ImunifyAV problem stop scanning after 10 min
Hi, I have ImmunifyAV+ installed on two servers, and I’ve purchased a monthly license. The issue is that when I set it to scan approximately 130 accounts, after about 10 minutes, it stops scanning. It only scans the first 10 accounts, and the scanning process doesn’t continue for the remaining accounts. We’ve observed this problem on both servers for about a week.
Is there any fix you could provide for this specific issue?
-
same problem on multiple servers
0 -
Hey there! Do you see any additional details inside the Imunify log at /var/log/imunify360/error.log? That would be the first place to check to see if there is more information about this type of behavior.
0 -
I don't think it's a server issue because it behaves exactly the same on two different servers that have no relation to each other.
-- Server1:tail -n 20 /var/log/imunify360/error.log
WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/4c1a8f15726d4f53a5de812b9ffad770
WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/43fa16924b924dd89346c5dad01863ec
WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/4f105fdfddaa48cba7ebdb026a8ed2b0
WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/a8cb9fb0f21440f0b29e1f3ae2759d6a
WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/57083c5fa5fb4706b903510c603280cb
WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/704bf61beff3487e996993ca378730cb
WARNING [2024-06-04 20:26:32,563] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/cc6d0148377349bd98cdd5a7e08c009a
WARNING [2024-06-04 20:27:02,596] imav.malwarelib.scan.ai_bolit.detached: Cannot find the aibolit process to kill (43db065ea39e4405a5cc9fd2ef052cfe): FileNotFoundError(2, 'No such file or directory'). Assuming it's already dead.
WARNING [2024-06-04 20:27:02,596] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/43db065ea39e4405a5cc9fd2ef052cfe
WARNING [2024-06-04 20:27:09,651] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
WARNING [2024-06-04 20:31:01,527] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
WARNING [2024-06-04 20:38:09,040] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
WARNING [2024-06-04 20:38:09,041] defence360agent.internals.the_sink: There is still 6 unprocessed messages in the queue
WARNING [2024-06-04 20:46:21,369] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
WARNING [2024-06-04 21:30:33,514] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
WARNING [2024-06-04 21:31:39,514] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
WARNING [2024-06-04 21:37:32,919] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
WARNING [2024-06-04 22:00:30,212] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
WARNING [2024-06-04 22:17:29,628] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
WARNING [2024-06-04 22:27:26,044] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]0 -
Thanks for the additional details. Unfortunately I'm not finding similar errors on my end when I search - would you be able to submit a ticket so the server can be examined?
0 -
in server2:
WARNING [2024-06-04 23:05:43,594] imav.malwarelib.utils.malware_response: Attempt 1/8: failed uploading file /home/infomlr/public_html/demo001/media/vendor/codemirror/mode/commonlisp/commonlisp.js, reason: Failed to post /home/infomlr/public_html/demo001/media/vendor/codemirror/mode/commonlisp/commonlisp.js to https://api.imunify360.com/api/v1/upload: curl: cmd=[b'/opt/alt/curlssl11/usr/bin/curl', b'-HI360-Id: IMUNIFYAV', b'-HI360-Limit: -1', b'-HI360-Status: ok-av', b'-HI360-Token-Expire-Utc: 4699257665', b'-HI360-Token-Created-Utc: 1543584065', b'-HI360-Sign: YjEop2TG1OoeX5K9V3RidiFh7bZgM7Qu1fgoG4HUI7vzWZbTQVY7K/cWsMVcD0hPAvaw4sttL87Av9Pz47sx74v57HCmfZ0HSuVQugEbWaHmc5X8vOnCH6AgfILE57P/snG+hkNZ/EpGQ0TdfaOhIapIzdKdDBAMEI+W8QSba3wPVxPSgz74EXpDbB0mjWeTIigvToejWLtiad3ZsaGBoV+jgyP33A+r8wgZ0TDNk1c9FmHz2XnbrH8uz3whJtlSJp2rVGqGcXQQEPRCUl1NLYHxllWs6fVBKwYH59CQQAt/Vo6Ab9Bg6+GGERVrQ7ezaD+85IIYkHO7l8s+gSnbwf73VyQ3Zb7c+DLuwFgF+DTLbrhaCheQXBBpAv7k+l8rDIHaw80ESAmgjRgYX2EKulGNydyIcVwKC5eDLLFOJBEPoSmRCCJ2l2vMAFiyA0T377oJNw/PNXevc7AWwUFdrAaCUlI8RfhYUBrBqJYPha7AIQvmQcYS/419sKPNNtAAUMwhbDsY04HedHXYWdbz2VaSV+emFL9mBzmKqEFSYpwrM+SseeXaWsXKH8vsKvyHAolD/h6Fh3E0SP3tY8FW9b/dq39auxXJsJifF58VVL9iJZ7N8p87507yUojSYIpRif/jA920LPmIFhjAU/tDa0i1Yzvun6gF6mHEvwmODfs=', b'-HI360-Upload-Reason: extended-suspicious', b'--max-time', b'3600', b'--form', b'file=@"/home/infomlr/public_html/demo001/media/vendor/codemirror/mode/commonlisp/commonlisp.js";filename="%2Fhome%2Finfomlr%2Fpublic_html%2Fdemo001%2Fmedia%2Fvendor%2Fcodemirror%2Fmode%2Fcommonlisp%2Fcommonlisp.js"', b'--fail', b'--silent', b'--show-error', b'https://api.imunify360.com/api/v1/upload'], rc=22, out=b'', err=b'curl: (22) The requested URL returned error: 504\n'. Retrying in 0.5 seconds
..
This message is repeated as the same message appears on other accounts.0 -
What happens when you run this command on your server?
curl -v https://api.imunify360.com/api/v1/upload
0 -
The problem was solved with what you see in the following gif image:
0 -
It's interesting that disabling that option took care of the issue - thanks for sharing!
0 -
It is a solution that we observed on at least three dedicated servers that does not stop the scanning and proceeds without issues. Since the problem was identified around May 28, 2024, we speculate that it is related either to cxs, specifically in the section: cxs IP Reputation System (enabled), csf BLOCKLIST service, or to possible misconfigurations of the remote servers of the company Imunify AV, which possibly made changes to their systems around May 28. It would be good for the company that develops the program to perform a debug to ensure this tick feature (enable Sentry error reporting) works without problems because certainly, many other users will likely experience the same issue.
Best Regards0
Please sign in to leave a comment.
Comments
9 comments