Config File Description

ImunifyAV(+) config file is available on the following location after installation:

/etc/sysconfig/imunify360/imunify360.config

In the config file it is possible to set up ImunifyAV(+) configuration. The following options are available:

MALWARE_SCANNING:
max_signature_size_to_scan: 1048576 # max file size to scan in the standard mode; value is set in bytes
max_cloudscan_size_to_scan: 10485760 # max file size to scan in the cloud-assisted (by hashes) mode; value is set in bytes
max_mrs_upload_file: 10485760 # max file size to upload to CloudLinux malware research service; value is set in bytes
detect_elf: False # enable (True) or disable (False) (default value) binary (ELF) malware detection
sends_file_for_analysis: True # send (True) (default value) or not (False) malicious and suspicious files to the Imunify team for analysis
cloud_assisted_scan: True # speed up scans by check file hashes using cloud database
rapid_scan: True # speeds up (True) (default value) ot not (False) repeated scans based on smart re-scan approach, local result caching and cloud-assisted scan.
rapid_scan_rescan_unchanging_files_frequency: null # defines what part of all files will be rescanned during each scan. For example, if set 10 then 1/10 part of all files will be rescanned. The default value `null` - means "choose frequency based on scan schedule". E.g. month - 1, week - 5, day - 10.
hyperscan: True # allows to use (True) the regex matching Hyperscan library in Malware Scanner to greatly improve the scanning speed. True is the default value. Hyperscan requires its own signatures set that will be downloaded from the files.imunify360.com and compiled locally.
Platform requirements:
* Hyperscan supports Debian, Ubuntu and CentOS/CloudLinux 7 and later.
* SSE3 processor instructions support. It is quite common nowadays, but may be lacking in virtual environments or in some rather old servers.
ERROR_REPORTING:
enable: True # automatically report errors to the Imunify team
MALWARE_SCAN_INTENSITY:
cpu: 2 # intensity level for CPU consumption. Can be set from 1 to 7, default is 2
io: 2 # intensity level for file operations. Can be set from 1 to 7, default is 2
ram: 2048 # intensity level for RAM consumption. Minimum value is 1024, default is 2048
MALWARE_SCAN_SCHEDULE:
day_of_month: <next day after installation> # when the background scan shall start, day of the month. Can be from 1 to 31, the default value is the <next day after installation>.
day_of_week: 0 # when the background scan shall start, day of the week. Can be from 0 to 7 (0 for Sunday, 1 for Monday..., 7 for Sunday (again)), the default value is 0
hour: 3 # when the background scan shall start, hour. Can be from 0 to 23, the default value is 3
interval: MONTH # interval of scan. Supported values: strings `NONE` (no scan), `DAY`, `WEEK`, `MONTH`, the default value is `MONTH`
MALWARE_CLEANUP:
trim_file_instead_of_removal: True # do not remove infected file during cleanup but make the file zero-size (for malwares like web-shells) (True) (default value)
keep_original_files_days: 14 # the original infected file is available for restore within the defined period. The default is 14 days. The minimum value is one day.
ADMIN_CONTACTS:
emails: youremail@email.com # your email to receive reports about critical issues, security alerts or system misconfigurations detected on your servers.
PERMISSIONS:
support_form: True # show (True) (the default value) or hide (False) the Support icon in the ImunifyAV(+) UI.
user_ignore_list: True # show (True) (the default value) or hide (False) the Ignore List tab for end-users in the ImunifyAV(+) UI.
allow_malware_scan: False # enable (True) or disable (False) (the default value) “scan” action in the UI of the end-user.
upgrade_button: True# enable (True - the default value) or disable (False) the Imunify upgrade button.
RESOURCE_MANAGEMENT:
ram_limit: 500 # set RAM consumption limit for ImunifyAV(+) in MB
io_limit: 2 # set IO consumption limit for ImunifyAV(+) in MB
cpu_limit: 2 # set CPU consumption limit for ImunifyAV(+) in MB.

How to apply changes from CLI

In order to apply changes via command-line interface (CLI), you can use the following command:

imunify-antivirus config update '{"SECTION": {"parameter": value}}'

For example, if you want to set MALWARE_SCAN_INTENSITY.cpu = 5 from a command line, then you should execute the following command:

imunify-antivirus config update '{"MALWARE_SCAN_INTENSITY": {"cpu": 5}}'

Overridable config

Starting from ImunifyAV(+) v.5.8, we introduce the overridable config which provides the ability to provision default config for the whole fleet of Imunify servers and keep the ability for fine-tuning each particular server depending on its requirements.

Configs organization:

  • A new directory for custom configs. The local overrides of the main config are put there: /etc/sysconfig/imunify360/imunify360.config.d/
  • The old config /etc/sysconfig/imunify360/imunify360.config is now linked to the imunify360.config.d/90-local.config. It contains changes made through UI as well as through CLI.
  • Configs in that directory will override the imunify360-base.config and each other in lexical order. First-level "sections" (like FIREWALL) are merged, while second-level "options" (like FIREWALL.TCP_IN_IPv4) are replaced completely.

This way you can keep your local customizations, but still be able to rollout the main config.

The CLI command to check the default configuration before merging with 90-local.config:

imunify-antivirus config show defaults

Here is an example of custom server configuration:

imunify360-base.config

Provided by Imunify installation. Contains default recommended configuration
FIREWALL:
TCP_IN_IPv4:
- '20'
- '8880'
port_blocking_mode: ALLOW
imunify360.config.d/50-common.config

Provisioned by server owner to the fleet of servers.
FIREWALL:
TCP_IN_IPv4:
- '20'
- '21'
port_blocking_mode: DENY
imunify360.config.d/90-local.config

Contains local customization per server individually.
FIREWALL:
TCP_IN_IPv4:
- '20'
- '22'
- '12345'

The resulting (merged) configuration will look like this:

FIREWALL:
  TCP_IN_IPv4:
  - '20'
  - '22'
  - '12345'
  port_blocking_mode: DENY

The mechanics is as follows: first-level "sections" - for example FIREWALL are merged, while second-level "options" - for example FIREWALL.TCP_IN_IPv4 are replaced completely.

Those who don’t need this type of overridable configs can continue using custom configurations in the /etc/sysconfig/imunify360/imunify360.config.

This feature is backward compatible.