This is a full list of fixes and improvements to our scanning software. eComscan will auto-update, so no manual action is required. eComscan releases will also be announced on our Twitter feed.
Note: this page only lists the functional changes to our monitoring software. We release updated signatures multiple times per day and your copy of eComscan will automatically use them. To not aid criminals, we do not publicly list signature additions.
v1.4.23 (released Dec 21st, 2021)
- Fix regression when using –deep scan
v1.4.22 (released Dec 21st, 2021)
- Detect vulnerable log4j versions in Java archives
v1.4.21 (released Nov 24th, 2021)
- Also scan process meta data to detect CronRAT
v1.4.20 (released Nov 19th, 2021)
- Also scan other crons on the system, if readable (root)
v1.4.19 (released Nov 17th, 2021)
- Added process executable scanning.
v1.4.18 (released Nov 11th, 2021)
- Refinement of the deleted executable check, to prevent some FPs.
v1.4.17 (released Nov 11th, 2021)
- Added check for deleted process executables.
- Added check for cron jobs.
v1.4.16 (released Oct 13th, 2021)
- Better support for detecting (missing) core platform security patches.
v1.4.15 (released Oct 5th, 2021)
- Support for the AWS Graviton platform (amd64)
v1.4.14 (released Sep 3rd, 2021)
- Better handling of legacy systems (Enterprise Linux 6)
v1.4.13 (released Jul 21st, 2021)
- Fix for parsing very specific Magento 2 config files
v1.4.12 (released Jun 24th, 2021)
- Do not scan Magento session and report files to prevent timeout.
v1.4.11 (released Jun 3rd, 2021)
- Stricter integrity checks during auto upgrade
v1.4.10 (released Jun 2nd, 2021)
- Add global timeout of 12h to prevent hanging NFS resources
v1.4.9 (released May 31st, 2021)
- New release integrity checking in dry-run mode.
v1.4.8 (released May 31st, 2021)
- Regression fix for 1.4.7 for modules with conflicting version numbers
v1.4.7 (released May 28th, 2021)
- Improved Magento module detection
v1.4.6 (released May 21st, 2021)
- Fixes possible issue when writing state file to NFS, resulting in duplicate alerts
v1.4.5 (released May 14th, 2021)
- Fix crash when no whitelist is given
- Log scanned files in CLI with
- Magento2: also recognize
- Add option to override local state file with
v1.4.4 (released May 12th, 2021)
- Scans additional tables that may contain executable code (
- Updated API URL
- Increased HTTP timeout for self updating from 10 to 60 secs
v1.4.3 (released Mar 19th, 2021)
- Bug fix: show detection in CLI when confidence threshold equals indicator level.
v1.4.2 (released Dec 14th, 2020)
- Support long (up to 64 char) WP database passwords
v1.4.1 (released Nov 26th, 2020)
- Better support for WP/WooCommerce database passwords
- Save state file in alternative locations if
v1.4.0 (released Nov 18th, 2020)
- Significant performance increase (10-20x faster) using improved scanning engine (Yara 3.8.1 to 4.0.2)
v1.3.13 (released Nov 13th, 2020)
- Fixes bug that would allow concurrent
--monitorruns for the same path in rare circumstances
v1.3.12 (released Oct 24th, 2020)
- Don’t produce report error when no store config is found, as many people scan isolated locations such as media dirs.
v1.3.11 (released Sep 24th, 2020)
- Default reply-to is now [email protected]
- Increased logging verbosity in case of (rare) problems
- Accept unix sockets instead of host names in database config (PHP PDO supports this)
v1.3.10 (released Aug 12th, 2020)
- Better WP database connection handling
- Fix crash on specific linux kernels, revert to Go 1.13.15
v1.3.9 (released Jul 31st, 2020)
- Better WP/WooCommerce support
--force-dsnoption to override database connection
--skip-databaseoption for use in cluster environments
- Progress meter extended to database scanning
v1.3.8 (released Jul 30th, 2020)
- Send reports from
[email protected]instead of
--replytonow defaults to
- Preparation for dashboard support
- Upgrade Go 1.13.7 to 1.14.6
- Bug fix in database connection handling: do not use socket when server is
v1.3.7 (released Jul 10th, 2020)
- Fix in STDIN supplied license key
v1.3.6 (released Jul 8th, 2020)
- Read license key from STDIN when
- Don’t show database passwords in verbose logging
v1.3.5 (released Jun 24th, 2020)
- Fix crash for very old Linux kernel 2.6.32 (EL6)
v1.3.4 (released Jun 24th, 2020)
- Fix formatting issue in Slack reporting
v1.3.3 (released Apr 29th, 2020)
- Update documentation / next step links
v1.3.2 (released Apr 23rd, 2020)
- Fix db connections problem in rare cases.
v1.3.1 (released Apr 8th, 2020)
- The CLI
--tagoption (to group cloud servers) is now also used in phone & Slack alerts
v1.3.0 (released Apr 6th, 2020)
- Extended vulnerable module scanning.
v1.2.0 (released Mar 20th, 2020)
--tagoption to categorize email reports
--self-updatecommand to only do self-update (for integrations only)
v1.1.0 (released Feb 26th, 2020)
- Supports Shopware 6
- Also scan
- Major refactor of code base + external code review
v0.10.9 (released Jan 23rd, 2020)
- Symlinks: changed default behaviour to more common use case. Do follow symlinks, unless
--skip-symlinksis given. The
--follow-linksoption has been deprecated. This fixes the issue where ecomscan could not find the CMS config file if that was a symlink.
v0.10.8 (released Jan 15th, 2020)
- Add option
--follow-linksfor links pointing outside scan root
- Add option
--one-file-systemto prevent crossing mount boundaries
- Better detection of Wordpress/WooCommerce stores
v0.10.7 (released Oct 28th, 2019)
- Scan of
v0.10.6 (released Oct 24th, 2019)
- Search harder for MySQL socket locations
- Cleaner exit upon fatal conditions
v0.10.5 (released Oct 4th, 2019)
- Fix connecting to older MySQL servers (Brian Wade)
- Fix wrong ordering of detections in rare cases.
- Fix scanning for malware in database triggers when table prefix is used
- Fix only ensure no concurrent instances in non-interactive (cron) mode (Maier Bianchi)
v0.10.4 (released Aug 23rd, 2019)
- Added Magento 2 XSS detection (RipsTech)
- Use Mysqld UNIX socket if server name is localhost (Christian Hafström)
- Changed progress spinner to ASCII as to not crash certain terminals (Andy Symonds)
- Don’t show redundant warning about “no path match, skippingpath match” (Christian Hafström)
- Don’t show spinner without a TTY (eg piping to file)
v0.10.3 (released Jun 20th, 2019)
- Use [email protected] as sender for reports
- Added explicit check for vulnerable Mirasvit SEO code (cannot rely on version number)
- Vulnerable module check will ignore modules that have “patch” in the version number (for manual patches) (David Cermak, Chris Botman)
- Recognize Shopware 5 and 6 installations (Alan Morkan)
v0.10.2 (released Jun 13th, 2019)
- Hotfix to resolve not sending any reports in some cron setups
v0.10.1 (released Jun 13th, 2019)
- Major rewrite to support upcoming features
- HTML email reporting (Max Chadwick)
- Per-check reporting to allow more different checks in the future
- (Upstream) removed checks for vulnerable Mirasvit modules, because Mirasvit uses non-standard versioning which produced many FPs.
- Checks: “exposed database managers”, “magento sql injection”, “store identification”
--report <email>option will ALWAYS send a report (Max Chadwick)
- Store description in mail to distinguish multiple stores (Andreas von Studnitz)
- Module checks now report URL describing issue instead of vendor URL (where often, nothing was explained about severity of the issue).
- Database connection errors are now properly reported in the CLI (previously, only with
--verbose) (Martin Pachol)
--newonly/monitoroption will squelch output when run non-interactively (previously: always squelch)
- Restrict Magento SQL injection detection to M2, because no exploit is known for M1 yet.
- Fix: If scanpath is a file, always scan (regardless of
- Fix: allow DB connections with empty passwords (Jeroen Boersma)
--versionto help (Jeroen Boersma)
- Scan results include links to support pages
v0.9.35 (released May 15th, 2019)
- Added phone alerts for Advanced plans.
v0.9.34 (released May 9th, 2019)
- Added Slack integration for Advanced plans.
- Default timeout 5 -> 10 seconds
v0.9.33 (released May 8th, 2019)
--report(single run) options, deprecated
--reply-toto specify Reply-To address (for use with ticketing systems) (Brian Wade)
v0.9.32 (released Apr 11th, 2019)
- Show explicitly if a hit is malware or vulnerability in file scan
- Increased max scan size to 10MB to detect GoBrut StealthWorker
- Add hidden
--yarafile <path>option to support testing
- Add explicit warning if self-update fails (for example, ecomscan is not writable)
- Fix spinner output
v0.9.31 (released Mar 28th, 2019)
- Only report first (and most confident) malware hit per file / database source.
- Default confidence threshold changed from 1 to 50 (
--min-confidence) to reduce reporting of false positives.
- Keep state per scan path, not global (Robert Mangiafico)
v0.9.30 (released Mar 27th, 2019)
- Fix case where first whitelisted item would get flagged (Phil Stewkesbury)
- Add module path to cli output
v0.9.29 (released Mar 22nd, 2019)
- Also scan rogue newsletters for Froghopper attacks
- Fix scanning
cms_pagewhen theme is null
v0.9.28 (released Mar 15th, 2019)
- Also scan .php5 files (without
- Fixed error for directories with
- Only print database connection errors in verbose mode – usually caused by dev/staging configs.
- Only update when newer versions are available, facilitate experimental deploys.
v0.9.27 (released Mar 4th, 2019)
- Fall back to
/tmpif standard XDG runtime path fails (Rico Neitzel)
- Release uses gzip, not all systems have xz (Rico Neitzel)
- Fatal errors now properly use stderr
- Allows concurrent scans of distinct paths
v0.9.26 (released Feb 23rd, 2019)
- Fix: CPU & I/O priorities are now properly rescheduled
- Silent output when
v0.9.25 (released Feb 22nd, 2019)
- Feature: basic email reporting (
- Format: report individual checks
- Fixed duplicate help message (Ryan Hoerr)
- Removed short tag for rarely used options
v0.9.24 (released Feb 15th, 2019)
- Fixed corner case with Magento2 configs (Robert Mangiafico)
- Fixed handling unreadable symlinks (Robert Mangiafico)
v0.9.23 (released Feb 13th, 2019)
--maxsizeoption to skip large files (default: 1MiB). Use 0 to disable limit. Thanks to Peeter Marvet.
- Fix: better parsing of M2 configs. Thanks to Robert Mangiafico.
v0.9.22 (released Feb 11th, 2019)
- Fix crash when Github is unreachable (to update module signatures)
v0.9.21 (released Feb 9th, 2019)
os.Executable()error handling, as the error was due to UPX (executable compressor) which would use a temp file on older Linux systems. Removed UPX altogether.
v0.9.20 (released Feb 9th, 2019)
- Skip auto-updater altogether if
os.Executable()failed. Works unpredictably on CentOS.
v0.9.19 (released Feb 8th, 2019)
- Changed “json” into “jsonline” format, see http://jsonlines.org/ and https://stedolan.github.io/jq/
- Changed exit code to 100 if already running
v0.9.18 (released Feb 8th, 2019)
- Fix detection of M1 modules for which no safe version is known.
- Ensure only a single instance (per user) can be running, no need for
flockin cron. Exit code 1 if running.
- Enforce all regular output to stdout instead of stderr.
- Add “json” output format (1 JSON object/line per detection)
- Add ctime/mtime for malware files
v0.9.17 (released Feb 7th, 2019)
- Add git tags to build pipeline
v0.9.16 (released Feb 6th, 2019)
- Fix auto-updater on some systems (
os.Executable()doesn’t always work)
v0.9.15 (released Feb 4th, 2019)
- Removed “dark grey” color for debug messages as it doesnt show up on some terminals.
v0.9.14 (released Feb 4th, 2019)
- Add timestamp to CSV output.
- Show summary after scanning.
v0.9.13 (released Feb 1st, 2019)
- Fix: don’t crash on non-standard module xml configs
v0.9.12 (released Jan 31st, 2019)
- New build system
v0.9.11 (released Jan 30th, 2019)
- Added confidence threshold setting (default: report all)
- Added check for vulnerable modules.
v0.9.10 (released Jan 25th, 2019)
- Fixed field name for Magento2
- Fixed error message when path does not exist
- Fixed panic when M2
env.phpcould not be parsed
v0.9.9 (released Jan 25th, 2019)
- Implement XZ compression for signature data (800KB -> 98KB)
- Set low CPU & IO prios on Linux
- Add basic progress spinner for filescan
v0.9.8 (released Jan 24th, 2019)
- Fix auto updater (“text file busy”)
v0.9.7 (released Jan 23rd, 2019)
- Fix auto updater when run from other dir ($PATH)
v0.9.6 (released Jan 23rd, 2019)
- Support for multi level signature certainty, to allow test/suspicious rules. Force reporting of all rules with
- Whitelist support
- Resolve symlinks for root path
v0.9.5 (released Jan 22nd, 2019)
- Auto self-updater
- First public release
This page was last updated at Dec 16th, 2021