ConfigServer Community Forum

I am getting a lot of exploits undetected by CXS on normal settings.
I have my sever set to bayes low for report & quarantine and am getting these quarantined. I am protected so aren't worried for me, but in the course of my work I am seeing a lot of newly exploited wordpress sites and no one has yet proved what exploit is allowing the sites to be used for distributing malware
I know they are...

Hello

First of all I am sorry for my poor english.

I am a server administrator and use DirectAdmin as a server manage solution for my clients and I am very interested about your ConfigServer eXploit Scanner (cxs) product, it looks very promise and probably will enchance security but... Is it possible to install and use CXS on a DirectAdmin server or if not yet are you planning to port this...

Hi,

I well read :

and applied exclusion of file : treeManagement.js

But this morning, is a real issue on so many accounts

Can you fix that as this file is nothing bad

Hello there

After updating to CxS v6.26, I started to experience a problem.

CxS can no longer detect many exploits that it can detect before. In particular, base64 exploits can not be caught in any way.

The same problem exists with the new/clean servers I have installed.

Although I selected all file types for trial purposes, base64 files can not detect anything.

Is there a bug in this...

How can I tell cxs to scan a list of files? It seems to accept only a single resource (file name or directory) on the command line.

I've tried entering more than one on the command line, but cxs only scans the first resource specified.

I've tried using the --xtra option on a file with a few file:/full/path/to/file entries, but cxs seems to ignore them completely and only scan the single file I...

I'm using the cPanel/WHM installation of ClamAV, and CXS can't seem to find the socket, even when I put the path to clamd in the cxs.defaults file.

I remember a while ago you had to uninstall the cPanel install and install ClamAV independently. Is that still the case?

I am seeing the error below when I go to ConfigServer eXploit Scanner in WHM:

Error trying to talk to ClamAV socket : Connection refused
You must install ClamAV (Clamavconnector on cPanel) or ensure clamd is running to use this product correctly

If the clamd socket is not automatically detected, and to clear this message, you must set clamdsock=/path/to/socket in /etc/cxs/cxs.defaults to the...

Hello
when i scan user in command i get this error:

Insecure dependency in chdir while running with -T switch at /usr/share/perl5/File/Find.pm line 876.

help?

Hi,

I'm hoping someone can help me determine what is being reported here... I have a default configuration of CXS, that was installed by configserver as part of the cPanel Server Service.

Scanning web upload script file...
Time : Mon Apr 20 06:13:19 2015 -0400
Web referer URL :
Local IP : 111.222.333.444
Web upload script user : nobody (99)
Web upload script owner: legitusername (600)
Web...

I'm getting a few log entries like this:

Sep 15 12:40:38 www cxswatch : WARNING: '/home/user/public_html/error_log' scanned 6 times in the last 30 seconds, you might want to ignore this resource

Any ideas what might cause this, or whether ignoring:
hfile:/public_html/error_log

is advisable for all? (Does cxs scan the log file?)

Thanks.

Anyone know why im getting Error: Bayes corpus not found errors?

My cxswatch.log contains lines with:

Oct 12 00:28:44 localhost cxswatch : TERM
Oct 12 00:28:44 localhost cxswatch : daemon stopped
Oct 12 00:28:44 localhost cxswatch : Startup...
Oct 12 00:28:44 localhost cxswatch : (/usr/sbin/cxs --allusers --baction high --bayes --breport medium --clamdsock /var/run/clamd.scan/clamd.sock...

I've started getting a report from chkservd multiple times per minute that our cxswatch service is down.

How can I troubleshoot this to see why it's crashing and fix it?

I can post the emailed report, if that helps.

I copied the example ignore file and renamed it cxs.ignore
and have added a rule in the file :

hdir:/public_html/wp-content/wflogs

but still in email i am getting this warning :

Aug 26 10:03:51 home cxswatch : WARNING: '/home/******/public_html/wp-content/wflogs/config.php' scanned 6 times in the last 30 seconds, you might want to ignore this resource
Aug 26 10:03:51 home cxswatch : Ignoring...

Hi,

CXSwatch seems to have stopped sending emails across a number of servers in the last few days, I want to do some testing - is there a test exploit script that will trigger it?

Thanks,

Jacob

Hello,

I would like to disable notification emails from CXS, how can one do that?
cxs Scan on panel.uhlhosting.ch (Hits:0) (Viruses:0) (Fingerprints:0)

Hello ,

We are trying to update CXS to the latest version .But when we try to update the cxs using the command #cxs -u it gives the following error :

=====================
Failed: Unable to download: 404 - Not Found
====================

We have tried using --force but still the issue persists .

Hello,

today when i try to run the scanner in my WHM i got this error

Unable to connect to clamd, virus scanning disabled

any help avaiable?

thks

I'm curious as to why CXS flags as outdated the current version of Joomla, and states that Joomla 3.6 is the current version. Joomla 3.6 is still in Release Candidate stage.

All the twentyfourteen in my server are detected as exploit.

Is true?

Content of the file

cxs : - Suspected exploit file

/**
* Twenty Fourteen Featured Content admin behavior: add a tag suggestion
* when changing the tag.
*/
/* global ajaxurl:true */

jQuery( document ).ready( function( $ ) {
$( '#customize-control-featured-content-tag-name input' ).suggest( ajaxurl +...