Release Notes: Imunify360 v.6.2 beta
We’re pleased to announce a new beta version of Imunify360. Version 6.2 is now available. The following features are new in the v6.2 beta release:
- Scan for archive files
Starting from version 6.2 the archive files uploaded to the server will be thoroughly checked for the signs of malware. - Improved Proactive Defense
We reworked the Proactive Defense rules system to improve processing speed and eliminate possible false positives. - "Delete" and "Quarantine" options removal
In this version and going forward, the "Delete" and "Quarantine" options will be unavailable in our Malware Scanner. These options are no longer effective and are now obsolete. - Better Malware Database Scanner
After extensive analysis, we are changing the status of the Malware Database Scanner feature. Proven stability led to the removal of its experimental status. - Recommended security settings
We chose to promote a few features that we consider important and affect the overall security of a server in a positive way.
This is what we updated in version 6.2:
Scan for archive files
A lot of phishing content these days is spread in archives and is later unpacked under the HTML folder of the users. Cyber-criminals often attempt to bypass efforts to scan files at upload points and insert the corrupt payload before the upload. Also, WordPress themes need to be uploaded as .zip files. All of this creates a risk connected with use of the archive files. We came up with a feature that is designed to lower the threat of malware infection and phishing for our customers.
In this version of Imunify360 we added the ability to perform a scan for .zip files on upload. Whenever such a file is about to be uploaded, the system will be triggered and the files inside the archive will be scanned for malware one by one. To keep scanner performance we decided to limit the scope of scanned archives by the cPanel FIleMan, ModSecurity and FTP uploads. Thus, malware alerts will be visible on the “Incidents” tab.
These incidents will be marked as rule=33363, rule=33331 or rule=6070.
Starting from version 6.2 Imunify360 will scan zip archives by default. It will not be possible to disable this functionality through the UI, but it will be possible through the command line.
For Ubuntu, CentOS/CloudLinux >= 7
To disable scanning of archives, you will need to run the following command:
echo '' > /etc/sysconfig/aibolit-resident && systemctl daemon-reload && systemctl restart aibolit-resident.service
To switch the feature back on:
echo 'ARCHIVE_SCAN="--scan-archive"' > /etc/sysconfig/aibolit-resident && systemctl daemon-reload && systemctl restart aibolit-resident.service
For CentOS/CloudLinux 6
To disable scanning of archives, you will need to run the following command:
sed -i 's/--scan-archive//g' /etc/minidaemon/minidaemon-aibolit.cfg && /sbin/service minidaemon stop && /sbin/service minidaemon start
To switch the feature back on:
sed -ri "s/^(cmd=.*)$/\1--scan-archive/g" /etc/minidaemon/minidaemon-aibolit.cfg && /sbin/service minidaemon stop && /sbin/service
Improved Proactive Defense
The performance of Proactive Defense is one of our top priorities. In this release, we did some heavy lifting - reorganized and improved our rules system. Now it performs much faster and catches malicious actions with higher precision.
Our internal tests show overhead decrease in the range of 10% - 30% depending on the software running on the server. Together with new Proactive Defense rules that were released at the beginning of December, the improvement can hit an overwhelming 60%!
This is an improvement that many Imunify customers waited for to get an ability to set up Imunify360 on high loaded servers or to fit more users on the same servers and stay protected.
"Delete" and "Quarantine" options removal
Earlier we came to the conclusion that “Quarantine” or “Delete” actions for Imunify360 Malware Scanner are no longer effective and created a plan to discontinue them. On October 9, 2020 we published our plan on gradual removal of these actions and the first stage of quarantine-removal was implemented in version 5.4 (October 29, 2020).
In this version, we are following through the last stage of this plan. A more detailed explanation of the necessity of this can be found in a previously published article.
We remove “Quarantine” and “Delete” actions permanently from the UI as well as the CLI in Imunify360, starting from version 6.2. Previously quarantined files are also subject to deletion. After this change is implemented, the restoration of the previously quarantined files will become impossible.
Better Malware Database Scanner
Since the Malware Database Scanner release in Imunify360 version 6.0, we have kept a close eye on its performance. While it was experimental, it did prove to be stable, functioning as expected by providing improved security. Taking this into account we decided to no longer consider it experimental.
From v6.2 and further on, Malware Database Scanner will be enabled by default for all new installations.
We recommend you switch the Malware Database Scanner feature using the following CLI command:
# imunify360-agent config update '{"MALWARE_DATABASE_SCAN": {"enable": true}}'
Also, you can enable the setting through the user interface. To switch on Malware Database Scanner go to the Malware tab in the Settings and check the Malware Database Scanner checkbox.
Edit: Malware Database Scanner related changes will not be included in v.6.2. Availability of this feature will be announced separately.
Recommended security settings
In version 6.2 we would like to promote optimal security configuration. The following features additionally will be promoted using Dashboard recommendations and Advisor:
Feature | Dashboard recommendation | Severity | Advisor |
Malware Database Scanner | + | medium | + |
Connection-based DoS Protection | + | medium | |
WordPress Account Compromise Prevention | + | medium | |
Automatically scan all modified files | + | medium | + |
Automatically scan any file uploaded using web | + | medium | + |
Automatically scan any file uploaded using ftp | + | medium | + |
Optimize real-time scan | + | medium | + |
ELF malware detection | + | optional | |
Blamer | + | important | + |
RapidScan | + | medium | |
WebShield | + | important | + |
Kill mode for Proactive Defense | + | important | + |
PHP Immunity | + | important | + |
These features deserve to be promoted since switching them on will reduce the infection rate and enhance protection.
Additional information
Imunify360 v6.2 includes 46 tasks and 17 bug fixes.
Internal records
Please see the detailed description of the changes we made in the product in version 6.2 through our publicly available changelog for Imunify360.
Stay in touch
Please give our product team feedback on this version 6.2 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.
If you encounter any problems with this beta release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.
How to install
To install the new Imunify360 v.6.2 beta, please follow the instructions in the documentation.
How to upgrade
To upgrade Imunify360 on CentOS/CloudLinux/AlmaLinux systems, run the command:
yum update imunify360-firewall --enablerepo=imunify360-testing
To upgrade Imunify360 on Ubuntu 16.04, run the following command:
echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/16.04/ xenial main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall
To upgrade Imunify360 on Ubuntu 18.04, run the following command:
echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/18.04/ bionic main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall
To upgrade Imunify360 on Ubuntu 20.04, run the following command:
echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/ubuntu-testing/20.04/ focal main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall
To upgrade Imunify360 on Debian 9, run the following command:
echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/debian-testing/9/ stretch main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall
To upgrade Imunify360 on Debian 10, run the following command:
echo 'deb https://repo.imunify360.cloudlinux.com/imunify360/debian-testing/10/ buster main' > /etc/apt/sources.list.d/imunify360-testing.list
apt-get update
apt-get install --only-upgrade imunify360-firewall