Information about the IMPEX release 3.3

Release date: 2023-02-08

The IMPEX 3.3 release

This is the first release 2023, a new Impex software version with some anticipated additions and fixes. As per usual, our minor releases contain both new features as well as bug fixes.

Thanks to a completely rewritten scanner engine manager in this release, we now have better control over the execution of the various scanners. The biggest gain noticeable by ordinary users will be the massive scanning speedups in all uses and use cases, both for Impex station and Impex Data Lock. See the table at the end of the release notes for some examples of improvements that have been measured in some in-house tests. As always, the results you might see depends on multiple things such as the USB version (3 is quicker than 2, etc), USB device performance, file sizes, number of files, etc.

The Impex Data Lock product introduced with the 3.2 release has gained some enhancements in this release. Data Lock gets support for Network Flows, which is what we name multiple remote destinations for scanned data depending on configuration. Thus a single Data Lock can handle many routes and integrations in the same device by setting up separate Network Flows for each integration.

Operational managers of IMPEX stations will also be happy to see that we now have editing functionality directly in the station GUI. This means customers can do post-installation changes, network renumbering, proxy changes, switch ICC and more without having to contact SYSCTL support.

By including the Impex documentation as on-line documentation in the ICC, it makes it much easier for staff to find references and help with the operations. Not only is there a separate menu for the documentation, inside ICC there is also context sensitive help that can be selected by clicking on “?” next to various forms, buttons, etc. This brings you to the documentation for that specific issue.

ICC changes

  • We now include the ICC documentation as HTML in the ICC GUI for easy reference. We will start adding direct links from each view and complex configuration setting to the relevant chapter in upcoming releases
  • Added network flow and ssh key management view functionality for Data Lock
  • Scan report and Malware alert emails have been adjusted to include Data lock information
  • Scan PDF reports have been adjusted to include Data Lock information

ICC fixes

  • Search in the file listing for a scan did not work, fixed
  • The System time field in the station detail card is no longer off by user-browser-timezone-hours

Station changes

  • Faster detection if the station is online and is connected to the ICC server or not
  • Better initial deployment support, if station is not registered to an ICC, the network settings are editable by default
  • Report all station IP addresses to the ICC
  • SELinux cleanup, removing no longer necessary permissions
  • Improved screen keyboard by adding @ and reset keys to all views
  • Several minor GUI improvements to station views

Station fixes

  • Confirm-view was slightly larger than the screen, making it slightly movable in horizontal directions, fixed
  • Long USB serial messed up the view, this was a regression introduced again in 3.2, fixed.

Data Lock changes

  • Separate sftpd logging from the other logs
  • Tighter sftp security by improving chroot
  • Support for Network Flows depending on SSH Public key used

Scanner changes

  • The scanner engine has been rewritten in Golang and is now running all engines in parallel which speeds up most scans.

Below is a comparison of IMPEX release 3.2.2 and 3.3.0 with ClamAV, Eset, F-Secure, Ikarus and Yara activated. The time spent is in abstracted time units since we have multiple different hardware generations but the speed increase factor is at least 2x for all tests we have done.

number of files, size MB 3.2.2 3.3.0 speed increase
720, 40MB 1 0.36 180%
4, 1MB 1 0.15 570%
3480, 3100MB 1 0.35 190%

Security

Many of these are also covered under their respective areas

  • Dropped setuid bits from mount binaries in the Impex station
  • Configuration changes to sftp allowing better logging and better separation (chroot) for the Impex Data Lock
  • SELinux policy rewritten for more restrictive configuration

Documentation

  • The documentation has been made available on-line as part of the ICC installation. A new menu with all chapters of the ICC documentation is available when an administrator is logged in into the ICC.
  • ICC documentation got lots of minor edits and improvements to reflect new functionality. A new chapter on Data Lock views has been added.

Known issues

No known issues at this time.