Integration with ImunifyAV

ImunifyAV antivirus is a website antivirus that scans user websites for detecting malware codes and monitoring the domain blacklists of Google, Yandex, and other resources. The antivirus detects and deletes malware scripts such as web-shells, backdoors, phishing pages, trojans, etc.

ImunifyAV official website.

Licenses

The module has the following functions: 

• unlimited checks;
• only administrators can run antivirus checks;
• "By users" mode allows scanning the whole directory of a selected user including his websites starting from /var/www//;
• "By domain" mode allows scanning the whole directory of a web-domain;
• can't cure and delete infected files.

Installing the module

The module with a free version is installed automatically.

Navigate to Integration → Modules →  ImunifyAV (ex. Revisium). Click on Trial to activate a free version or Buy to order the Premium license. 

Before you install the module, make sure that: 

• a public IP address is assigned to the server with ISPmanager;
• PHP 7.1 can use the functions putenv and passthru. Go to Web-server settings→ PHP → select PHP 7.1 → Settings. Check that "putenv"  and "passthru" are not specified for the "disable_functions"  variable. 

Configuring the module

Perform the following steps to set up the module:

1. Go to Tools→ ImunifyAV (ex. Revisium) → Settings.
2. Select the file types to scan: 
   1. Quick-check — the antivirus will check critical files only ( ph*,htm*, js,txt,tpl and other critical files). This helps reduce server load and increase scanning speed dramatically. 
   2. Disable Quick-check for full scanning. Skip media files — select the checkbox not to scan media files and documents. You can select the checkbox Optimize by speed to scan files from cache folders selectively. It speeds up the scanning process with the same level of malware detection;
3. Max concurrent threads. Possible values: "1", "2", "4". The optimal value is 0,5 *number of available server kernels. 
4. Max allowed memory per scanning (Mb) — configures how much memory is allowed for a single scanning process. If some websites fail to scan try to increase this value. Possible values: "256Mb", "384Mb", "512Mb", "1024Mb".
5. Set the Log level to increase the logging level. Possible values:"Full' and 'Regular". 
6. Select the Max. scanning time for 1 site to set the time to scan a website. Possible values:"1 hour", "3 hours", "12 hours", "24 hours", "Unlimited".
7. Check domain blacklisted status — if the option is on, the antivirus will check a domain for blacklisted status in Google and antivirus services. 
8. Enable the option Auto update antivirus databases to keep the  ImunifyAV bases up to date.
9. Automatic scanning parameters:
   1. Scheduled scanning —  set the interval of automatic website scanning. Possible values: "Never", "Once a month", "Daily", "Once a week", "Once a month".
   2. In the Start at field set the time when the scanning process will start automatically. 
   3. Notify admin via email — select the checkbox to notify administrator on malware detection after scheduled scanning. Enter the Email for notifications in the field that will open. 
   4. Select the checkbox Send using SMTP — select the check box to use an external SMTP server instead of common php mail() function. SMTP server — enter the URL of the SMTP-server; SMTP user — enter user login of the SMTP-server; SMTP password — enter the user password of the SMTP-server; SMTP port — enter the port to connect to the SMTP-server. Enable the option Enable SSL for SMTP when SMTP connection needs to go over SSL.
      
10. Banner settings:
    
    1. Select the Malware detection banner checkbox to show the banner in ISPmanager upon malware detection.
    2. Select the Misconfigured notifications banner checkbox to show the banner in ISPmanager when email notifications are not configured.
11. Number of days to keep sets a period in days to keep original versions of cleaned files. This option is available only in the Premium version. Possible values: "7", "14", "30".
12. Trim malicious files instead of deleting it — select the checkbox not to files when malware is detected but trim it instead. The website will work correctly after automatic scanning if malicious files are not included into another files or database. This option is available only in the Premium version.

Management tools

Navigate to Tools→ ImunifyAV (ex. Revisium).

Scanning modes

There are two scanning modes:

• By users — the system will check domain directories for viruses and domain reputation for blacklist statuses.
• By domains — the system will check user directories including all domains. Domain reputation is not checked.

To change the mode click By user or By domains. 

Scanning

To start the scanning process, click the following buttons:

• Scan all — scan all domains/users;
• Scan — scan the selected domain/user only. 

If the system detects malware objects, the infected domain/user will be marked as "infected". You will see the following buttons on the toolbar:

• Report — view the detailed report to see detected files;
• Cleanup— cure the files according to the scanning settings.

Once completed, the status in the list of domains/users will change into "Cured". You will show the number of cured threads, date and time when the clean processes started. Clicking the "Undo" button will restore the files back. 

Copies of the files before they were cured are stored in the temporary directory usr/local/mgr5/var/raisp_data/backups/.

ImunifyAV  logs are stored in /usr/local/mgr5/var/raisp_data/log. /usr/local/mgr5/var/raisp_data/log.