Sandfly 1.3 Update

A new version of Sandfly has been released. Version 1.3 has the following changes:

  • Container OS was switched from Alpine to Ubuntu Minimal for better compatibility and more up to date packages.
  • TLS 1.1 has been disabled across the board. Only TLS 1.2 and 1.3 will be supported going forward which will cover all modern browsers.
  • Sandflies renamed to be more consistent and descriptive.
  • Sandfly Process Persistence Cron Malicious and Sandfly Process Persistence At Job Malicious sandflies will also flag executable files inside these directories along with the standard malware persistence checks.
  • New sandflies to search for running processes out of unusual system directories like /lost+found or /boot.
  • Expanded checks for legacy rootkits from the leaked NSA source code repositories.
  • New sandfly checks for SUID/SGID system shells.
  • Expanded checks for SUID/SGID system editors which can be left behind for future escalation attacks by intruders.
  • Performance and reliability fixes.

We recommend you upgrade to take advantage of the above by following the simple instructions here:

Upgrading Sandfly

Thank you for using Sandfly.