ConfigServer Community Forum

I want to know what all the symbols mean which the process indicator is showing.

I found the following list but it looks like too old because I cannot find s or $ in it:

m = regex pattern match
M = fingerprint match
v = virus
O = socket
L = symlink
f = suspicious file
F = skipped directory with too many entries
S = SUID file
G = GUID file
c = core dump file
C = core dump file...

hello

i buy 2 licens cxs and install on my server
but cxs detection this file as virus
easy-digital-downloads/includes/process-download.php

and i must ignore this file on all cpanel users.

It is very difficult

i use this coment
file:home/*/public_html/wp-content/plugins/easy-digital-downloads/includes/process-download.php

* =all user

but I did not get a positive result

palse help me for...

I've recently added quarantine form cxsftp and enabled the service, but it seems that any PHP script that gets uploaded I'm notified.

Scanning FTP file...
Time : Thu, 15 Jun 2017 14:10:32 -0300
FTP user : webmaster@*******.***
FTP file : /home/*******/public_html/*******/page.php
FTP owner : ******* (882)
FTP file md5sum : *******
Remote IP : *******
Blocked : No
Deleted : No
Quarantined : No...

I keep getting this error when trying to start the daemon.. I have tried all the fixes on the net and in here.. but I still cant get that value to change.. I am using centos5...

Unable to start cxs Watch daemon: /proc/sys/fs/inotify/max_user_watches is set too low

I have tried changing the value via fs.inotify.max_user_watches = 65536 but I still get the above error...

Anybody have an idea...

I keep getting false positive for (cxswatch Scanning /home/user/public_html/wp-content/cache/supercache/www.userdomain.com).

I have already put (hdir:/public_html/wp-content/cache/supercache) in cxs.ignore and restarted the service.

I still keep seeing many email regarding the same false positive any help would be great.

Hello,

When httpd starts, I see the following error in my logs

httpd: Syntax error on line 223 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 55 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or...

I am getting a lot of exploits undetected by CXS on normal settings.
I have my sever set to bayes low for report & quarantine and am getting these quarantined. I am protected so aren't worried for me, but in the course of my work I am seeing a lot of newly exploited wordpress sites and no one has yet proved what exploit is allowing the sites to be used for distributing malware
I know they are...

Hello

First of all I am sorry for my poor english.

I am a server administrator and use DirectAdmin as a server manage solution for my clients and I am very interested about your ConfigServer eXploit Scanner (cxs) product, it looks very promise and probably will enchance security but... Is it possible to install and use CXS on a DirectAdmin server or if not yet are you planning to port this...

Hi,

I well read :

and applied exclusion of file : treeManagement.js

But this morning, is a real issue on so many accounts

Can you fix that as this file is nothing bad

Hello there

After updating to CxS v6.26, I started to experience a problem.

CxS can no longer detect many exploits that it can detect before. In particular, base64 exploits can not be caught in any way.

The same problem exists with the new/clean servers I have installed.

Although I selected all file types for trial purposes, base64 files can not detect anything.

Is there a bug in this...

How can I tell cxs to scan a list of files? It seems to accept only a single resource (file name or directory) on the command line.

I've tried entering more than one on the command line, but cxs only scans the first resource specified.

I've tried using the --xtra option on a file with a few file:/full/path/to/file entries, but cxs seems to ignore them completely and only scan the single file I...

I'm using the cPanel/WHM installation of ClamAV, and CXS can't seem to find the socket, even when I put the path to clamd in the cxs.defaults file.

I remember a while ago you had to uninstall the cPanel install and install ClamAV independently. Is that still the case?

I am seeing the error below when I go to ConfigServer eXploit Scanner in WHM:

Error trying to talk to ClamAV socket : Connection refused
You must install ClamAV (Clamavconnector on cPanel) or ensure clamd is running to use this product correctly

If the clamd socket is not automatically detected, and to clear this message, you must set clamdsock=/path/to/socket in /etc/cxs/cxs.defaults to the...

Hello
when i scan user in command i get this error:

Insecure dependency in chdir while running with -T switch at /usr/share/perl5/File/Find.pm line 876.

help?

Hi,

I'm hoping someone can help me determine what is being reported here... I have a default configuration of CXS, that was installed by configserver as part of the cPanel Server Service.

Scanning web upload script file...
Time : Mon Apr 20 06:13:19 2015 -0400
Web referer URL :
Local IP : 111.222.333.444
Web upload script user : nobody (99)
Web upload script owner: legitusername (600)
Web...

I'm getting a few log entries like this:

Sep 15 12:40:38 www cxswatch : WARNING: '/home/user/public_html/error_log' scanned 6 times in the last 30 seconds, you might want to ignore this resource

Any ideas what might cause this, or whether ignoring:
hfile:/public_html/error_log

is advisable for all? (Does cxs scan the log file?)

Thanks.

Anyone know why im getting Error: Bayes corpus not found errors?

My cxswatch.log contains lines with:

Oct 12 00:28:44 localhost cxswatch : TERM
Oct 12 00:28:44 localhost cxswatch : daemon stopped
Oct 12 00:28:44 localhost cxswatch : Startup...
Oct 12 00:28:44 localhost cxswatch : (/usr/sbin/cxs --allusers --baction high --bayes --breport medium --clamdsock /var/run/clamd.scan/clamd.sock...

I've started getting a report from chkservd multiple times per minute that our cxswatch service is down.

How can I troubleshoot this to see why it's crashing and fix it?

I can post the emailed report, if that helps.

I copied the example ignore file and renamed it cxs.ignore
and have added a rule in the file :

hdir:/public_html/wp-content/wflogs

but still in email i am getting this warning :

Aug 26 10:03:51 home cxswatch : WARNING: '/home/******/public_html/wp-content/wflogs/config.php' scanned 6 times in the last 30 seconds, you might want to ignore this resource
Aug 26 10:03:51 home cxswatch : Ignoring...