Release Notes: ImunifyAV(+) v.5.8
We’re pleased to announce that a new version of ImunifyAV, version 5.8, is now available. The following features are new in the v.5.8 release.
Learn about more features in Imunify360.
- Overridable config
Our new overridable config feature provides an easier way to manage the whole fleet of servers by creating a set of custom configs. - Hyperscan
The use of Hyperscan technology provides improved speed while ensuring protection when performing a scan for malicious files.
Overridable config
Recently we received a request from one of our big customers to have an ability to provision default config for the whole fleet of Imunify servers and keep the ability for fine tuning of each particular server depending on it’s business requirements.
When writing a set of custom configs, this feature gives users more freedom and convenience in large environments. This feature also lets users set up a granular environment by translating settings to servers and groups of servers of their choice. Finally, the new feature allows users to fine-tune each server depending on their business needs and requirements.
For your convenience we slightly modified configs organization:
- Added a new directory for custom configs and have put there local overrides of the main config
/etc/sysconfig/imunify360/imunify360.config.d/ - Old config /etc/sysconfig/imunify360/imunify360.config now linked to imunify360.config.d/90-local.config. It contains changes made through UI as well as through CLI.
- Configs in that directory will override the imunify360-base.config and each other in lexical order. First-level "sections" (like `FIREWALL`) are merged, while second-level "options" (like `FIREWALL.TCP_IN_IPv4`) are replaced completely.
This way it will be possible to keep your local customizations but still be able to rollout the main config.
The CLI command to check default configuration before merging with 90-local.config:
imunify-antivirus config show defaults
Here is an example of custom server configuration:
imunify360-base.config Provided by Imunify installation. Contains default recommended configuration |
FIREWALL: |
imunify360.config.d/50-common.config Provisioned by server owner to the fleet of servers. |
FIREWALL: |
imunify360.config.d/90-local.config Contains local customization per server individually. |
FIREWALL: |
The resulting (merged) configuration will look like this:
FIREWALL:
TCP_IN_IPv4:
- '20'
- '22'
- '12345'
port_blocking_mode: DENY
The mechanics is as follows: first-level "sections" - for example `FIREWALL` are merged, while second-level "options" - for example `FIREWALL.TCP_IN_IPv4` are replaced completely.
Those who don’t need this type of overridable configs can continue to use custom configurations in /etc/sysconfig/imunify360/imunify360.config. This feature is backward compatible.
Hyperscanexperimental
Starting with Imunify360 v.5.8 uses high-performance multiple regex matching Hyperscan library in the Malware Scanner. By scanning files with Hyperscan library the scan speed drastically improved. Our test shows up to 10x performance improvement.
Hyperscan requires its own signatures set that will be downloaded from files.imunify360.com and compiled locally. There are few platform requirements to use this feature:
- Hyperscan supports Debian, Ubuntu, CloudLinux OS Solo and CentOS/CloudLinux 7 and later.
- SSE3 processor instructions support. It is quite common nowadays, but may be lacking in virtual environments or in some rather old servers.
By default Hyperscan feature is in the switched off state in 5.8
To switch on the feature through the UI please tick Enable Hyperscan in Settings → Malware
To switch on the feature through the CLI please use the following command:
imunify-antivirus config update '{"MALWARE_SCANNING": {"hyperscan": true}}'
Bug Fixes
- DEF-16865: Fix for absent saved sentry reports directory for AI-Bolit wrapper
- DEF-16952: Deobfuscator enhancement
- DEF-16975: Fix for loading dynamic library 'hyperscan.so'
Additional information
ImunifyAV v.5.8 includes 46 tasks and 12 bug fixes.
Internal records
Important tasks and issues linked to support tickets:
DEF-16419 | Change of PHP Handler for resident mode |
DEF-16486 |
Deobfuscator enhancement |
DEF-16372 | Verifying the list of scanned files before running stat() function |
DEF-15775 | File streaming for CloudAssisted and RapidAccountScan in AI-Bolit |
DEF-16489 | Background scan reporting includes cases with no malware |
Stay in touch
Please give our product team feedback on version 5.8 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.
If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.
How to install
To install the new ImunifyAV(+) v.5.8, follow the instructions in the documentation.
How to upgrade
If you want to upgrade to the new ImunifyAV(+) version 5.8 right now, you can run the following commands:
wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh
For the regular and safe update with a gradual rollout.
CentOS/CloudLinux systems:
yum update imunify-antivirus
Ubuntu 16.04, 18.04, and 20.04 systems:
apt-get update
apt-get install --only-upgrade imunify-antivirus
Debian 9 and 10 systems:
apt-get update
apt-get install --only-upgrade imunify-antivirus