ImunifyAV is an intelligent antivirus and security monitoring tool for websites with one-click automatic malware cleanup, domains reputation monitoring and blacklist status check.
ImunifyAV is available as a Free and a Premium (ImunifyAV+) version.
Free version includes a fully-featured malware file scanner, reputation and blacklist status monitoring. No trial period, no scanning limits.
Premium edition enables one-click automatic cleanup, scheduled websites check, admin users notifications on malware detection, priority domain reputation check and blacklisting status. It also enables access permission configuration, integration with Subscriptions and introduces a new User tab with a summary and website scanning results grouped by users.
Feature / Edition | Free | Premium (AV+) |
Intelligent malware file scanner | ✔ | ✔ |
Domain monitoring and reputation check | ✔ | ✔ |
One-click automatic malware cleanup | ✔ | |
Scheduled and regular websites scanning | ✔ | |
Email notification on malware detection | ✔ | |
Priority domain reputation check | ✔ | |
New Users tab with scanning summary and infection status | ✔ | |
Antivirus integration with Service Plans/Subscriptions: enable/disable antivirus features for Subscriptions | ✔ |
Premium and Shared Hosting editions come with per-server licenses: unlimited number of domains.
In case if you have any questions, proposal or feedback feel free to contact us via Zendesk.
In order to scan your websites for malware using the ImunifyAV all you need is to install the extension from Plesk Marketplace, open the Domains tab and click the Scan All.
It will queue tasks to scan a complete list of websites for viruses, backdoors, web-shells, hacker’s scripts, phishing pages and other malware and run the process of websites scanning depending on specified number of concurrent scanning threads (1, 2 or 4) in the Settings tab. Also it will check each domain for blacklist status in search engines and antivirus services.
Another option is to click the Scan button next to the particular website to check the single website for malware and blacklist status.
In order to prevent server resources overload during scanning a set of websites the antivirus extension queues the scanning tasks and runs them with respect to the configured resources limitations (Max working threads in the Settings tab).
Take into consideration that default settings may not be optimal in terms of scanning speed so we would recommend to check the Settings tab before start and adjust the following parameters manually to set optimal values for better performance (or less server load).
Note
The Max working threads is limited by a half of CPU core number on server. So the 1 or 2 CPU cores gives one working thread as maximum.
When the scanning process is finished, check infection statuses of your websites. If everything in the report is green, congrats! It usually means your websites are neither compromised nor infected and blacklisted.
If you’ve noticed some “red alerts” next to the domain most likely it means the particular website is compromised and infected. Click the View Report button and see the details.
If you see some “orange alerts” next to the domain and Domain blacklisted notice it means the domain is blacklisted in either search engines or antivirus services. Click the View Report button to see blacklist status details.
The detailed report shows you the list of detected malware and domain blacklist status.
In the Premium version of the Antivirus you can clean the malware automatically using the Clean Malware button.
Watch the quick demo on how it works and then try it on your own.
In order to scan your websites for malware using the ImunifyAV all you need is to click the ImunifyAV icon under the particular domain and then click the Scan button.
When you click the Scan button the Antivirus queues a scanning task and runs it when server resources are available (it may start immediately or with some delay). The resources are configured by server admin so there might be a queue for the scanning process. The queue lets all users checking their websites on demand without server overload. Thus if you see Queued in the status column – everything is OK, scanning will start as soon as the resources are available or another scanning is finished.
Upon completion check the status. If the report shows a green icon, congrats, it usually means your website is not compromised and clean.
If you’ve noticed some “red alerts” next to the domain most likely it means the particular website is compromised and infected. Click the View Report button and see the details.
If you see some “orange alerts” next to the domain and Domain blacklisted notice it means the domain is blacklisted in either search engines or antivirus services. Click the View Report button to see blacklist status details.
Watch the quick demo on how it works.
The screen below explains controls on the Domain tab.
Once you have paid for the Premium version of antivirus in Plesk Extension directory you receive a confirmation mail with details and activation link. If you have already followed those steps and still have not got the Premium version try manual activation:
Login in as Administrator to the Plesk panel. Go to Tools & Settings -> License Management
Click the Retrieve Keys
You will see the screen like below
Ensure that you have a license for the ext-revisium-antivirus
under the Additional License Keys tab
Congrats! Now you are ready to experience Premium version of the ImunifyAV. Check the About tab to ensure that the Premium version is enabled.
In case of any issues with purchasing or activating extension contact Support at https://cloudlinux.zendesk.com/hc/en-us/requests/new.
ImunifyAV works as a regular antivirus: it looks for the malicious piece of code in the files of a website while scanning and shows infected files in the report when the scanning finishes. If the user selects to cleanup malware, then the antivirus either removes a piece of malicious injection in the file or removes the entire file depending on the detected threat.
If the entire file is a web-shell or doorway or some other type of malicious file, then antivirus removes it entirely. If there’s only a small injection at the beginning or at the end, or somewhere in the middle of the file, the exact malicious piece of code will be removed, but the rest content is left unchanged. Generally, the antivirus removes the malware and keeps a website up and running.
There’s an option in the settings which defines whether the file is to be removed or just truncated (content of the file is completely removed but the file itself is left on the file system empty and has zero file length).
The truncation is safer than removal because if the file is included in a database template or some other system file or a config file then the website might become broken after a cleanup. Therefore the antivirus uses a safer cleanup by default to keep the website working properly all the time. But one can disable this option in the Settings so the antivirus will remove the file completely in case the entire file is malware.
ImunifyAV is a comprehensive malware detection and removal tool. Website protection is not a part of the Antivirus.
ImunifyAV can effectively detect any type of website malware and remove it automatically using “one-click” cleanup, but it does not provide a proactive protection from future hacks and web-attacks. Therefore we strongly recommend to “harden” your websites after malware removal:
It is good to hear that everything in the report has “green” status.
Just follow the recommendations on websites security to keep them safe and secured. And do not forget to re-scan your websites on a regular basis.
If you are server admin we recommend to schedule re-scanning in the Settings tab so the Antivirus will be checking websites for malware automatically with selected interval. This option is available in the Premium version of the extension.
First of all – keep calm and check the detailed report.
Click the View Report button next to the “red” mark and check the list of detected malware.
Depending on your expertise and experience in web development you may resolve it in different ways.
Check the options below.
Option 1: In the Premium version of the ImunifyAV you can click the Clean Malware button and it will remove the malware automatically. The Antivirus will keep your website up and running after the malware cleanup. It keeps original files for configured period of time (7 days by default) in its backup folder so you can restore them via the Undo button next to the website.
The cleanup report looks like this:
So try automatic one-button malware cleanup in the Premium version of the ImunifyAV.
Option 2: If you are an experienced webmaster and using the Free version of the Antivirus you can manually check the files one-by-one in the Plesk File Explorer or in your favourite FTP software to be sure that the listed files are not legitimate and contain the viruses. Just remove the malicious injections or entire file if it’s malicious. We recommend to create a backup of the entire website before any changes just to be sure that you could restore any changed file when needed.
There's a small chance that you may face so-called “false-positives” while scanning the websites for malware i.e. when antivirus software marks a legitimate file as malicious because the file may contain some specific piece of code previously noticed in malware.
Just send us the file and we will include it into the exceptions list of the Antivirus so it will never show up in the report after the antivirus update.
The Antivirus scanning performance mostly depends on server performance. But the default configuration of the Antivirus may not be optimal so we would recommend server admins to adjust the default settings for better performance. Just open the Settings tab and check the current parameters.
Strong recommendation for server admins managing servers with 4 or more number of CPU cores or lots of websites installed to change the Max working threads option.
As the opposite, if you feel that the Antivirus consumes lots of server resources just decrease the Max working threads parameters and the Max allocated memory… parameter.
In the Settings tab you can enable the auto-update option of the Antivirus databases.
Another way for quick update of the ImunifyAV(+) databases is to open the About tab and click the Update Databases.
Also we recommend for server admins checking the ImunifyAV extension for a newer version just to keep the core files up-to-date.
We do our best to keep the Antivirus database frequently updated and complete in order to detect as many threats as possible. But still there might be a small chance that some newly released malicious files are not yet in the database. Or there might be also another drawbacks:
If you found a malicious file which has not been detected by antivirus, please send it to us via https://cloudlinux.zendesk.com/hc/en-us/requests/new.
Thanks!
You can find the ImunifyAV log file here: /usr/local/psa/var/modules/revisium-antivirus/revisium-antivirus-local.log
Sometimes you can face the issue that during scanning the scan process failed on one domain. And Dashboard says "scan failed" without an error message.
In most cases, the site is large and the scan was terminated due to timeout.
You can try to check records in the /usr/local/psa/admin/logs/panel.log
and in the /usr/local/psa/var/modules/revisium-antivirus/revisium-antivirus-local.log
log files.
Please consider increasing the Scanning timeout
value in the ImunifyAV settings and re-run the scan engine.
If you purchased the license for the Premium version and cannot activate the key, check this section.
When you click the Scan button it doesn’t start immediately, it queues the task to scan the website. You should see the Queued status in the line. Once the server resources are available it starts scanning and displaying a progress.
Check the Malware Removal report to see the details. There might be the following reasons:
Scheduled re-scanning of files starts at specified time only if it’s been more than 24 hours since last website scanning. So if you would not scan it manually it will be checked the day after.
Order of websites scanning depends on two things:
For your convenience we would recommend sorting the table by the State column. Just click it to reorder.
Please, follow the steps to gather information for analysis and send it to us.
This topic explains how to resolve the issue with one-click automatic cleanup in the 2.0-x version.
When administrator of server purchased the license and tries to cleanup malware within 24 hours since the purchase it gets “Failed to remove malware…”.
Background process is restarted every 24 hours and updates the license information on restart. So until restart it will keep old license type.
Administrator needs to restart the background process. There’re several ways to do this:
Wait for 24 hours, or
Change the Max working threads under the Settings tab and Save settings, or
Re-install ImunifyAV, or
Kill the process named ra_executor.php
, it will be restarted in a couple of minutes.
kill -9 `ps aux | grep 'ra_exec' | awk {'print$2'}`
All these actions will restart the background process of antivirus and reload the license. This issue will be fixed in the upcoming release. We’re already working on it.
ImunifyAV for Plesk is managed as a common Plesk extension. It could be removed from Extensions -> My Extensions -> Remove
If you’ve experiencing some unusual behavior or faced with issues we appreciate if you could provide details on the issue for analysis at https://cloudlinux.zendesk.com/hc/en-us/requests/new:
/usr/local/psa/admin/logs/panel.log
– Plesk panel debug log (see below how to collect it)/usr/local/psa/var/modules/revisium-antivirus/ra.db
(antivirus database)/usr/local/psa/var/modules/revisium-antivirus/ra_cache.db
(antivirus database cache)/usr/local/psa/var/modules/revisium-antivirus/revisium-antivirus-local.log
(antivirus log)Open Plesk config file /usr/local/psa/admin/conf/panel.ini
and add the following lines:
[log]
filter.priority=7
You might also need to enable the Plesk debug mode. You can do so by adding the following lines:
[debug]
; Enable debug mode (do not use in production environment)
enabled = on
You might also need to enable logging of utilities calls. You can do so by adding the following lines:
; Enable logging of external utilities calls
show.util_exec = on
; Enable logging of stdin and stdout for external utilities calls (do not use in production environment)
show.util_exec_io = on
See the Plesk's KB for more information: https://support.plesk.com/hc/en-us/articles/213408889-How-to-enable-disable-Plesk-debug-mode
It may look like this:
If you do not have the /usr/local/psa/admin/conf/panel.ini
file, just create an empty one and add the lines as described above.
After that, reproduce the issue and send us a packed (zipped) log located at the /usr/local/psa/admin/logs/panel.log
.
If you have huge log (greater than 50Mb), you can obtain the last 15000 lines using the command:
tail -15000 /usr/local/psa/admin/logs/panel.log > debug_log.txt
then just zip the file debug_log.txt
and send us the debug_log.zip
file.
After that, remove the lines from the plesk.ini
:
[log]
filter.priority=7
or change the value to the default one (usually – filter.priority=3
).