We’re pleased to announce that a new version of Imunify360, version 5.3, is now available. The following features are new in the v.5.3 release:
- Bulk restore from the backup
Optimized backup restoration procedure speeds up file recovering in bulk, providing unseen performance.
- cgroups for Malware Scanner
Extended resource limitation mechanics supports cgroups, providing better control over resources in the Malware Scanner on CentOS 7, 8, and Ubuntu.
- Proactive Defense rules delivery
The new way to deliver Proactive Defense rules provides a set of notable improvements.
- Features enabled in the Settings
Some features became enabled for new Imunify360 installations by default.
- New Default Settings
The new default settings in the Imunify360’s Malware Scanner and WAF allow performing faster and detect more malware.
Let’s review the changes in version 5.3:
Bulk restore from backup
We’ve greatly reworked Malware Scanner and made it ready for bulk operations. Optimized workflow for batches performs much faster as they can be grouped, and similar operations can be executed only once. That allows Imunify360 v5.3 to restore from the backup up to 100x faster and consume fewer resources for that.
Best seen on big restore-batches, which usually caused by the scanning with the “Try to restore from backup first” feature enabled or by manual “Try to restore clean version from backup” requests on big volumes.
cgroups for Malware Scanner
Imunify360 v5.3 utilizes cgroups for the CPU and IO resource management during on-demand and background scans. It limits filesystem and CPU load according to configured “intensity level”, avoiding spikes and smoothly spreading the load.
That is useful for non-CloudLinux OS systems where LVE is not available. Earlier CentOS 7/8 systems required the CFQ scheduler to be available for the ionice priorities schedule. Now, Imunify360 v5.3 doesn’t depend on CFQ. Further installations on Debian systems will also rely on cgroups support for resource management.
Proactive Defense rules delivery
Imunify360 is now capable of updating Proactive Defense protection rules in real-time. The new delivery system has a set of advantages:
- Protection rules now can be updated instantly without the Imunify360 complete suite releasing. This improvement significantly reduces the release cycle and makes the delivery process quicker.
- Quick rules delivery allows extremely fast reaction on zero-day attacks and immediately update server protection as soon as it was developed by the Imunify operation department yet keeping the entire release process safe and reliable.
- The fail-safe update technique allows applying embedded rules in case of any network failure during the update process.
The features previously marked as “experimental” have been tested carefully during several releases, and now they are ready for regular usage:
- General → Installation → Privilege escalation detection & protection
The KernelCare extension for Imunify360 allows tracing malicious execution flows to detect privilege escalation attempts.
- General → WAF settings → Apply CMS-specific WAF Rules
Optimizes WAF rules on a per-domain basis, considering the web applications installed on the website (WordPress, Joomla, Drupal, etc.).
- General → PAM → PAM brute-force attack protection
Advanced SSH/FTP brute-force protection technique based on the combination of PAM module authorization, RBL check, and IP blacklisting.
- Malware → General → Optimize real-time scan
Enables the File Change API or fanotify service support for Malware Scanner to reduce the system load while watching for file changes.
- Malware → General → Binary (ELF) malware detection
Allows Malware Scanner to trigger on ELF-binaries in user home directories (which is uncommon) and mark them as malicious.
New Default Settings
The new default settings will be applied to all new installations of Imunify360. The following features enabled by default:
- Optimize real-time scan;
- Binary (ELF) malware detection;
- Apply CMS-specific WAF Rules.
Imunify360 v5.3 includes 78 tasks and 10 bug fixes.
Important tasks and issues linked to support tickets.
|Greatly improved detection rate and malicious code deobfuscator.|
|Fixed the improper redirecting WebShield issue in rare cases.|
|Fixed empty rbl_whitelist file after ModSecurity vendor update on cPanel.|
|Improved runtime errors handling in Malware Scanner|
|Allow outgoing traffic to white-listed IPs.|
|Improved handling of messages from AI-Bolit.|
|DEF-13812||Extended commands in ImunifyAV(+). “malware rebuild patterns” - now available.|
|Improved PAM service reliability. Unified service name and code refactoring.|
|DEF-13208||Improved AI-Bolit performance by the file filtering mechanics improvement.|
|DEF-13897||Malware Database Scanner got updated snippets formatting.|
|DEF-14267||Improved statistics collection for Malware Database Scanner|
|Fixed issues related to acquiring CSF locks|
|Fixed "real_ip_header directive is duplicate" issue on Nginx servers|
Stay in touch
Please give our product team feedback on this version 5.3 release, or share your ideas and feature requests via firstname.lastname@example.org.
If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.
How To Install
To install the new Imunify360 version 5.3, please follow the installation instructions.
How To Upgrade
If you want to upgrade to the new Imunify360 version 5.3 right now, you can use the updated script by running the following commands:
For the regular and safe update to Imunify360 version 5.3 with a gradual rollout.
yum update imunify360-firewall
Ubuntu 16.04 and 18.04 systems:
apt-get install --only-upgrade imunify360-firewall