We are always working to make our Imunify products better, faster, and more secure. One of our key differentiators is our database malware scanner: a highly responsive and flexible tool that eliminates malware in real-time. Although it is the only scanner of its kind on the market, that doesn’t stop us from improving it, to keep upping our own game – even if we’re the only one we’re competing.
Go Faster with Fewer Resources
In versions 6.7 and 6.8 we introduced a chain of iterative improvements to make our malware scanner faster and consume fewer resources.
We started by improving the scanner speed in version 6.7. We made alterations that allowed the scanner to glue together thousands of complex regular expressions during the scan in order to form a highly optimized set. This change minimized the number of checks and significantly shortened the scan time.
According to internal tests, the resulting improvement in the scan speed was 18% on average. This was a fully automatic improvement that didn't need any customer involvement – updating to the new version was enough to make it work.
We took scanner performance even higher in the next release, breaking our record.
How We Increased Speed by 2.4X
We implemented an entire set of deep code optimizations - each of these significantly improved performance, and the speedup effect compounded with previous changes. For example, we minimized the number of system calls, and optimized how signatures were compared with the file’s content in order to minimize the number of operations.
With this change, not only do the performance scans run faster, but the processing load on the servers will be further reduced. As before, no adjustments were necessary to benefit from this upgrade – the optimization will work out-of-the-box, without a need to tune or enable it.
(6.7, Epic 20127)
Smarter Cloud-Assisted Scan
Starting from 6.8, we introduced a critical improvement in cloud-assisted scanning. Information on the scanned files started to be processed and analyzed holistically, then used to pinpoint malicious files across the servers running Imunify360, ImunifyAV+, and even ImunifyAV, our free-to-use product.
This change resulted in an extensive increase in the number of known files for cloud-assisted scanning, and it positively affected the scan speed of scheduled and user scans. The benefit of the new logic could reach up to 30% in scan speed improvement at times.
Building On Earlier Improvements
We improved the malware database scanner that will be marked by extending the memory allocation for this feature up to 1024 MB by default. Along with this enhancement, we introduced a setting that provides a flexible way to define the size of RAM available for the scanner manually.
If you want to set a custom amount, please use the following command, replacing the specified value with the required one:
imunify360-agent config update '{"MALWARE_SCAN_INTENSITY": {"ram": 2048}}'
(6.4, Epic, DEF-19153)
Why Scanner Speed Matters
Database infections are a destructive and persistent threat. Our malware database scanner gets to the root of the problems and eliminates those database infections. With Imunify 360 v6.1, we put the default setting to “auto-cleanup” to ensure that Imunify360 continues its mission to work without any oversight or management. You can find more information in our earlier MDS announcement post.
To check if the cleanup option is active, go to the Settings → Malware tab in the Imunify360 interface and look for the “Default action on detect” option.
Or just use the CLI to set the default action:# imunify360-agent config update '{"MALWARE_SCANNING": {"default_action": "cleanup"}}'
Note, the action specified as default will be applied for all scan types: files and databases.