Sansec logo

eComscan release history (changelog)

Sansec

by Sansec Support

Published in Knowledgebase

This is a full list of fixes and improvements to our scanning software. eComscan will auto-update, so no manual action is required. eComscan releases will also be announced on our Twitter feed.

Note: this page only lists the functional changes to our monitoring software. We release updated signatures multiple times per day and your copy of eComscan will automatically use them. To not aid criminals, we do not publicly list signature additions.

v1.6.14 (released December 14th, 2023)

  • Fix false positive detection for Datadog

v1.6.13 (released December 11th, 2023)

  • Upgrade Go to 1.21.5
  • Remove debug output from interactive mode.

v1.6.12 (released December 8th, 2023)

  • Support scanning GTM containers with large IDs.
  • ecomscan interactive: try harder to find a store on the system.

v1.6.11 (released November 16th, 2023)

  • Don't scan /proc, /dev and /sys
  • Also suggest report email addresses found in environment.
  • Exposed web root files are now classified as vulnerability.
  • Interactive scans run with confidence threshold 10 by default.

v1.6.10 (released October 31th, 2023)

  • Now supports ecomscan interactive from a curl'ed script.
  • Fix control-c in interactive mode.
  • Better email address suggestions in interactive.

v1.6.9 (released October 23th, 2023)

  • Fix config data not being scanned in certain older versions of Magento.

v1.6.8 (released October 18th, 2023)

  • Improve detection of malware hidden in config table on Magento 1.

v1.6.7 (released October 5th, 2023)

  • Better reporting for composite signature detections.

v1.6.6 (released October 5th, 2023)

  • Fix cron warning on Adobe Commerce Cloud.

v1.6.5 (released October 3rd, 2023)

  • Update composer integrity check endpoint.
  • eComscan is no longer reliant on GitHub for downloading its module blacklist.
  • eComscan shows suggestion when no cron setup is detected.
  • ecomscan interactive will guess/ask for scan arguments.

v1.6.4 (released July 26th, 2023)

  • Email improvements for trial users.

v1.6.3 (released July 26th, 2023)

  • Suggest to set up ecomscan monitoring, if not already done so.
  • UI improvements for trial users.

v1.6.2 (released July 4th, 2023)

  • Scan auto_prepend_file and auto_append_file for malware.

v1.6.1 (released June 29th, 2023)

  • Fix regression in --version format
  • Upgrade to Golang 1.20.5

v1.6.0 (released June 29th, 2023)

  • Added subcommands submit and update (to replace --self-update and --submit-malware, --submit-whitelist)
  • Removed --force-update and added update --force
  • Removed option to read license key from stdin as it was not used
  • Simplified auto-upgrade check

v1.5.0 (released June 9th, 2023)

  • Introducing a new trial mode, which is enabled when no license key is provided
  • Improve composer integrity check performance

v1.4.55 (released May 23th, 2023)

  • Add external frontpages scan
  • Fix crash when generating vendor state fails

v1.4.54 (released May 19th, 2023)

  • Show error when unused cli arguments are given
  • Scan Magento 2's variable_value table (reported by Scandiweb)

v1.4.53 (released May 16th, 2023)

  • Don't report the same vulnerability/malware multiple times with symlink-based deployment setups.

v1.4.52 (released April 11th, 2023)

  • Performance optimization

v1.4.51 (released April 7th, 2023)

  • Minor bugfixes.

v1.4.50 (released April 7th, 2023)

  • Upgrade to go 1.20.3 (fixes minor DoS issue)

v1.4.49 (released April 3rd, 2023)

  • Warn in CLI when no store configuration file is found
  • Fix for WooCommerce configs with explicit db port specification
  • Upgrade to go 1.20.2

v1.4.48 (released March 2nd, 2023)

  • Signature detection improvements

v1.4.47 (released February 28th, 2023)

  • Fix: ignore GTM containers that don't exist (anymore)

v1.4.46 (released February 28th, 2023)

  • Fix: support for GTM containers with product settings
  • Raised detection confidence for network shells

v1.4.45 (released February 17th, 2023)

  • Fix: don't crash on NULL in certain database rows.

v1.4.44 (released February 17th, 2023)

  • Fix: increase MySQL server write timeout to allow scanning very large tables.
  • Fix: support for GTM multi container format.

v1.4.43 (released February 14th, 2023)

  • Set maximum number of processes depending on available CPUs.
  • Set priority level uniformly across all processes.
  • Deep scan for malware inside GTM containers found in database.
  • Fix public webroot file detection when file is only available through / but not /pub.
  • Report creation and modification times of database detections.

v1.4.42 (released February 7th, 2023)

  • Add check for exposed archive files (backups)

v1.4.41 (released January 24th, 2023)

  • Move generic platform interfaces to public gocommerce package
  • Add @here alerts to Slack channel notifications

v1.4.40 (released December 20th, 2022)

  • Link to relevant Adobe Security Bulletin for detected Magento core vulnerabilities
  • Quote newlines in malware snippets in CLI and CSV output

v1.4.39 (released December 13th, 2022)

  • Make MDVA-43395/43443 bypass check more robust.

v1.4.38 (released December 13th, 2022)

  • Detection for deliberate MDVA-43395 and MDVA-43443 bypass
  • Extended detection of suspicious processes
  • Fix: Log4j scan results are now ordered (prevents detection flapping)

v1.4.37 (released December 6th, 2022)

  • Multicore filescan support

v1.4.36 (released December 6th, 2022)

  • Speed optimization in scan algorithm

v1.4.35 (released November 24th, 2022)

  • Better CPU priority management on Linux
  • Magento: search more tables for M2 template hacks
  • Better detection for reverse shells
  • Fix FP process detection on certain shell scripts
  • Removed phone/SMS alerts
  • Upgrade to Go1.19.3

v1.4.34 (released October 17th, 2022)

  • Scans for file-less executables (memory FDs)

v1.4.33 (released October 14th, 2022)

  • More efficient memory usage
  • Upgrade Go1.17.3 to Go1.19.2

v1.4.32 (released September 29th, 2022)

  • More extensive process scan
  • Drop scan size limit when scanning single file
  • Fix: in rare cases, installed modules could not be detected.
  • Fix: do not warn about stub Magento config files
  • Fix: increased scan timeout for very large files

v1.4.31 (released July 12th, 2022)

  • Prestashop 7 database support

v1.4.30 (released June 30th, 2022)

  • Default max file size increased from 10M to 20M

v1.4.29 (released June 5th, 2022)

  • Support for Google Cloud databases

v1.4.28 (released April 11th, 2022)

  • Extended support for Wordpress/Woocommerce config parsing.

v1.4.27 (released March 28th, 2022)

  • Cap detection limit, in case of mass filesystem infections.

v1.4.26 (released February 22th, 2022)

  • Scan for Magento 2 RCE template exploits in database (CVE 2022-24086)

v1.4.25 (released February 8th, 2022)

  • Extended database scanning to detect stored POI attacks

v1.4.24 (released January 27th, 2022)

  • Extended database fields to include for malware scanning

v1.4.23 (released December 21th, 2021)

  • Fix regression when using --deep scan

v1.4.22 (released December 21th, 2021)

  • Detect vulnerable log4j versions in Java archives

v1.4.21 (released November 24th, 2021)

  • Also scan process meta data to detect CronRAT

v1.4.20 (released November 19th, 2021)

  • Also scan other crons on the system, if readable (root)

v1.4.19 (released November 17th, 2021)

  • Added process executable scanning.

v1.4.18 (released November 11th, 2021)

  • Refinement of the deleted executable check, to prevent some FPs.

v1.4.17 (released November 11th, 2021)

  • Added check for deleted process executables.
  • Added check for cron jobs.

v1.4.16 (released October 13th, 2021)

  • Better support for detecting (missing) core platform security patches.

v1.4.15 (released October 5th, 2021)

  • Support for the AWS Graviton platform (amd64)

v1.4.14 (released September 3rd, 2021)

  • Better handling of legacy systems (Enterprise Linux 6)

v1.4.13 (released July 21th, 2021)

  • Fix for parsing very specific Magento 2 config files

v1.4.12 (released June 24th, 2021)

  • Do not scan Magento session and report files to prevent timeout.

v1.4.11 (released June 3rd, 2021)

  • Stricter integrity checks during auto upgrade

v1.4.10 (released June 2nd, 2021)

  • Add global timeout of 12h to prevent hanging NFS resources

v1.4.9 (released May 31th, 2021)

  • New release integrity checking in dry-run mode.

v1.4.8 (released May 31th, 2021)

  • Regression fix for 1.4.7 for modules with conflicting version numbers

v1.4.7 (released May 28th, 2021)

  • Improved Magento module detection

v1.4.6 (released May 21th, 2021)

  • Fixes possible issue when writing state file to NFS, resulting in duplicate alerts

v1.4.5 (released May 14th, 2021)

  • Fix crash when no whitelist is given
  • Log scanned files in CLI with -vv
  • Magento2: also recognize host:port fields in env.php
  • Add option to override local state file with --state-file

v1.4.4 (released May 12th, 2021)

  • Scans additional tables that may contain executable code (datafeedmanager_attributes)
  • Updated API URL
  • Increased HTTP timeout for self updating from 10 to 60 secs

v1.4.3 (released March 19th, 2021)

  • Bug fix: show detection in CLI when confidence threshold equals indicator level.

v1.4.2 (released December 14th, 2020)

  • Support long (up to 64 char) WP database passwords

v1.4.1 (released November 26th, 2020)

  • Better support for WP/WooCommerce database passwords
  • Save state file in alternative locations if $HOME is read-only

v1.4.0 (released November 18th, 2020)

  • Significant performance increase (10-20x faster) using improved scanning engine (Yara 3.8.1 to 4.0.2)

v1.3.13 (released November 13th, 2020)

  • Fixes bug that would allow concurrent --monitor runs for the same path in rare circumstances

v1.3.12 (released October 24th, 2020)

  • Don't produce report error when no store config is found, as many people scan isolated locations such as media dirs.

v1.3.11 (released September 24th, 2020)

  • Default reply-to is now [email protected]
  • Increased logging verbosity in case of (rare) problems
  • Accept unix sockets instead of host names in database config (PHP PDO supports this)

v1.3.10 (released August 12th, 2020)

  • Better WP database connection handling
  • Fix crash on specific linux kernels, revert to Go 1.13.15

v1.3.9 (released July 31th, 2020)

  • Better WP/WooCommerce support
  • Added --force-dsn option to override database connection
  • Added --skip-database option for use in cluster environments
  • Progress meter extended to database scanning

v1.3.8 (released July 30th, 2020)

v1.3.7 (released July 10th, 2020)

  • Fix in STDIN supplied license key

v1.3.6 (released July 8th, 2020)

  • Read license key from STDIN when --key=- is used
  • Don't show database passwords in verbose logging

v1.3.5 (released June 24th, 2020)

  • Fix crash for very old Linux kernel 2.6.32 (EL6)

v1.3.4 (released June 24th, 2020)

  • Fix formatting issue in Slack reporting

v1.3.3 (released April 29th, 2020)

  • Update documentation / next step links

v1.3.2 (released April 23th, 2020)

  • Fix db connections problem in rare cases.

v1.3.1 (released April 8th, 2020)

  • The CLI --tag option (to group cloud servers) is now also used in phone & Slack alerts

v1.3.0 (released April 6th, 2020)

  • Extended vulnerable module scanning.

v1.2.0 (released March 20th, 2020)

  • Added --tag option to categorize email reports
  • Added --self-update command to only do self-update (for integrations only)

v1.1.0 (released February 26th, 2020)

  • Supports Shopware 6
  • Also scan .htaccess files

v1.0.0 unreleased

  • Major refactor of code base + external code review

v0.10.9 (released January 23th, 2020)

  • Symlinks: changed default behaviour to more common use case. Do follow symlinks, unless --skip-symlinks is given. The --follow-links option has been deprecated. This fixes the issue where ecomscan could not find the CMS config file if that was a symlink.

v0.10.8 (released January 15th, 2020)

  • Add option --follow-links for links pointing outside scan root
  • Add option --one-file-system to prevent crossing mount boundaries
  • Better detection of Wordpress/WooCommerce stores

v0.10.7 (released October 28th, 2019)

  • Scan of core_file_storage backdoors

v0.10.6 (released October 24th, 2019)

  • Search harder for MySQL socket locations
  • Cleaner exit upon fatal conditions

v0.10.5 (released October 4th, 2019)

  • Fix connecting to older MySQL servers (Brian Wade)
  • Fix wrong ordering of detections in rare cases.
  • Fix scanning for malware in database triggers when table prefix is used
  • Fix only ensure no concurrent instances in non-interactive (cron) mode (Maier Bianchi)

v0.10.4 (released August 23th, 2019)

  • Added Magento 2 XSS detection (RipsTech)
  • Use Mysqld UNIX socket if server name is localhost (Christian Hafström)
  • Changed progress spinner to ASCII as to not crash certain terminals (Andy Symonds)
  • Don't show redundant warning about "no path match, skippingpath match" (Christian Hafström)
  • Don't show spinner without a TTY (eg piping to file)

v0.10.3 (released June 20th, 2019)

  • Use [email protected] as sender for reports
  • Added explicit check for vulnerable Mirasvit SEO code (cannot rely on version number)
  • Vulnerable module check will ignore modules that have "patch" in the version number (for manual patches) (David Cermak, Chris Botman)
  • Recognize Shopware 5 and 6 installations (Alan Morkan)

v0.10.2 (released June 13th, 2019)

  • Hotfix to resolve not sending any reports in some cron setups

v0.10.1 (released June 13th, 2019)

  • Major rewrite to support upcoming features
  • HTML email reporting (Max Chadwick)
  • Per-check reporting to allow more different checks in the future
  • (Upstream) removed checks for vulnerable Mirasvit modules, because Mirasvit uses non-standard versioning which produced many FPs.
  • Checks: "exposed database managers", "magento sql injection", "store identification"
  • The --report <email> option will ALWAYS send a report (Max Chadwick)
  • Store description in mail to distinguish multiple stores (Andreas von Studnitz)
  • Module checks now report URL describing issue instead of vendor URL (where often, nothing was explained about severity of the issue).
  • Database connection errors are now properly reported in the CLI (previously, only with --verbose) (Martin Pachol)
  • The --newonly/monitor option will squelch output when run non-interactively (previously: always squelch)
  • Restrict Magento SQL injection detection to M2, because no exploit is known for M1 yet.
  • Fix: If scanpath is a file, always scan (regardless of --deep option)
  • Fix: allow DB connections with empty passwords (Jeroen Boersma)
  • Add --version to help (Jeroen Boersma)
  • Scan results include links to support pages

v0.9.35 (released May 15th, 2019)

  • Added phone alerts for Advanced plans.

v0.9.34 (released May 9th, 2019)

  • Added Slack integration for Advanced plans.
  • Default timeout 5 -> 10 seconds

v0.9.33 (released May 8th, 2019)

  • Introduced --monitor (delta) and --report (single run) options, deprecated --email and --newonly
  • Added --reply-to to specify Reply-To address (for use with ticketing systems) (Brian Wade)

v0.9.32 (released April 11th, 2019)

  • Show explicitly if a hit is malware or vulnerability in file scan
  • Increased max scan size to 10MB to detect GoBrut StealthWorker
  • Add hidden --yarafile <path> option to support testing
  • Add explicit warning if self-update fails (for example, ecomscan is not writable)
  • Fix spinner output

v0.9.31 (released March 28th, 2019)

  • Only report first (and most confident) malware hit per file / database source.
  • Default confidence threshold changed from 1 to 50 (--min-confidence) to reduce reporting of false positives.
  • Keep state per scan path, not global (Robert Mangiafico)

v0.9.30 (released March 27th, 2019)

  • Fix case where first whitelisted item would get flagged (Phil Stewkesbury)
  • Add module path to cli output

v0.9.29 (released March 22th, 2019)

  • Also scan rogue newsletters for Froghopper attacks
  • Fix scanning cms_page when theme is null

v0.9.28 (released March 15th, 2019)

  • Also scan .php5 files (without --deep option)
  • Fixed error for directories with .ini or .php extension.
  • Only print database connection errors in verbose mode -- usually caused by dev/staging configs.
  • Only update when newer versions are available, facilitate experimental deploys.

v0.9.27 (released March 4th, 2019)

  • Fall back to /tmp if standard XDG runtime path fails (Rico Neitzel)
  • Release uses gzip, not all systems have xz (Rico Neitzel)
  • Fatal errors now properly use stderr
  • Allows concurrent scans of distinct paths

v0.9.26 (released February 23th, 2019)

  • Fix: CPU & I/O priorities are now properly rescheduled
  • Silent output when --newonly and --email are used (cron)

v0.9.25 (released February 22th, 2019)

  • Feature: basic email reporting (--email recipient)
  • Format: report individual checks
  • Fixed duplicate help message (Ryan Hoerr)
  • Removed short tag for rarely used options

v0.9.24 (released February 15th, 2019)

  • Fixed corner case with Magento2 configs (Robert Mangiafico)
  • Fixed handling unreadable symlinks (Robert Mangiafico)

v0.9.23 (released February 13th, 2019)

  • Added --maxsize option to skip large files (default: 1MiB). Use 0 to disable limit. Thanks to Peeter Marvet.
  • Fix: better parsing of M2 configs. Thanks to Robert Mangiafico.

v0.9.22 (released February 11th, 2019)

  • Fix crash when Github is unreachable (to update module signatures)

v0.9.21 (released February 9th, 2019)

  • Reverted os.Executable() error handling, as the error was due to UPX (executable compressor) which would use a temp file on older Linux systems. Removed UPX altogether.

v0.9.20 (released February 9th, 2019)

  • Skip auto-updater altogether if os.Executable() failed. Works unpredictably on CentOS.

v0.9.19 (released February 8th, 2019)

v0.9.18 (released February 8th, 2019)

  • Fix detection of M1 modules for which no safe version is known.
  • Ensure only a single instance (per user) can be running, no need for flock in cron. Exit code 1 if running.
  • Enforce all regular output to stdout instead of stderr.
  • Add "json" output format (1 JSON object/line per detection)
  • Add ctime/mtime for malware files

v0.9.17 (released February 7th, 2019)

  • Add git tags to build pipeline

v0.9.16 (released February 6th, 2019)

  • Added --submit-whitelist and --submit-malware features.
  • Fix auto-updater on some systems (os.Executable() doesn't always work)

v0.9.15 (released February 4th, 2019)

  • Removed "dark grey" color for debug messages as it doesnt show up on some terminals.

v0.9.14 (released February 4th, 2019)

  • Add --newonly cli option.
  • Add timestamp to CSV output.
  • Show summary after scanning.

v0.9.13 (released February 1st, 2019)

  • Fix: don't crash on non-standard module xml configs

v0.9.12 (released January 31th, 2019)

  • New build system

v0.9.11 (released January 30th, 2019)

  • Added confidence threshold setting (default: report all)
  • Added check for vulnerable modules.

v0.9.10 (released January 25th, 2019)

  • Fixed field name for Magento2
  • Fixed error message when path does not exist
  • Fixed panic when M2 env.php could not be parsed

v0.9.9 (released January 25th, 2019)

  • Implement XZ compression for signature data (800KB -> 98KB)
  • Set low CPU & IO prios on Linux
  • Add basic progress spinner for filescan

v0.9.8 (released January 24th, 2019)

  • Fix auto updater ("text file busy")

v0.9.7 (released January 23th, 2019)

  • Fix auto updater when run from other dir ($PATH)

v0.9.6 (released January 23th, 2019)

  • Support for multi level signature certainty, to allow test/suspicious rules. Force reporting of all rules with --all
  • Whitelist support
  • Resolve symlinks for root path

v0.9.5 (released January 22th, 2019)

  • Auto self-updater
  • First public release
Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

TwitterLinkedinEmail

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01