ImunifyAV antivirus is a website antivirus that scans user websites for detecting malware codes and monitoring the domain blacklists of Google, Yandex, and other resources. The antivirus detects and deletes malware scripts such as web-shells, backdoors, phishing pages, trojans, etc.
ImunifyAV does not scan archives.
The module has two versions that deliver the following functions:
Revisium Antivirus Free
- unlimited checks;
- only administrators can run antivirus checks;
- "By users" mode allows scanning the whole directory of a selected user including his websites starting from /var/www/<user>/;
- "By domain" mode allows scanning the whole directory of a web-domain;
- can't cure and delete infected files.
Revisium Antivirus Premium
- only administrators can run antivirus checks;
- scheduled website scanning;
- cure and delete infected files;
- store copies of cured files;
- email notifications about infected sites after scanning.
Installing the module
The module with a free version is installed automatically.
Navigate to Integration → Modules → ImunifyAV (ex. Revisium). Click on Trial to activate a free version or Buy to order the Premium license.
Before you install the module, make sure that:
- a public IP address is assigned to the server with ISPmanager;
- PHP 7.1 can use the functions putenv and passthru. Go to Web-server settings→ PHP → select PHP 7.1 → Settings. Check that "putenv" and "passthru" are not specified for the "disable_functions" variable.
PHP 7.1 and the required extensions (ioncube, posix, intl, json) will be installed and activated automatically when installing the antivirus module.
Configuring the module
The system configures the same antivirus settings both for domains and users.
Perform the following steps to set up the module:
- Go to Tools→ ImunifyAV (ex. Revisium) → Settings.
- Select the file types to scan:
- Quick-check — the antivirus will check critical files only ( ph*,htm*, js,txt,tpl and other critical files). This helps reduce server load and increase scanning speed dramatically.
- Diasable Quick-check for full scanning. Skip media files — select the checkbox not to scan media files and documents. You can select the checkbox Optimize by speed to scan files from cache folders selectively. It speeds up the scanning process with the same level of malware detection;
- Max concurrent threads. Possible values: "1", "2", "4". The optimal value is 0,5 *number of available server kernels.
- Max allowed memory per scanning (Mb) — configures how much memory is allowed for a single scanning process. If some websites fail to scan try to increase this value. Possible values: "256Mb", "384Mb", "512Mb", "1024Mb".
- Set the Log level to increase the logging level. Possible values:"Full' and 'Regular".
- Select the Max. scanning time for 1 site to set the time to scan a website. Possible values:"1 hour", "3 hours", "12 hours", "24 hours", "Unlimited".
- Check domain blacklisted status — if the option is on, the antivirus will check a domain for blacklisted status in Google and antivirus services.
- Enable the option Auto update antivirus databases to keep the ImunifyAV bases up to date.
- Automatic scanning parameters:
- Scheduled scanning — set the interval of automatic website scanning. Possible values: "Never", "Once a month", "Daily", "Once a week", "Once a month".
- In the Start at fieldset the time when the scanning process will start automatically.
- — select the checkbox to notify administrator on malware detection after scheduled scanning. Enter the Email for notifications in the field that will open.
- Select the checkbox — select the check box to use an external SMTP server instead of common php mail() function. SMTP server — enter the URL of the SMTP-server; SMTP user — enter user login of the SMTP-server; SMTP password — enter the user password of the SMTP-server; SMTP port — enter the port to connect to the SMTP-server. Enable the option Enable SSL for SMTPwhen SMTP connection needs to go over SSL.
- Banner settings:
- Select the Malware detection banner checkbox to show the banner in ISPmanager upon malware detection.
- Select the Misconfigured notifications banner checkbox to show the banner in ISPmanager when email notifications are not configured.
- Number of days to keep sets a period in days to keep original versions of cleaned files. This option is available only in the Premium version. Possible values: "7", "14", "30".
- Trim malicious files instead of deleting it — select the checkbox not to files when malware is detected but trim it instead. The website will work correctly after automatic scanning if malicious files are not included into another files or database. This option is available only in the Premium version.
Navigate to Tools→ ImunifyAV (ex. Revisium).
There are two scanning modes:
- By users — the system will check domain directories for viruses and domain reputation for blacklist statuses.
- By domains — the system will check user directories including all domains. Domain reputation is not checked.
To change the mode click By user or By domains.
To start the scanning process, click the following buttons:
- Scan all — scan all domains/users;
- Scan — scan the selected domain/user only.
If the system detects malware objects, the infected domain/user will be marked as "infected". You will see the following buttons on the toolbar:
- Report — view the detailed report to see detected files;
- Cleanup— cure the files according to the scanning settings.
Once completed, the status in the list of domains/users will change into "Cured". You will show the number of cured threads, date and time when the clean processes started. Clicking the "Undo" button will restore the files back.
You can undo the operation only for all cured domains/users that have original copies. You cannot restore a single file.
Copies of the files before they were cured are stored in the temporary directory usr/local/mgr5/var/raisp_data/backups/.
ImunifyAV logs are stored in /usr/local/mgr5/var/raisp_data/log. /usr/local/mgr5/var/raisp_data/log.