Files can be rated as malicious based on our own signatures database which is constantly being replenished and updated from our end.
Updates of the malware signatures database are released every business day. After the release, the update reaches clients' servers within 4 hours – every 4 hours the hosts check for updates, and if any has already been released, it downloads them, so these changes can be installed on the server even earlier than the terms specified.
You can also use this command to urgently update signatures if one has already been released:
$ imunify360-agent update sigs --force
The signatures updates should be logged in the /var/log/imunify360/console.log.
The logs themselves will be looking in the following way:
$ grep 'sigs' /var/log/imunify360/console.log
INFO [2020-03-12 04:24:21,627] defence360agent.files: sigs was updated less than 4 hours ago.
INFO [2020-03-18 14:53:33,925] defence360agent.files: Updating sigs files
INFO [2020-03-18 14:54:41,243] defence360agent.files: Updated sigs using file by file download
INFO [2020-03-18 18:00:16,729] defence360agent.files: sigs was updated less than 4 hours ago.
INFO [2020-03-18 18:01:12,848] defence360agent.files: sigs was updated less than 4 hours ago.
INFO [2020-03-18 18:02:40,476] defence360agent.files: Updating sigs files
INFO [2020-03-18 18:02:49,378] defence360agent.files: Updated sigs using all.zip
Comments
5 comments
Hey Anna seems like it doesnt get dedected, we also migrate to new server, an seems like tons of wordpress with old version getting hacked and hacked, it feels like waf and malware scanner not really working!
Here another malware sample from an hour ago in wp-admin folder -
Hi Dean!
Sorry to know the hacking is still taking place after the migration.
I can see the sample provided is detected by our scanning engine with the following signature:
Indeed, we recommend that you refrain from running outdated versions of the WordPress script and themes/plugins because old versions may have vulnerabilities leading to malicious code injections like this one – you may notice the signature indicates a backdoor infection.
Also, ensure that all real-time scanner options are enabled especially for newly added/modified (notify) files:
Database scanner feature may also help in case of WordPress infection: https://docs.imunify360.com/dashboard/#malware-database-scanner To enable it, please run the following as root:
To have files scanned with the latest scan build, check if the Imuinfy360 agent is of the latest version. The following update instructions may be handy:
Finally, if the situation does not change after following the recommendations below, please consider contacting our support team at https://cloudlinux.zendesk.com/hc/en-us/requests/new – our specialists will be happy to help you with this.
Hey Anna seems like Malware scanner not really works in the server as you said "Get dedected"
But seems not, could you please take alook in my ticket?
Dean, as far as I see ticket has been handled by our team already.
Please sign in to leave a comment.