<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Release Notes: Imunify360 v.6.2

IM360-major-release

We’re pleased to announce a new version of Imunify360. Version 6.2 is now available. The following features are new in the v6.2 release:

  • Scan for archive files
    Starting from version 6.2 the archive files uploaded to the server will be thoroughly checked for the signs of malware.
  • Improved Proactive Defense
    We reworked the Proactive Defense rules system to improve processing speed and eliminate possible false positives.
  • "Delete" and "Quarantine" options removal
    In this version and going forward, the  "Delete" and "Quarantine" options will be unavailable in our Malware Scanner. These options are no longer effective and are now obsolete.
  • Better Malware Database Scanner
    After extensive analysis, we are changing the status of the Malware Database Scanner feature. Proven stability led to the removal of its experimental status.
  • Recommended security settings
    We chose to promote a few features that we consider important and affect the overall security of a server in a positive way. 

This is what we updated in version 6.2: 

Scan for archive files

A lot of phishing content these days is spread in archives and is later unpacked under the HTML folder of the users. Cyber-criminals often attempt to bypass efforts to scan files at upload points and insert the corrupt payload before the upload. Also, WordPress themes need to be uploaded as .zip files. All of this creates a risk connected with use of the archive files. We came up with a feature that is designed to lower the threat of malware infection and phishing for our customers.

In this version of Imunify360 we added the ability to perform a scan for .zip files on upload. Whenever such a file is about to be uploaded, the system will be triggered and the files inside the archive will be scanned for malware one by one. To keep scanner performance we decided to limit the scope of scanned archives by the cPanel FIleMan, ModSecurity and FTP uploads. Thus, malware alerts will be visible on the “Incidents” tab.

image (1)

These incidents will be marked as rule=33363, rule=33331 or rule=6070.image (2)

Starting from version 6.2 Imunify360 will scan zip archives by default. It will not be possible to disable this functionality through the UI, but it will be possible through the command line.

For Ubuntu, CentOS/CloudLinux >= 7

To disable scanning of archives, you will need to run the following command:

echo '' > /etc/sysconfig/aibolit-resident && systemctl daemon-reload && systemctl restart aibolit-resident.service

To switch the feature back on:

echo 'ARCHIVE_SCAN="--scan-archive"' > /etc/sysconfig/aibolit-resident && systemctl daemon-reload && systemctl restart aibolit-resident.service

For CentOS/CloudLinux 6

To disable scanning of archives, you will need to run the following command:

sed -i 's/--scan-archive//g' /etc/minidaemon/minidaemon-aibolit.cfg && /sbin/service minidaemon stop && /sbin/service minidaemon start

To switch the feature back on:

sed -ri "s/^(cmd=.*)$/\1--scan-archive/g" /etc/minidaemon/minidaemon-aibolit.cfg && /sbin/service minidaemon stop && /sbin/service

Improved Proactive Defense

The performance of Proactive Defense is one of our top priorities. In this release, we did some heavy lifting - reorganized and improved our rules system. Now it performs much faster and catches malicious actions with higher precision.

Our internal tests show overhead decrease in the range of  10% - 30%  depending on the software running on the server. Together with new Proactive Defense rules that were released at the beginning of December, the improvement can hit an overwhelming 60%!

This is an improvement that many Imunify customers waited for to get an ability to set up Imunify360 on high loaded servers or to fit more users on the same servers and stay protected. 

"Delete" and "Quarantine" options removal

Earlier we came to the conclusion that “Quarantine” or “Delete” actions for Imunify360 Malware Scanner are no longer effective and created a plan to discontinue them. On October 9, 2020 we published our plan on gradual removal of these actions and the first stage of quarantine-removal was implemented in version 5.4 (October 29, 2020).

In this version, we are following through the last stage of this plan. A more detailed explanation of the necessity of this can be found in a previously published article.

We remove “Quarantine” and “Delete” actions permanently from the UI as well as the CLI in Imunify360, starting from version 6.2. Previously quarantined files are also subject to deletion. After this change is implemented, the restoration of the previously quarantined files will become impossible.

Better Malware Database Scanner

Since the Malware Database Scanner release in Imunify360 version 6.0, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing improved security. Taking this into account we decided to no longer consider it experimental.

From v6.2 and further on, Malware Database Scanner will be enabled by default for all new installations.

We recommend you switch the Malware Database Scanner feature using the following CLI command:

# imunify360-agent config update '{"MALWARE_DATABASE_SCAN": {"enable": true}}'

Also, you can enable the setting through the user interface. To switch on Malware Database Scanner go to the Malware tab in the Settings and check the Malware Database Scanner checkbox.

Edit: Malware Database Scanner related changes will not be included in v.6.2. Availability of this feature will be announced separately.

Recommended security settings

In version 6.2 we would like to promote optimal security configuration. The following features additionally will be promoted using Dashboard recommendations and Advisor:

Feature Dashboard recommendation Severity Advisor
Malware Database Scanner + medium +
Connection-based DoS Protection + medium  

WordPress Account Compromise Prevention

+ medium  
Automatically scan all modified files + medium +
Automatically scan any file uploaded using web + medium +
Automatically scan any file uploaded using ftp + medium +
Optimize real-time scan + medium +
ELF malware detection + optional  
Blamer + important +
RapidScan + medium  
WebShield + important +
Kill mode for Proactive Defense + important +
PHP Immunity + important +

 

These features deserve to be promoted since switching them on will reduce the infection rate and enhance protection.

Additional information

Imunify360 v6.2 includes 46 tasks and 17 bug fixes.

Internal records

Please see the detailed description of the changes we made in the product in version 6.2 through our publicly available changelog for Imunify360.

Stay in touch

Please give our product team feedback on this version 6.2 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.6.2, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 6.2 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 6.2 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Release Notes: Imunify360 v.6.2

IM360-major-release

We’re pleased to announce a new version of Imunify360. Version 6.2 is now available. The following features are new in the v6.2 release:

  • Scan for archive files
    Starting from version 6.2 the archive files uploaded to the server will be thoroughly checked for the signs of malware.
  • Improved Proactive Defense
    We reworked the Proactive Defense rules system to improve processing speed and eliminate possible false positives.
  • "Delete" and "Quarantine" options removal
    In this version and going forward, the  "Delete" and "Quarantine" options will be unavailable in our Malware Scanner. These options are no longer effective and are now obsolete.
  • Better Malware Database Scanner
    After extensive analysis, we are changing the status of the Malware Database Scanner feature. Proven stability led to the removal of its experimental status.
  • Recommended security settings
    We chose to promote a few features that we consider important and affect the overall security of a server in a positive way. 

This is what we updated in version 6.2: 

Scan for archive files

A lot of phishing content these days is spread in archives and is later unpacked under the HTML folder of the users. Cyber-criminals often attempt to bypass efforts to scan files at upload points and insert the corrupt payload before the upload. Also, WordPress themes need to be uploaded as .zip files. All of this creates a risk connected with use of the archive files. We came up with a feature that is designed to lower the threat of malware infection and phishing for our customers.

In this version of Imunify360 we added the ability to perform a scan for .zip files on upload. Whenever such a file is about to be uploaded, the system will be triggered and the files inside the archive will be scanned for malware one by one. To keep scanner performance we decided to limit the scope of scanned archives by the cPanel FIleMan, ModSecurity and FTP uploads. Thus, malware alerts will be visible on the “Incidents” tab.

image (1)

These incidents will be marked as rule=33363, rule=33331 or rule=6070.image (2)

Starting from version 6.2 Imunify360 will scan zip archives by default. It will not be possible to disable this functionality through the UI, but it will be possible through the command line.

For Ubuntu, CentOS/CloudLinux >= 7

To disable scanning of archives, you will need to run the following command:

echo '' > /etc/sysconfig/aibolit-resident && systemctl daemon-reload && systemctl restart aibolit-resident.service

To switch the feature back on:

echo 'ARCHIVE_SCAN="--scan-archive"' > /etc/sysconfig/aibolit-resident && systemctl daemon-reload && systemctl restart aibolit-resident.service

For CentOS/CloudLinux 6

To disable scanning of archives, you will need to run the following command:

sed -i 's/--scan-archive//g' /etc/minidaemon/minidaemon-aibolit.cfg && /sbin/service minidaemon stop && /sbin/service minidaemon start

To switch the feature back on:

sed -ri "s/^(cmd=.*)$/\1--scan-archive/g" /etc/minidaemon/minidaemon-aibolit.cfg && /sbin/service minidaemon stop && /sbin/service

Improved Proactive Defense

The performance of Proactive Defense is one of our top priorities. In this release, we did some heavy lifting - reorganized and improved our rules system. Now it performs much faster and catches malicious actions with higher precision.

Our internal tests show overhead decrease in the range of  10% - 30%  depending on the software running on the server. Together with new Proactive Defense rules that were released at the beginning of December, the improvement can hit an overwhelming 60%!

This is an improvement that many Imunify customers waited for to get an ability to set up Imunify360 on high loaded servers or to fit more users on the same servers and stay protected. 

"Delete" and "Quarantine" options removal

Earlier we came to the conclusion that “Quarantine” or “Delete” actions for Imunify360 Malware Scanner are no longer effective and created a plan to discontinue them. On October 9, 2020 we published our plan on gradual removal of these actions and the first stage of quarantine-removal was implemented in version 5.4 (October 29, 2020).

In this version, we are following through the last stage of this plan. A more detailed explanation of the necessity of this can be found in a previously published article.

We remove “Quarantine” and “Delete” actions permanently from the UI as well as the CLI in Imunify360, starting from version 6.2. Previously quarantined files are also subject to deletion. After this change is implemented, the restoration of the previously quarantined files will become impossible.

Better Malware Database Scanner

Since the Malware Database Scanner release in Imunify360 version 6.0, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing improved security. Taking this into account we decided to no longer consider it experimental.

From v6.2 and further on, Malware Database Scanner will be enabled by default for all new installations.

We recommend you switch the Malware Database Scanner feature using the following CLI command:

# imunify360-agent config update '{"MALWARE_DATABASE_SCAN": {"enable": true}}'

Also, you can enable the setting through the user interface. To switch on Malware Database Scanner go to the Malware tab in the Settings and check the Malware Database Scanner checkbox.

Edit: Malware Database Scanner related changes will not be included in v.6.2. Availability of this feature will be announced separately.

Recommended security settings

In version 6.2 we would like to promote optimal security configuration. The following features additionally will be promoted using Dashboard recommendations and Advisor:

Feature Dashboard recommendation Severity Advisor
Malware Database Scanner + medium +
Connection-based DoS Protection + medium  

WordPress Account Compromise Prevention

+ medium  
Automatically scan all modified files + medium +
Automatically scan any file uploaded using web + medium +
Automatically scan any file uploaded using ftp + medium +
Optimize real-time scan + medium +
ELF malware detection + optional  
Blamer + important +
RapidScan + medium  
WebShield + important +
Kill mode for Proactive Defense + important +
PHP Immunity + important +

 

These features deserve to be promoted since switching them on will reduce the infection rate and enhance protection.

Additional information

Imunify360 v6.2 includes 46 tasks and 17 bug fixes.

Internal records

Please see the detailed description of the changes we made in the product in version 6.2 through our publicly available changelog for Imunify360.

Stay in touch

Please give our product team feedback on this version 6.2 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.6.2, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 6.2 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 6.2 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall
Subscribe to Imunify security Newsletter