We’re pleased to announce that a new version of Imunify360, version 5.4.2, is now available. The following features are new in the v.5.4.2 release:
- Nginx support for “no panel” installations
- Gradual removal of "Delete" and "Quarantine" actions
- Malware Database Scanner (MDS) improvements
Nginx support for “no panel” installations
If you are managing a server powered by Nginx with a custom panel installed or without a panel, it’s the best time to install Imunify360 on it and protect your server proactively from all known threats, including all sorts of L7 attacks, malware, and web spam.
Imunify360 could be easily configured with a few steps on a “panel-less” setup, so you will start to benefit from the security suite almost instantly.
Detailed documentation on how to configure Imunify360 with Nginx and ModSecurity v3 is available here.
Gradual removal of "Delete" and "Quarantine" Default Actions
During the last few years, Imunify products utilized several ways of handling malicious files in the Malware Scanner, giving users an option to choose a way that fits them best (Delete permanently, Quarantine file, Cleanup, or Just display in the dashboard). It’s been a while since we introduced the options, and some of them are obsolete and outdated (basically, they can cause issues). It was explained in detail in our blog post some time ago.
Ultimately, the Cleanup option includes everything needed to make the malware removal process safe and effective, and the websites remain operational afterward, unlike the quarantining and entire deletion of malicious files. None of the obsolete actions (Delete, Quarantine) can deal with injections, which are roughly half of all malicious entries found on infected websites, but the clean-up can.
Version 5.4 introduces the first step of “Delete” and “Quarantine” Default Action removal in the Malware Scanner UI. The options will still be available via the configuration file and the CLI, but they will be removed from the Settings’ drop-down list. If you have it selected, we recommend changing the Default Action to “Cleanup” (otherwise, it will not be changed upon the Imunify360 upgrade automatically; thus, you will continue using some of the obsolete Default Actions). There will be no issue with that, but we will remove them completely in v5.8 (in 3-4 months). All new installations will have “Cleanup” as Default Action.
Restore from the Quarantine is available until the “Quarantine” Default Action is completely removed from the product. You could still manage files in quarantine if they have been quarantined earlier.
Malware Database Scanner (MDS) improvements for WordPress
We continue improving the database scanning engine. Another update allows admin to detect and clean-up injections with various malicious and blacklisted URLs in the WordPress database. Imunify will automatically update the URL blacklists and detect all known malicious injections of <IFRAME> and <SCRIPT> that can harm your website’s reputation.
Check our instructions on how to run the Malware Database Scanner from the command-line.
If you have not yet got a chance to test our CLI version of Malware Database Scanner, check it out now and let us know how we could improve it. Please, read a comprehensive guide on the tool in our blog first.
Imunify360 v5.4.2 includes 106 tasks and 37 bug fixes.
Important tasks and issues linked to support tickets.
|Significantly improved detection rate and malicious code deobfuscator.|
|DEF-14123||Enhancement in Proactive Defense allows to track move_uploaded_files function|
|DEF-11118||Support of serialized data in the Malware Database Scanner|
|DEF-14196||‘wp_options’ table processing in the Malware Database Scanner|
|DEF-13641||Fixed bug with not converted filenames from CSV and JSON reports|
|Fixed multiple PAM issues due to missing check of "dovecot_imunify_domainowner"|
Fixed SELinux policies for OSSEC:
Fixed “500 Internal Server Error” for IPv6 addresses connecting to WebShield
Fixed migration issue
Proactive Defense: Enhanced ionCube loader support
Use tmpreaper to cleanup temporary ModSecurity files
Added support of Cloudflare’s’ APO (Automatic Platform Optimization) for WordPress
Stay in touch
Please give our product team feedback on this version 5.4.2 release, or share your ideas and feature requests via firstname.lastname@example.org.
If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.
How To Install
To install the new Imunify360 version 5.4.2, please follow the installation instructions.
How To Upgrade
If you want to upgrade to the new Imunify360 version 5.4.2 right now, you can use the updated script by running the following commands:
For the regular and safe update to Imunify360 version 5.4.2 with a gradual rollout.
yum update imunify360-firewall
Ubuntu 16.04 and 18.04 systems:
apt-get install --only-upgrade imunify360-firewall