eComscan release history (changelog)
by Team Sansec
Published in Guides
This is a full list of fixes and improvements to our scanning software. eComscan will auto-update, so no manual action is required. eComscan releases will also be announced on our Twitter feed.
Note: this page only lists the functional changes to our monitoring software. We release updated signatures multiple times per day and your copy of eComscan will automatically use them. To not aid criminals, we do not publicly list signature additions.
v1.6.30 2024-05-07
- Add command line option for skipping paths during scans.
v1.6.29 2024-05-02
- Add experimental support for Magento 2 generated proxies.
v1.6.28 2024-04-26
- Add experimental support for Magento 2 generated factories.
- Ignore specific cache files
- Fix bug when submitting a file & running the auto-updater simultaneously
v1.6.27 2024-04-11
- Fix false-positive detections on generated interceptor scans.
- Raise trust on generated interceptors.
v1.6.26 2024-04-06
- Additional bugfixes to generated interceptor detection.
v1.6.25 2024-04-05
- Handle edge cases (whitespace, cyrillic) in Magento generated interceptor detections.
- Trim spaces on detected anomalies.
v1.6.24 2024-04-05
- Additional fixes to generated interceptor detection.
v1.6.23 2024-04-05
- Experimental support for detecting anomalies in Magento generated interceptors.
v1.6.22 2024-04-04
- Support for scanning Magento layout_update table.
v1.6.21 2024-03-15
- Fix an issue where multiple ecomscan processes would write to the same statefile.
v1.6.20 2024-03-13
- Bugfix causing scan process to hang in certain setups.
v1.6.19 2024-03-11
- Improve handling of secrets during scans.
v1.6.18 2024-03-04
- Properly derive Magento base URLs when table prefix is configured.
v1.6.17 2024-02-09
- Override API base URL via commandline.
- Support for OpenCart database scans.
v1.6.16 2024-01-09
- Produce less noise when unable to write report state to disk.
v1.6.15 2024-01-08
- Attach anonymous debug information when process crashes or times out.
v1.6.14 2023-12-14
- Fix false positive detection for Datadog.
v1.6.13 2023-12-11
- Upgrade Go to 1.21.5
- Remove debug output from interactive mode.
v1.6.12 2023-12-08
- Support scanning GTM containers with large IDs.
- ecomscan interactive: try harder to find a store on the system.
v1.6.11 2023-11-16
- Don't scan /proc, /dev and /sys
- Also suggest report email addresses found in environment.
- Exposed web root files are now classified as vulnerability.
- Interactive scans run with confidence threshold 10 by default.
v1.6.10 2023-10-31
- Now supports
ecomscan interactive
from a curl'ed script. - Fix control-c in interactive mode.
- Better email address suggestions in interactive.
v1.6.9 2023-10-23
- Fix config data not being scanned in certain older versions of Magento.
v1.6.8 2023-10-18
- Improve detection of malware hidden in config table on Magento 1.
v1.6.7 2023-10-05
- Better reporting for composite signature detections.
v1.6.6 2023-10-05
- Fix cron warning on Adobe Commerce Cloud.
v1.6.5 2023-10-03
- Update composer integrity check endpoint.
- eComscan is no longer reliant on GitHub for downloading its module blacklist.
- eComscan shows suggestion when no cron setup is detected.
ecomscan interactive
will guess/ask for scan arguments.
v1.6.4 2023-07-26
- Email improvements for trial users.
v1.6.3 2023-07-26
- Suggest to set up ecomscan monitoring, if not already done so.
- UI improvements for trial users.
v1.6.2 2023-07-04
- Scan auto_prepend_file and auto_append_file for malware.
v1.6.1 2023-06-29
- Fix regression in --version format
- Upgrade to Golang 1.20.5
v1.6.0 2023-06-29
- Added subcommands
submit
andupdate
(to replace --self-update and --submit-malware, --submit-whitelist) - Removed
--force-update
and addedupdate --force
- Removed option to read license key from stdin as it was not used
- Simplified auto-upgrade check
v1.5.0 2023-06-09
- Introducing a new trial mode, which is enabled when no license key is provided
- Improve composer integrity check performance
v1.4.55 2023-05-23
- Add external frontpages scan
- Fix crash when generating vendor state fails
v1.4.54 2023-05-19
- Show error when unused cli arguments are given
- Scan Magento 2's variable_value table (reported by Scandiweb)
v1.4.53 2023-05-16
- Don't report the same vulnerability/malware multiple times with symlink-based deployment setups.
v1.4.52 2023-04-11
- Performance optimization
v1.4.51 2023-04-07
- Minor bugfixes.
v1.4.50 2023-04-07
- Upgrade to go 1.20.3 (fixes minor DoS issue)
v1.4.49 2023-04-03
- Warn in CLI when no store configuration file is found
- Fix for WooCommerce configs with explicit db port specification
- Upgrade to go 1.20.2
v1.4.48 2023-03-02
- Signature detection improvements
v1.4.47 2023-02-28
- Fix: ignore GTM containers that don't exist (anymore)
v1.4.46 2023-02-28
- Fix: support for GTM containers with product settings
- Raised detection confidence for network shells
v1.4.45 2023-02-17
- Fix: don't crash on NULL in certain database rows.
v1.4.44 2023-02-17
- Fix: increase MySQL server write timeout to allow scanning very large tables.
- Fix: support for GTM multi container format.
v1.4.43 2023-02-14
- Set maximum number of processes depending on available CPUs.
- Set priority level uniformly across all processes.
- Deep scan for malware inside GTM containers found in database.
- Fix public webroot file detection when file is only available through / but not /pub.
- Report creation and modification times of database detections.
v1.4.42 2023-02-07
- Add check for exposed archive files (backups)
v1.4.41 2023-01-24
- Move generic platform interfaces to public gocommerce package
- Add
@here
alerts to Slack channel notifications
v1.4.40 2022-12-20
- Link to relevant Adobe Security Bulletin for detected Magento core vulnerabilities
- Quote newlines in malware snippets in CLI and CSV output
v1.4.39 2022-12-13
- Make MDVA-43395/43443 bypass check more robust.
v1.4.38 2022-12-13
- Detection for deliberate MDVA-43395 and MDVA-43443 bypass
- Extended detection of suspicious processes
- Fix: Log4j scan results are now ordered (prevents detection flapping)
v1.4.37 2022-12-06
- Multicore filescan support
v1.4.36 2022-12-06
- Speed optimization in scan algorithm
v1.4.35 2022-11-24
- Better CPU priority management on Linux
- Magento: search more tables for M2 template hacks
- Better detection for reverse shells
- Fix FP process detection on certain shell scripts
- Removed phone/SMS alerts
- Upgrade to Go1.19.3
v1.4.34 2022-10-17
- Scans for file-less executables (memory FDs)
v1.4.33 2022-10-14
- More efficient memory usage
- Upgrade Go1.17.3 to Go1.19.2
v1.4.32 2022-09-29
- More extensive process scan
- Drop scan size limit when scanning single file
- Fix: in rare cases, installed modules could not be detected.
- Fix: do not warn about stub Magento config files
- Fix: increased scan timeout for very large files
v1.4.31 2022-07-12
- Prestashop 7 database support
v1.4.30 2022-06-30
- Default max file size increased from 10M to 20M
v1.4.29 2022-06-05
- Support for Google Cloud databases
v1.4.28 2022-04-11
- Extended support for Wordpress/Woocommerce config parsing.
v1.4.27 2022-03-28
- Cap detection limit, in case of mass filesystem infections.
v1.4.26 2022-02-22
- Scan for Magento 2 RCE template exploits in database (CVE 2022-24086)
v1.4.25 2022-02-08
- Extended database scanning to detect stored POI attacks
v1.4.24 2022-01-27
- Extended database fields to include for malware scanning
v1.4.23 2021-12-21
- Fix regression when using --deep scan
v1.4.22 2021-12-21
- Detect vulnerable log4j versions in Java archives
v1.4.21 2021-11-24
- Also scan process meta data to detect CronRAT
v1.4.20 2021-11-19
- Also scan other crons on the system, if readable (root)
v1.4.19 2021-11-17
- Added process executable scanning.
v1.4.18 2021-11-11
- Refinement of the deleted executable check, to prevent some FPs.
v1.4.17 2021-11-11
- Added check for deleted process executables.
- Added check for cron jobs.
v1.4.16 2021-10-13
- Better support for detecting (missing) core platform security patches.
v1.4.15 2021-10-05
- Support for the AWS Graviton platform (amd64)
v1.4.14 2021-09-03
- Better handling of legacy systems (Enterprise Linux 6)
v1.4.13 2021-07-21
- Fix for parsing very specific Magento 2 config files
v1.4.12 2021-06-24
- Do not scan Magento session and report files to prevent timeout.
v1.4.11 2021-06-03
- Stricter integrity checks during auto upgrade
v1.4.10 2021-06-02
- Add global timeout of 12h to prevent hanging NFS resources
v1.4.9 2021-05-31
- New release integrity checking in dry-run mode.
v1.4.8 2021-05-31
- Regression fix for 1.4.7 for modules with conflicting version numbers
v1.4.7 2021-05-28
- Improved Magento module detection
v1.4.6 2021-05-21
- Fixes possible issue when writing state file to NFS, resulting in duplicate alerts
v1.4.5 2021-05-14
- Fix crash when no whitelist is given
- Log scanned files in CLI with
-vv
- Magento2: also recognize
host:port
fields inenv.php
- Add option to override local state file with
--state-file
v1.4.4 2021-05-12
- Scans additional tables that may contain executable code (
datafeedmanager_attributes
) - Updated API URL
- Increased HTTP timeout for self updating from 10 to 60 secs
v1.4.3 2021-03-19
- Bug fix: show detection in CLI when confidence threshold equals indicator level.
v1.4.2 2020-12-14
- Support long (up to 64 char) WP database passwords
v1.4.1 2020-11-26
- Better support for WP/WooCommerce database passwords
- Save state file in alternative locations if
$HOME
is read-only
v1.4.0 2020-11-18
- Significant performance increase (10-20x faster) using improved scanning engine (Yara 3.8.1 to 4.0.2)
v1.3.13 2020-11-13
- Fixes bug that would allow concurrent
--monitor
runs for the same path in rare circumstances
v1.3.12 2020-10-24
- Don't produce report error when no store config is found, as many people scan isolated locations such as media dirs.
v1.3.11 2020-09-24
- Default reply-to is now [email protected]
- Increased logging verbosity in case of (rare) problems
- Accept unix sockets instead of host names in database config (PHP PDO supports this)
v1.3.10 2020-08-12
- Better WP database connection handling
- Fix crash on specific linux kernels, revert to Go 1.13.15
v1.3.9 2020-07-31
- Better WP/WooCommerce support
- Added
--force-dsn
option to override database connection - Added
--skip-database
option for use in cluster environments - Progress meter extended to database scanning
v1.3.8 2020-07-30
- Send reports from
[email protected]
instead of[email protected]
--replyto
now defaults to[email protected]
- Preparation for dashboard support
- Upgrade Go 1.13.7 to 1.14.6
- Bug fix in database connection handling: do not use socket when server is
127.0.0.1
v1.3.7 2020-07-10
- Fix in STDIN supplied license key
v1.3.6 2020-07-08
- Read license key from STDIN when
--key=-
is used - Don't show database passwords in verbose logging
v1.3.5 2020-06-24
- Fix crash for very old Linux kernel 2.6.32 (EL6)
v1.3.4 2020-06-24
- Fix formatting issue in Slack reporting
v1.3.3 2020-04-29
- Update documentation / next step links
v1.3.2 2020-04-23
- Fix db connections problem in rare cases.
v1.3.1 2020-04-08
- The CLI
--tag
option (to group cloud servers) is now also used in phone & Slack alerts
v1.3.0 2020-04-06
- Extended vulnerable module scanning.
v1.2.0 2020-03-20
- Added
--tag
option to categorize email reports - Added
--self-update
command to only do self-update (for integrations only)
v1.1.0 2020-02-26
- Supports Shopware 6
- Also scan
.htaccess
files
v1.0.0 unreleased
- Major refactor of code base + external code review
v0.10.9 2020-01-23
- Symlinks: changed default behaviour to more common use case. Do follow symlinks, unless
--skip-symlinks
is given. The--follow-links
option has been deprecated. This fixes the issue where ecomscan could not find the CMS config file if that was a symlink.
v0.10.8 2020-01-15
- Add option
--follow-links
for links pointing outside scan root - Add option
--one-file-system
to prevent crossing mount boundaries - Better detection of Wordpress/WooCommerce stores
v0.10.7 2019-10-28
- Scan of
core_file_storage
backdoors
v0.10.6 2019-10-24
- Search harder for MySQL socket locations
- Cleaner exit upon fatal conditions
v0.10.5 2019-10-04
- Fix connecting to older MySQL servers (Brian Wade)
- Fix wrong ordering of detections in rare cases.
- Fix scanning for malware in database triggers when table prefix is used
- Fix only ensure no concurrent instances in non-interactive (cron) mode (Maier Bianchi)
v0.10.4 2019-08-23
- Added Magento 2 XSS detection (RipsTech)
- Use Mysqld UNIX socket if server name is localhost (Christian Hafström)
- Changed progress spinner to ASCII as to not crash certain terminals (Andy Symonds)
- Don't show redundant warning about "no path match, skippingpath match" (Christian Hafström)
- Don't show spinner without a TTY (eg piping to file)
v0.10.3 2019-06-20
- Use [email protected] as sender for reports
- Added explicit check for vulnerable Mirasvit SEO code (cannot rely on version number)
- Vulnerable module check will ignore modules that have "patch" in the version number (for manual patches) (David Cermak, Chris Botman)
- Recognize Shopware 5 and 6 installations (Alan Morkan)
v0.10.2 2019-06-13
- Hotfix to resolve not sending any reports in some cron setups
v0.10.1 2019-06-13
- Major rewrite to support upcoming features
- HTML email reporting (Max Chadwick)
- Per-check reporting to allow more different checks in the future
- (Upstream) removed checks for vulnerable Mirasvit modules, because Mirasvit uses non-standard versioning which produced many FPs.
- Checks: "exposed database managers", "magento sql injection", "store identification"
- The
--report <email>
option will ALWAYS send a report (Max Chadwick) - Store description in mail to distinguish multiple stores (Andreas von Studnitz)
- Module checks now report URL describing issue instead of vendor URL (where often, nothing was explained about severity of the issue).
- Database connection errors are now properly reported in the CLI (previously, only with
--verbose
) (Martin Pachol) - The
--newonly/monitor
option will squelch output when run non-interactively (previously: always squelch) - Restrict Magento SQL injection detection to M2, because no exploit is known for M1 yet.
- Fix: If scanpath is a file, always scan (regardless of
--deep
option) - Fix: allow DB connections with empty passwords (Jeroen Boersma)
- Add
--version
to help (Jeroen Boersma) - Scan results include links to support pages
v0.9.35 2019-05-15
- Added phone alerts for Advanced plans.
v0.9.34 2019-05-09
- Added Slack integration for Advanced plans.
- Default timeout 5 -> 10 seconds
v0.9.33 2019-05-08
- Introduced
--monitor
(delta) and--report
(single run) options, deprecated--email
and--newonly
- Added
--reply-to
to specify Reply-To address (for use with ticketing systems) (Brian Wade)
v0.9.32 2019-04-11
- Show explicitly if a hit is malware or vulnerability in file scan
- Increased max scan size to 10MB to detect GoBrut StealthWorker
- Add hidden
--yarafile <path>
option to support testing - Add explicit warning if self-update fails (for example, ecomscan is not writable)
- Fix spinner output
v0.9.31 2019-03-28
- Only report first (and most confident) malware hit per file / database source.
- Default confidence threshold changed from 1 to 50 (
--min-confidence
) to reduce reporting of false positives. - Keep state per scan path, not global (Robert Mangiafico)
v0.9.30 2019-03-27
- Fix case where first whitelisted item would get flagged (Phil Stewkesbury)
- Add module path to cli output
v0.9.29 2019-03-22
- Also scan rogue newsletters for Froghopper attacks
- Fix scanning
cms_page
when theme is null
v0.9.28 2019-03-15
- Also scan .php5 files (without
--deep
option) - Fixed error for directories with
.ini
or.php
extension. - Only print database connection errors in verbose mode -- usually caused by dev/staging configs.
- Only update when newer versions are available, facilitate experimental deploys.
v0.9.27 2019-03-04
- Fall back to
/tmp
if standard XDG runtime path fails (Rico Neitzel) - Release uses gzip, not all systems have xz (Rico Neitzel)
- Fatal errors now properly use stderr
- Allows concurrent scans of distinct paths
v0.9.26 2019-02-23
- Fix: CPU & I/O priorities are now properly rescheduled
- Silent output when
--newonly
and--email
are used (cron)
v0.9.25 2019-02-22
- Feature: basic email reporting (
--email
recipient) - Format: report individual checks
- Fixed duplicate help message (Ryan Hoerr)
- Removed short tag for rarely used options
v0.9.24 2019-02-15
- Fixed corner case with Magento2 configs (Robert Mangiafico)
- Fixed handling unreadable symlinks (Robert Mangiafico)
v0.9.23 2019-02-13
- Added
--maxsize
option to skip large files (default: 1MiB). Use 0 to disable limit. Thanks to Peeter Marvet. - Fix: better parsing of M2 configs. Thanks to Robert Mangiafico.
v0.9.22 2019-02-11
- Fix crash when Github is unreachable (to update module signatures)
v0.9.21 2019-02-09
- Reverted
os.Executable()
error handling, as the error was due to UPX (executable compressor) which would use a temp file on older Linux systems. Removed UPX altogether.
v0.9.20 2019-02-09
- Skip auto-updater altogether if
os.Executable()
failed. Works unpredictably on CentOS.
v0.9.19 2019-02-08
- Changed "json" into "jsonline" format, see http://jsonlines.org/ and https://stedolan.github.io/jq/
- Changed exit code to 100 if already running
v0.9.18 2019-02-08
- Fix detection of M1 modules for which no safe version is known.
- Ensure only a single instance (per user) can be running, no need for
flock
in cron. Exit code 1 if running. - Enforce all regular output to stdout instead of stderr.
- Add "json" output format (1 JSON object/line per detection)
- Add ctime/mtime for malware files
v0.9.17 2019-02-07
- Add git tags to build pipeline
v0.9.16 2019-02-06
- Added
--submit-whitelist
and--submit-malware
features. - Fix auto-updater on some systems (
os.Executable()
doesn't always work)
v0.9.15 2019-02-04
- Removed "dark grey" color for debug messages as it doesnt show up on some terminals.
v0.9.14 2019-02-04
- Add
--newonly
cli option. - Add timestamp to CSV output.
- Show summary after scanning.
v0.9.13 2019-02-01
- Fix: don't crash on non-standard module xml configs
v0.9.12 2019-01-31
- New build system
v0.9.11 2019-01-30
- Added confidence threshold setting (default: report all)
- Added check for vulnerable modules.
v0.9.10 2019-01-25
- Fixed field name for Magento2
- Fixed error message when path does not exist
- Fixed panic when M2
env.php
could not be parsed
v0.9.9 2019-01-25
- Implement XZ compression for signature data (800KB -> 98KB)
- Set low CPU & IO prios on Linux
- Add basic progress spinner for filescan
v0.9.8 2019-01-24
- Fix auto updater ("text file busy")
v0.9.7 2019-01-23
- Fix auto updater when run from other dir ($PATH)
v0.9.6 2019-01-23
- Support for multi level signature certainty, to allow test/suspicious rules. Force reporting of all rules with
--all
- Whitelist support
- Resolve symlinks for root path
v0.9.5 2019-01-22
- Auto self-updater
- First public release
Easy CSP for your store?
Try Sansec Watch! Free, simple and fully integrated. Get PCI compliant alerting with minimal effort.
Sansec Watch