<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Release Notes: Imunify360 v.5.4 beta

Oct 29, 2020 5:38:56 PM / by Greg Zemskov

 

IM-beta-release

We’re pleased to announce that a new beta version of Imunify360, version 5.4, is now available. The following features are new in the v.5.4 beta release:

  • Nginx support for “no panel” installations
    Imunify360 now supports Nginx + ModSecurity v3 setup on a server without a panel.
  • Gradual removal of "Delete" and "Quarantine" actions
    Version 5.4 introduces the first step of “Delete” and “Quarantine” default action removal in the Malware Scanner UI. All stages were announced and explained in our blog earlier.
  • Malware Database Scanner (MDS) improvements
    Earlier this year, we announced the CLI tool to find malicious injections in the database and clean-up them automatically. We continue improving the scanning engine. Another update allows the admin to detect and clean-up injections with various malicious and blacklisted URLs, which are stored in a separate URL database and regularly updated along with Malware Scanner databases. 

Let’s review the changes in version 5.4.

Nginx support for “no panel” installations

If you are managing a server powered by Nginx with a custom panel installed or without a panel, it’s the best time to install Imunify360 on it and protect your server proactively from all known threats, including all sorts of L7 attacks, malware, and web spam. 

Imunify360 could be easily configured with a few steps on a “panel-less” setup, so you will start to benefit from the security suite almost instantly.

Detailed documentation on how to configure Imunify360 with Nginx and ModSecurity v3 is available here.

Im360V5.4-1

Gradual removal of "Delete" and "Quarantine" Default Actions

During the last few years, Imunify products utilized several ways of handling malicious files in the Malware Scanner, giving users an option to choose a way that fits them best (Delete permanently, Quarantine file, Cleanup, or Just display in the dashboard). It’s been a while since we introduced the options, and some of them are obsolete and outdated (basically, they can cause issues). It was explained in detail in our blog post some time ago.

Im360V5.4-2

Ultimately, the Cleanup option includes everything needed to make the malware removal process safe and effective, and the websites remain operational afterward, unlike the quarantining and entire deletion of malicious files. None of the obsolete actions (Delete, Quarantine) can deal with injections, which are roughly half of all malicious entries found on infected websites, but the clean-up can.

Version 5.4 introduces the first step of “Delete” and “Quarantine” Default Action removal in the Malware Scanner UI. The options will still be available via the configuration file and the CLI, but they will be removed from the Settings’ drop-down list. If you have it selected, we recommend changing the Default Action to “Cleanup” (otherwise, it will not be changed upon the Imunify360 upgrade automatically; thus, you will continue using some of the obsolete Default Actions). There will be no issue with that, but we will remove them completely in v5.8 (in 3-4 months). All new installations will have “Cleanup” as Default Action.

Restore from the Quarantine is available until the “Quarantine” Default Action is completely removed from the product. You could still manage files in quarantine if they have been quarantined earlier. 

Malware Database Scanner (MDS) improvements for WordPress

We continue improving the database scanning engine. Another update allows admin to detect and clean-up injections with various malicious and blacklisted URLs in the WordPress database. Imunify will automatically update the URL blacklists and detect all known malicious injections of <IFRAME> and <SCRIPT> that can harm your website’s reputation. 

Check our instructions on how to run the Malware Database Scanner from the command-line. 

If you have not yet got a chance to test our CLI version of Malware Database Scanner, check it out now and let us know how we could improve it. Please, read a comprehensive guide on the tool in our blog first.

Additional information

Imunify360 v5.4 includes 102 tasks and 33 bug fixes.

Internal records

DEF-13869
DEF-13901
DEF-13946
DEF-13998
DEF-14006
DEF-14084
DEF-14127
DEF-14157
DEF-14178
DEF-14197
DEF-14198
DEF-14227
DEF-14244
DEF-14258
DEF-14268
DEF-14294
DEF-14321
DEF-14337
DEF-14350
DEF-14371
DEF-14378
DEF-14409

Significantly improved detection rate and malicious code deobfuscator.
DEF-14123 Enhancement in Proactive Defense allows to track move_uploaded_files function
DEF-11118 Support of serialized data in the Malware Database Scanner
DEF-14196 ‘wp_options’ table processing in the Malware Database Scanner
DEF-13641 Fixed bug with not converted filenames from CSV and JSON reports

DEF-14226
DEF-14353
DEF-14525
DEF-14569

Fixed multiple PAM issues due to missing check of  "dovecot_imunify_domainowner"

Stay in touch

Please give our product team feedback on this version 5.4 release, or share your ideas and feature requests via feedback@imunify360.com.

If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 beta v.5.4, please follow the instructions in the documentation.

How to upgrade

To upgrade Imunify360 on CentOS/CloudLinux systems, run the command:

yum update imunify360-firewall --enablerepo=imunify360-testing

To upgrade Imunify360 on Ubuntu 16.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

To upgrade Imunify360 on Ubuntu 18.04, run the following command:

echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main'  > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall

Topics: Imunify360, Release

Greg Zemskov

Written by Greg Zemskov

Imunify Security, Product Owner

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts