It has produced a lot of “false positives” during file scanning. At the moment, our malware scanner is based on our proprietary scan engine with daily signatures updates, so we expect a dramatic improvement in detection rates and a reduction in the “false positives” count.
- Last scan date added in the UI. We’ve improved the Malware Scanner UI by adding a “Last Scan” field to show when the last scan happened.
Firewall
- Custom/external blacklist/whitelist support. One of the most-requested features of hosting providers is an external blacklist/whitelist and centralized management of them. Now, Imunify360 is supporting external blacklist/whitelist that are loaded from text files. So you can drop the files to a specific location and update the list of blocked or whitelisted IPs instantly and automatically.
- DOS / brute force protection for WordPress login page and some other popular pages based on RBL.Imunify360 has become more advanced and responsive to attacks against WordPress. It’s using modsec RBL (Real-Time Blacklists) to identify attackers and bad bots scanning or brute-forcing WordPress login pages, xmlrpc.php, and other popular URLs.
- Improved heuristics against brute-force attacks. Server-side heuristics have been improved and enhanced so they can block more attacks.
WebShield
- Our own ‘SplashScreen’ instead of Google ReCaptcha for Chinese customers. It is a known fact that Google’s ReCaptcha does not show for Chinese visitors. But we’ve developed a replacement called SplashScreen. It pops up a challenge page that checks if the visitor is a legitimate one or a bad bot.
General
- Optimized Imunify360 Agent - less memory required. We want Imunify360 to use as little system resources as possible. This release introduces a lot of improvements that save memory and reduce CPU consumption during the working cycle.
- Enhanced list of supported CDNs: Cloudflare, MaxCDN, StackPath CDN, KeyCDN, Dartspeed, QUIC.cloud. We’re extending the list of supported CDN services and proxies, and have just added a couple more.
Bug fixes and small changes
- Correct HardenedPHP support for CloudLinux OS
- Updated RSS link for newsfeed
- A lot of other bug fixes
The full changelog is below.
How to install
To install the new Imunify360 version 4.3, please follow the instructions in the documentation.
How to upgrade
CentOS/CloudLinux systems:
yum update imunify360-firewall
Ubuntu systems:
apt-get update
apt-get install --only-upgrade imunify360-firewall
+ Changelog
Improvements
- DEF-7539: [Feature Request] date/time of the last scan of each account
- DEF-8625: [Feature Request] Report file as false-positive under the “Actions” menu in UI.
- DEF-7264: Re-design - 1st release
- DEF-8663: Add handling of modsec data (.PAG) files for Imunify360 package
Tasks
- DEF-9762: Added a config parameter that specifies the upper limit for the scanning file by Malware Scanner
- DEF-9763: AI-BOLIT: Added separate CLI parameter for AI-BOLIT for cloud-assisted scan
- DEF-9792: Uncaught exceptions should be logged
- DEF-9794: init_actions should not be used for non-critical tasks
- DEF-9824: Restrict DB table malware_scans in size/ update 125 migration
- DEF-9561: Support many volumes in Acronis backup
- DEF-8710: Add support for --with-suspicious flag and suspicious section in reports returned by ai-bolit
- DEF-9072: Remove ClamAV and hash filter vendors
- DEF-9075: Remove excessive code from MalwareScanner
- DEF-9131: Send to MRS files from suspicious section
- DEF-8405: Process send to MRS events
- DEF-8406: Process rescan events
- DEF-8645: Add ability to enable Cloud Assisted Scanning in Imunify360 and ImunifyAV
- DEF-8646: Cleanup of files blacklisted by hash
- DEF-8877: Create script/documentation to install latest version of Imunify by-passing gradual roll out
- DEF-6093: Add ClusterLogics backup backend
- DEF-6547: Review peewee in_() usage in agent project
- DEF-6715: Resolve expanded paths before scan
- DEF-7047: update sentry client in the agent
- DEF-7079: Bring back splashscreen to webshield
- DEF-7242: Re-design Imunify - toggles (mostly), checkboxes, radiobuttons
- DEF-8180: Dashboard - add malware chart (histogram)
- DEF-8203: Add malicious & suspicious files for rescan when using c/mtime
- DEF-8249: Clean /var/imunify360/tmp regularly
- DEF-8254: Default actions on malware detection (Cleanup / Restore from Backup)
- DEF-8431: Implement Native FM for AV/ AV+
- DEF-8457: No control panel ImunifyAV - PHP & Python to handle requests
- DEF-8478: [No control panel IM.AV] auth in agent (PAM) - add RPC method
- DEF-8514: Increase max sample size up to 8MB on Agent side
- DEF-8515: Create hook for license check (expiration/installation)
- DEF-8533: Add information to `doctor` output about agent's opened file descriptors
- DEF-8537: Separate defence360agent/files to AV and im360 parts
- DEF-8558: Remove dependencies on im360 package from send_server_config plugin
- DEF-8582: Last scanning date in scanning results
- DEF-8585: [No control panel IM.AV] create rpm & deb packages
- DEF-8587: [No control panel IM.AV] get list of users for agent
- DEF-8588: [No control panel IM.AV] update deploy script
- DEF-8611: Refactor accumulate plugin
- DEF-8623: update imav/im360 dependencies without breaking `yum update` on customer's hosts
- DEF-8701: Use webpack-manifest-plugin instead of Imunify version in query params for caching
- DEF-8709: Implement suspicious file detection for ai-bolit
- DEF-8711: remove CLAMAV & HashFilter
- DEF-8712: [No control panel IM.AV] hide file upload input and disable that method
- DEF-8719: Remove dependencies from AV package that not needed anymore
- DEF-8732: Get rid of cryptography dependency
- DEF-8743: Default actions on malware detection (Cleanup / Restore from Backup) - UI
- DEF-8794: Update news RSS link
- DEF-8798: Remove migration from the main process in Imunify-AV
- DEF-8839: "Scan only modified files" setting - Agent
- DEF-8842: Rapid scan integration in the agent
- DEF-8879: Check how files downloading framework affects memory usage
- DEF-8893: Remove aiohttp dependency from AV
- DEF-8933: [No control panel IM.AV] auth - integrate login RPC method in UI
- DEF-8934: [No control panel IM.AV] add method for reading integration.conf
- DEF-8935: [No control panel IM.AV] UI e2e tests - run current e2e tests on no-cp IM.AV
- DEF-8959: [No control panel IM.AV] e2e tests - cover integration points with e2e tests
- DEF-8966: Do not send to sentry such errors [Errno 2] No such file or directory
- DEF-8986: [No control panel IM.AV] UI e2e tests - fix failing tests
- DEF-9002: Fix misprint in tmpwatch command
- DEF-9021: [No control panel IM.AV] fix upgrade page and cover it with tests
- DEF-9057: [No control panel IM.AV] optimize agent memory comsumption on cpanel
- DEF-9058: Dashboard improvements for 4.3
- DEF-9060: Add parameter to log to stdout
- DEF-9071: [No control panel IM.AV] display current user name
- DEF-9085: Create an RPM-test to check integration with ai-bolit suspicious file detection
- DEF-9087: [AI-BOLIT] Signature format of the binary/blacklisted file should be BL-crc
- DEF-9101: Make change due to procu2 signature change of blackisted files
- DEF-9103: [No control panel IM.AV] add root-only "login get" RPC method
- DEF-9104: Rapid scan integration in UI
- DEF-9162: Disable autocleanup when AV+ unregistered/expired
- DEF-9219: Disable ftp integration for upload scan if inotify enabled
- DEF-9275: Completely remove ClamAV from UI
- DEF-9341: Use php 7.3 for AI-BOLIT 4.1
- DEF-9373: [AI-BOLIT] Some malicious files with randomly generated names are not detected
- DEF-9402: Re-design Imunify - pick checkboxes, radio buttons and switchers from re-design branch to 4.3
- DEF-9404: Enable Cloud Assisted Scan by default
Bugs
- DEF-7857: eula is constantly downloaded from server in AV
- DEF-8018: FileNotFoundError: [Errno 2] No such file or directory: '/etc/sudoers'
- DEF-8177: Cleanup of >1000 files freezes the agent
- DEF-8298: No progress tracking during AI-BOLIT scan
- DEF-8504: Reading of non-existent malware file causes a 'quarantine error' message
- DEF-8569: Change malware found list location
- DEF-8784: 'weekly' is not one of ['monthlyByDaysOfMonth']
- DEF-8907: Fix
"near "?": syntax error"
in malware user list - DEF-8927: fix iteration on subprocess out put
- DEF-8968: Check schema validation
- DEF-8999: Lock on-demand page until data is loaded
- DEF-9217: Fix migration 122_cagefs_unmount which has never run
- DEF-9238: [Response validation] fix "None is not of type 'string'"
- DEF-9255: [Response validation] None is not of type 'boolean'
- DEF-9287: Fix plugin icon in DA Evolution skin, "icons grid" layout
- DEF-9379: Allow enduser to set default_action=CLEANUP
- DEF-9432: [AI-BOLIT] eicar isn't detected in 4.1.1-2
- DEF-9554: Migration failed: 128_move_cleanup_storage_files
- DEF-9558: TypeError: argument should be a path or str object, not
<class 'list'>
- DEF-9420: In WebShield access log, real client IP should be displayed on first place
- DEF-9554: Migration failed: 128_move_cleanup_storage_files
- DEF-9564: No handlers for method
INCIDENT
on server side - DEF-9583: AI-BOLIT: RapidScan cannot create stuff related to
.rapid-san-db
- DEF-9587: TypeError: bound method MalwareAction.quarantine_hits_detect of <class 'im360.malwarelib.subsys.malware.MalwareAction'> is not JSON serializable
- DEF-9619: Enable rapid scan in RPM tests
- DEF-9640 [Sentry, Response validation] None is not of type 'string'
- DEF-9593 fixed broken `malware on-demand status` - `progress`
- DEF-9616 fixed ModSecurity scan triggers on Suspicious
- DEF-9421: ipset v7.1: Error in line 8: Syntax error: '2592000' is out of range 0-2147483
- DEF-9575: support send cannot read zendesk answer
- DEF-9597: IP is not put in blacklist (DB) when network which it belongs to is graylisted
- DEF-9632: AttributeError: 'str' object has no attribute 'true_path'
- DEF-9704: almost expired sets may be added as permanent instead in im360.i.c.ipset.ip._prepare_command()
- DEF-9700 - Cleanup 2 users at once - results disappear
- DEF-5818 - Fetching incidents is slow when using LIST filter
- DEF-9770 - Fixed the bug with upgrading to version 4.3