ImunifyAV for please is managed as a common Plesk extension. It could be removed from Extensions -> My Extensions -> Remove

Extension for Plesk Onyx Hosting Panel
ImunifyAV for please is managed as a common Plesk extension. It could be removed from Extensions -> My Extensions -> Remove
This topic explains how to resolve the issue with one-click automatic cleanup in 2.0-x version.
When administrator of server purchased the license and tries to cleanup malware within 24 hours since the purchase it gets “Failed to remove malware…”.
Background process is restarted every 24 hours and updates the license information on restart. So until restart it will keep old license type.
Administrator needs to restart the background process. There’re several ways to do this:
kill -9 `ps aux | grep 'ra_exec' | awk {'print$2'}`
All these actions will restart the background process of antivirus and reload the license.
This issue will be fixed in the upcoming release. We’re already working on it.
ImunifyAV works as a regular antivirus: it looks for the malicious piece of code in the files of a website while scanning and shows infected files in the report when the scanning finishes. If the user selects to cleanup malware, then the antivirus either removes a piece of malicious injection in the file or removes the entire file depending of the detected threat.
If the entire file is a web-shell or doorway or some other type of malicious file, then antivirus removes it entirely. If there’s only a small injection at the beginning or at the end, or somewhere in the middle of the file, the exact malicious piece of code will be removed, but the rest content is left unchanged. Generally, the antivirus removes the malware and keeps a website up and running.
There’s an option in the settings which defines whether the file is to be removed or just truncated (content of the file is completely removed but the file itself is left on the file system empty and has zero file length).
The truncation is safer than removal because if the file is included in a database template or some other system file or a config file then the website might become broken after a cleanup. Therefore the antivirus uses a safer cleanup by default to keep website working properly all the time. But one can disable this option in the Settings so the antivirus will remove the file completely in case the entire file is malware.
If you’ve experiencing some unusual behavior or faced with issues we appreciate if you could provide details on the issue for analysis to [email protected]:
Open plesk config file /usr/local/psa/admin/conf/panel.ini and add the following lines
[log] filter.priority=7
It may look like this:
If you do not have the file /usr/local/psa/admin/conf/panel.ini, just create empty one and add the lines as described above.
After that reproduce the issue and send us packed (zipped) log located at /usr/local/psa/admin/logs/panel.log
If you have huge log (greater than 50Mb), you can obtain the last 15000 lines using the command
tail -15000 /usr/local/psa/admin/logs/panel.log > debug_log.txt
then just zip the file debug_log.txt and send us the debug_log.zip file.
After that remove the lines from plesk.ini
[log] filter.priority=7
or change the value to default one (usually – filter.priority=3).
Once you have payed for the Premium version of antivirus in Plesk Extension directory you receive a confirmation mail with details and activation link. If you have already followed those steps and still have not got the Premium version try manual activation:
2. Click the Retrieve Keys
3. You see the screen like below
4. Ensure that you have a license for ext-revisium-antivirus under “Additional License Keys” tab
5. Congrats! Now you are ready to experience Premium version of the ImunifyAV (ex. Revisium Antivirus). Check the About tab to ensure that the Premium version is enabled.
In case of any issues with purchasing or activating extension contact Plesk Support at [email protected].
ImunifyAV (ex. Revisium Antivirus) is a comprehensive malware detection and removal tool. Website protection is not a part of the antivirus.
ImunifyAV can effectively detect any type of website malware and remove it automatically using “one-click” cleanup, but it does not provide a proactive protection from future hacks and web-attacks. Therefore we strongly recommend to “harden” your websites after malware removal:
Or order a professional website security service at Revisium.com which includes:
Request the service at revisium.com.
If you purchased the license for Premium version and cannot activate the key, check this section.
When you click the “Scan” button it doesn’t start immediately, it queues the task to scan the website. You should see “Queued” status in the line. Once the server resources are available it starts scanning and displaying a progress.
Check the Malware Removal report to see the details. There might be the following reasons:
Scheduled re-scanning of files starts at specified time only if it’s been more than 24 hours since last website scanning. So if you would not scan it manually it will be checked the day after.
Order of websites scanning depends on two things:
For your convenience we would recommend sorting the table by “State” column. Just click it to reorder.
Please, follow the steps to gather information for analysis and send it to us.
The screen below explains controls on the “Domain” tab
Current version of the Antivirus check files in website folders but does not scan database or website pages so we’d also recommend checking websites using free online scanner – ReScan.Pro. It will detect security issues which the Revisium Antivirus cannot detect.
If you suspect the fact of server compromise we recommend to do the following steps immediately:
Or just order professional server security analysis and malware clean up service at Revisium.
We do our best to keep the Antivirus database frequently updated and complete in order to detect as much threats as possible. But still there might be a small chance that some of newly released malicous files are not yet in the database. Or there might be also another drawbacks:
If you found a malicious file which has not been detected by antivirus, please send it to us via https://drop.revisium.com
Thanks!
In the “Settings” tab you can enable auto-update option of the Antivirus databases.
Another way for quick-update of the A/V databases is to open the “About” tab and click the “Update Databases”.
Also we recommend for server admins checking the ImunifyAV extension for a newer version just to keep the core files up-to-date.
The Antivirus scanning performance mostly depends on server performance. But the default configuration of the Antivirus may not be optimal so we would recommend server admins to adust the default settings for better performance. Just open the “Settings” tab and check the current parameters.
Strong recommendation for server admins managing servers with 4 or more number of CPU cores or lots of websites installed to change the “Max working threads”.
As the opposite if you feel that the Antivirus consumes lots of server resources just decrease the parameters “Max working threads” and “Max allocated memory…”.
There’s small chance that you may face with so-called “false-positives” while scanning the websites for malware i.e. when antivirus software marks a legitimate file as malicious because the file may contain some specific piece of code previously noticed in malware.
Just send us the file and we will include it into the exceptions list of the Antivirus so it will never show up in the report after the antivirus update.
If antivirus has detected a file which is not malicious, please report a “false-positive” via https://drop.revisium.com (e.g. send the file via this service)
First of all – keep calm and check the detailed report.
Click the “View Report” button next to the “red” mark and check the list of detected malware.
Depending on your expertise and experience in web development you may resolve it in different ways. Check the options below.
So try automatic one-button malware cleanup in the Premium version of the ImunifyAV.
It is good to hear that everything in the report has “green” status.
Just follow the recommendations on websites security to keep them safe and secured. And do not forget to re-scan your websites on a regular basis.
If you are server admin we recommend to schedule re-scanning in the “Settings” tab so the Antivirus will be checking websites for malware automatically with selected interval. This option is available in the Premium version of the extension.
In order to scan your websites for malware using the ImunifyAV all you need is to click the “ImunifyAV” icothe n under particular domain and then click the “Scan” button.
When you click the “Scan” button the Antivirus queues a scanning task and runs it when server resources are available (it may start immediately or with some delay). The resources are configured by server admin so there might be a queue for the scanning process. The queue lets all users checking their websites on demand without server overload. Thus if you see “Queued” in the status column – everything is OK, scanning will start as soon as the resources are available or another scanning is finished.
Upon completion check the status. If the report shows a green icon, congrats, it usually means your website is not compromised and clean.
If you’ve noticed some “red alerts” next to the domain most likely it means the particular website is compromised and infected. Click the “View Report” button and see the details.
If you see some “orange alerts” next to the domain and “Domain blacklisted” notice it means the domain is blacklisted in either search engines or antivirus services. Click the “View Report” button to see blacklist status details.
Watch the quick demo on how it works:
In order to scan your websites for malware using the Revisium Antivirus all you need is to install the extension from Plesk Marketplace, open the “Domains” tab and click the “Scan All”.
It will queue tasks to scan a complete list of websites for viruses, backdoors, web-shells, hacker’s scripts, phishing pages and other malware and run the process of websites scanning depending on specified number of concurrent scanning threads (1, 2 or 4) in the Settings tab. Also it will check each domain for blacklist status in search engines and antivirus services.
Another option is to click the “Scan” button next to the particular website to check the single website for malware and blacklist status.
In order to prevent server resources overload during scanning a set of websites the antivirus extension queues the scanning tasks and runs them with respect to the configured resources limitations (“Max working threads” in the Settings tab).
Take into consideration that default settings may not be optimal in terms of scanning speed so we would recommend to check the “Settings” tab before start and adjust the following parameters manually to set optimal values for better performance (or less server load).
Notice: the “max working threads” is limited by a half of CPU core number on server. So the 1 or 2 CPU cores gives one working thread as maximum.
When the scanning process is finished check infection statuses of your websites. If everything in the report is green, congrats! It usually means your websites are neither compromised nor infected and blacklisted.
If you’ve noticed some “red alerts” next to the domain most likely it means the particular website is compromised and infected. Click the “View Report” button and see the details.
If you see some “orange alerts” next to the domain and “Domain blacklisted” notice it means the domain is blacklisted in either search engines or antivirus services. Click the “View Report” button to see blacklist status details.
The detailed report shows you the list of detected malware and domain blacklist status.
In the Premium version of the Antivirus you can clean the malware automatically using “Clean Malware” button.
Watch the quick demo on how it works and then try it on your own.