Skip to main content

ImunifyAV problem stop scanning after 10 min

Comments

9 comments

  • lm s

    same problem on multiple servers

    0
  • cPRex Jurassic Moderator

    Hey there!  Do you see any additional details inside the Imunify log at /var/log/imunify360/error.log?  That would be the first place to check to see if there is more information about this type of behavior.

    0
  • Unnamed User

    I don't think it's a server issue because it behaves exactly the same on two different servers that have no relation to each other.

    -- Server1:

    tail -n 20 /var/log/imunify360/error.log

    WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/4c1a8f15726d4f53a5de812b9ffad770
    WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/43fa16924b924dd89346c5dad01863ec
    WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/4f105fdfddaa48cba7ebdb026a8ed2b0
    WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/a8cb9fb0f21440f0b29e1f3ae2759d6a
    WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/57083c5fa5fb4706b903510c603280cb
    WARNING [2024-06-04 20:26:32,562] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/704bf61beff3487e996993ca378730cb
    WARNING [2024-06-04 20:26:32,563] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/cc6d0148377349bd98cdd5a7e08c009a
    WARNING [2024-06-04 20:27:02,596] imav.malwarelib.scan.ai_bolit.detached: Cannot find the aibolit process to kill (43db065ea39e4405a5cc9fd2ef052cfe): FileNotFoundError(2, 'No such file or directory'). Assuming it's already dead.
    WARNING [2024-06-04 20:27:02,596] imav.malwarelib.scan.ai_bolit.detached: No such directory: /var/imunify360/aibolit/run/43db065ea39e4405a5cc9fd2ef052cfe
    WARNING [2024-06-04 20:27:09,651] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
    WARNING [2024-06-04 20:31:01,527] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
    WARNING [2024-06-04 20:38:09,040] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
    WARNING [2024-06-04 20:38:09,041] defence360agent.internals.the_sink: There is still 6 unprocessed messages in the queue
    WARNING [2024-06-04 20:46:21,369] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
    WARNING [2024-06-04 21:30:33,514] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
    WARNING [2024-06-04 21:31:39,514] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
    WARNING [2024-06-04 21:37:32,919] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
    WARNING [2024-06-04 22:00:30,212] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]
    WARNING [2024-06-04 22:17:29,628] defence360agent.plugins.idle_time_out: Shutting down due to inactivity.
    WARNING [2024-06-04 22:27:26,044] defence360agent.rpc_tools.validate: Validation error with command ('ip-list', 'local', 'list'), params {'limit': 1}, errors ["field: '('ip-list', 'local', 'list')', value: '{'limit': 1}', error: unknown field"]

    0
  • cPRex Jurassic Moderator

    Thanks for the additional details.  Unfortunately I'm not finding similar errors on my end when I search - would you be able to submit a ticket so the server can be examined?

    0
  • Unnamed User

    in server2:

    WARNING [2024-06-04 23:05:43,594] imav.malwarelib.utils.malware_response: Attempt 1/8: failed uploading file /home/infomlr/public_html/demo001/media/vendor/codemirror/mode/commonlisp/commonlisp.js, reason: Failed to post /home/infomlr/public_html/demo001/media/vendor/codemirror/mode/commonlisp/commonlisp.js to https://api.imunify360.com/api/v1/upload: curl: cmd=[b'/opt/alt/curlssl11/usr/bin/curl', b'-HI360-Id: IMUNIFYAV', b'-HI360-Limit: -1', b'-HI360-Status: ok-av', b'-HI360-Token-Expire-Utc: 4699257665', b'-HI360-Token-Created-Utc: 1543584065', b'-HI360-Sign: YjEop2TG1OoeX5K9V3RidiFh7bZgM7Qu1fgoG4HUI7vzWZbTQVY7K/cWsMVcD0hPAvaw4sttL87Av9Pz47sx74v57HCmfZ0HSuVQugEbWaHmc5X8vOnCH6AgfILE57P/snG+hkNZ/EpGQ0TdfaOhIapIzdKdDBAMEI+W8QSba3wPVxPSgz74EXpDbB0mjWeTIigvToejWLtiad3ZsaGBoV+jgyP33A+r8wgZ0TDNk1c9FmHz2XnbrH8uz3whJtlSJp2rVGqGcXQQEPRCUl1NLYHxllWs6fVBKwYH59CQQAt/Vo6Ab9Bg6+GGERVrQ7ezaD+85IIYkHO7l8s+gSnbwf73VyQ3Zb7c+DLuwFgF+DTLbrhaCheQXBBpAv7k+l8rDIHaw80ESAmgjRgYX2EKulGNydyIcVwKC5eDLLFOJBEPoSmRCCJ2l2vMAFiyA0T377oJNw/PNXevc7AWwUFdrAaCUlI8RfhYUBrBqJYPha7AIQvmQcYS/419sKPNNtAAUMwhbDsY04HedHXYWdbz2VaSV+emFL9mBzmKqEFSYpwrM+SseeXaWsXKH8vsKvyHAolD/h6Fh3E0SP3tY8FW9b/dq39auxXJsJifF58VVL9iJZ7N8p87507yUojSYIpRif/jA920LPmIFhjAU/tDa0i1Yzvun6gF6mHEvwmODfs=', b'-HI360-Upload-Reason: extended-suspicious', b'--max-time', b'3600', b'--form', b'file=@"/home/infomlr/public_html/demo001/media/vendor/codemirror/mode/commonlisp/commonlisp.js";filename="%2Fhome%2Finfomlr%2Fpublic_html%2Fdemo001%2Fmedia%2Fvendor%2Fcodemirror%2Fmode%2Fcommonlisp%2Fcommonlisp.js"', b'--fail', b'--silent', b'--show-error', b'https://api.imunify360.com/api/v1/upload'], rc=22, out=b'', err=b'curl: (22) The requested URL returned error: 504\n'. Retrying in 0.5 seconds

    ..
    This message is repeated as the same message appears on other accounts.

    0
  • cPRex Jurassic Moderator

    What happens when you run this command on your server?

    curl -v https://api.imunify360.com/api/v1/upload
    0
  • Unnamed User

    The problem was solved with what you see in the following gif image:

    0
  • cPRex Jurassic Moderator

    It's interesting that disabling that option took care of the issue - thanks for sharing!

    0
  • Unnamed User

    It is a solution that we observed on at least three dedicated servers that does not stop the scanning and proceeds without issues. Since the problem was identified around May 28, 2024, we speculate that it is related either to cxs, specifically in the section: cxs IP Reputation System (enabled), csf BLOCKLIST service, or to possible misconfigurations of the remote servers of the company Imunify AV, which possibly made changes to their systems around May 28. It would be good for the company that develops the program to perform a debug to ensure this tick feature (enable Sentry error reporting) works without problems because certainly, many other users will likely experience the same issue.

    Best Regards

    0

Please sign in to leave a comment.