<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Jun 24, 2021 1:46:08 AM
Yelena Gerassimenko
Yelena Gerassimenko
Yelena Gerassimenko is a product manager who facilitates Imunify 360 growth at CloudLinux, Inc. With 12 years of experience in an industry, Yelena is a cybersecurity enthusiast, always interested in discovering new and better ways to secure your servers

Release Notes: ImunifyAV(+) v.5.8

AV-major-release

We’re pleased to announce that a new version of ImunifyAV, version 5.8, is now available. The following features are new in the v.5.8 release. 
Learn about more features in Imunify360.

  • Overridable config
    Our new overridable config feature provides an easier way to manage the whole fleet of servers by creating a set of custom configs.
  • Hyperscan
    The use of Hyperscan technology provides improved speed while ensuring protection when performing a scan for malicious files. 

Overridable config

Recently we received a request from one of our big customers to have an ability to provision default config for the whole fleet of Imunify servers and keep the ability for fine tuning of each particular server depending on it’s business requirements.

When writing a set of custom configs, this feature gives users more freedom and convenience in large environments. This feature also lets users set up a granular environment by translating settings to servers and groups of servers of their choice. Finally, the new feature allows users to fine-tune each server depending on their business needs and requirements.

For your convenience we slightly modified configs organization:

  • Added a new directory for custom configs and have put there local overrides of the main config
    /etc/sysconfig/imunify360/imunify360.config.d/
  • Old config /etc/sysconfig/imunify360/imunify360.config now linked to imunify360.config.d/90-local.config. It contains changes made through UI as well as through CLI.
  • Configs in that directory will override the imunify360-base.config and each other in lexical order. First-level "sections" (like `FIREWALL`) are merged, while second-level "options" (like `FIREWALL.TCP_IN_IPv4`) are replaced completely.

This way it will be possible to keep your local customizations but still be able to rollout the main config.

The CLI command to check default configuration before merging with 90-local.config:

imunify-antivirus config show defaults

Here is an example of custom server configuration:

imunify360-base.config

Provided by Imunify installation. Contains default recommended configuration

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '8880'
  port_blocking_mode: ALLOW

imunify360.config.d/50-common.config

Provisioned by server owner to the fleet of servers.

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '21'
  port_blocking_mode: DENY

imunify360.config.d/90-local.config

Contains local customization per server individually.

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '22'
  - '12345'

The resulting (merged) configuration will look like this:

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '22'
  - '12345'
  port_blocking_mode: DENY

The mechanics is as follows: first-level "sections" - for example `FIREWALL` are merged, while second-level "options" - for example `FIREWALL.TCP_IN_IPv4` are replaced completely.

Those who don’t need this  type of overridable configs can continue to use custom configurations in /etc/sysconfig/imunify360/imunify360.config. This feature is backward compatible.

Hyperscanexperimental

Starting with Imunify360 v.5.8 uses high-performance multiple regex matching Hyperscan library in the Malware Scanner. By scanning files with Hyperscan library the scan speed drastically improved. Our test shows up to 10x performance improvement.

Hyperscan requires its own signatures set that will be downloaded from files.imunify360.com and compiled locally. There are few platform requirements to use this feature:

  • Hyperscan supports Debian, Ubuntu, CloudLinux OS Solo and CentOS/CloudLinux 7 and later.
  • SSE3 processor instructions support. It is quite common nowadays, but may be lacking in virtual environments or in some rather old servers.

By default Hyperscan feature is in the switched off state in 5.8

To switch on the feature through the UI please tick Enable Hyperscan in Settings → Malware

To switch on the feature through the CLI please use the following command:

imunify-antivirus config update '{"MALWARE_SCANNING": {"hyperscan": true}}'

Bug Fixes

  • DEF-16865: Fix for absent saved sentry reports directory for AI-Bolit wrapper
  • DEF-16952: Deobfuscator enhancement
  • DEF-16975: Fix for loading dynamic library 'hyperscan.so'

Additional information

ImunifyAV v.5.8 includes 46 tasks and 12 bug fixes.

Internal records

Important tasks and issues linked to support tickets:

DEF-16419 Change of PHP Handler for resident mode

DEF-16486
DEF-16439
DEF-16467
DEF-16352
DEF-16318
DEF-16345
DEF-16537

 Deobfuscator enhancement
DEF-16372 Verifying the list of scanned files before running stat() function
DEF-15775 File streaming for CloudAssisted and RapidAccountScan in AI-Bolit
DEF-16489 Background scan reporting includes cases with no malware

Stay in touch

Please give our product team feedback on version 5.8 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new ImunifyAV(+) v.5.8, follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new ImunifyAV(+) version 5.8 right now, you can run the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify-antivirus

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify-antivirus

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify-antivirus

Release Notes: ImunifyAV(+) v.5.8

Jun 24, 2021 1:46:08 AM
Yelena Gerassimenko Yelena Gerassimenko

AV-major-release

We’re pleased to announce that a new version of ImunifyAV, version 5.8, is now available. The following features are new in the v.5.8 release. 
Learn about more features in Imunify360.

  • Overridable config
    Our new overridable config feature provides an easier way to manage the whole fleet of servers by creating a set of custom configs.
  • Hyperscan
    The use of Hyperscan technology provides improved speed while ensuring protection when performing a scan for malicious files. 

Overridable config

Recently we received a request from one of our big customers to have an ability to provision default config for the whole fleet of Imunify servers and keep the ability for fine tuning of each particular server depending on it’s business requirements.

When writing a set of custom configs, this feature gives users more freedom and convenience in large environments. This feature also lets users set up a granular environment by translating settings to servers and groups of servers of their choice. Finally, the new feature allows users to fine-tune each server depending on their business needs and requirements.

For your convenience we slightly modified configs organization:

  • Added a new directory for custom configs and have put there local overrides of the main config
    /etc/sysconfig/imunify360/imunify360.config.d/
  • Old config /etc/sysconfig/imunify360/imunify360.config now linked to imunify360.config.d/90-local.config. It contains changes made through UI as well as through CLI.
  • Configs in that directory will override the imunify360-base.config and each other in lexical order. First-level "sections" (like `FIREWALL`) are merged, while second-level "options" (like `FIREWALL.TCP_IN_IPv4`) are replaced completely.

This way it will be possible to keep your local customizations but still be able to rollout the main config.

The CLI command to check default configuration before merging with 90-local.config:

imunify-antivirus config show defaults

Here is an example of custom server configuration:

imunify360-base.config

Provided by Imunify installation. Contains default recommended configuration

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '8880'
  port_blocking_mode: ALLOW

imunify360.config.d/50-common.config

Provisioned by server owner to the fleet of servers.

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '21'
  port_blocking_mode: DENY

imunify360.config.d/90-local.config

Contains local customization per server individually.

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '22'
  - '12345'

The resulting (merged) configuration will look like this:

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '22'
  - '12345'
  port_blocking_mode: DENY

The mechanics is as follows: first-level "sections" - for example `FIREWALL` are merged, while second-level "options" - for example `FIREWALL.TCP_IN_IPv4` are replaced completely.

Those who don’t need this  type of overridable configs can continue to use custom configurations in /etc/sysconfig/imunify360/imunify360.config. This feature is backward compatible.

Hyperscanexperimental

Starting with Imunify360 v.5.8 uses high-performance multiple regex matching Hyperscan library in the Malware Scanner. By scanning files with Hyperscan library the scan speed drastically improved. Our test shows up to 10x performance improvement.

Hyperscan requires its own signatures set that will be downloaded from files.imunify360.com and compiled locally. There are few platform requirements to use this feature:

  • Hyperscan supports Debian, Ubuntu, CloudLinux OS Solo and CentOS/CloudLinux 7 and later.
  • SSE3 processor instructions support. It is quite common nowadays, but may be lacking in virtual environments or in some rather old servers.

By default Hyperscan feature is in the switched off state in 5.8

To switch on the feature through the UI please tick Enable Hyperscan in Settings → Malware

To switch on the feature through the CLI please use the following command:

imunify-antivirus config update '{"MALWARE_SCANNING": {"hyperscan": true}}'

Bug Fixes

  • DEF-16865: Fix for absent saved sentry reports directory for AI-Bolit wrapper
  • DEF-16952: Deobfuscator enhancement
  • DEF-16975: Fix for loading dynamic library 'hyperscan.so'

Additional information

ImunifyAV v.5.8 includes 46 tasks and 12 bug fixes.

Internal records

Important tasks and issues linked to support tickets:

DEF-16419 Change of PHP Handler for resident mode

DEF-16486
DEF-16439
DEF-16467
DEF-16352
DEF-16318
DEF-16345
DEF-16537

 Deobfuscator enhancement
DEF-16372 Verifying the list of scanned files before running stat() function
DEF-15775 File streaming for CloudAssisted and RapidAccountScan in AI-Bolit
DEF-16489 Background scan reporting includes cases with no malware

Stay in touch

Please give our product team feedback on version 5.8 release. Share your ideas and feature requests through feedback@imunify360.com or via our feedback form.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new ImunifyAV(+) v.5.8, follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new ImunifyAV(+) version 5.8 right now, you can run the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify-antivirus

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify-antivirus

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify-antivirus
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.