ConfigServer Community Forum

Hello,

clamd daemon is running as the clam user (member of group clam)

/home/*/public_html folders permissions are set as 0750/drwxr-x---

As such, cxs/clamd is unable to scan any public_html folders/files for viruses.

- Should I set o+x to the public_html folders? (insecure)
- Should I add my clam user to the nobody group? (the public_html folders group is set to nobody)

Has anybody...

Hello,

Is it possible to create an scan for a reseller and it's users?
You can manual select the users but i would be nice if you can select and Reseller and when they at an user it will be automatic added the to scan (like it is i you choice for all the users).

Thank you!

I have a public_html directory that has Joomla in it and than two sub directories with Wordpress in each. When I run cxs I get the following notice.

Known exploit = [PHP Wordpress Exploit ]

This file is an error log from Joomla.

Should I just ignore this one file? Is there something better to do?

Thanks,
Steve

Hello, is possible to install CXS on a non-cPanel server? Just to scan files on a CentOS (or any Linux) server via shell. No need interface.

Hi folks,
Quarantine works well enough against the clamav stuff, though question.

If I know a hacker is uploading a particular script, like one with this text I've added to extras now:
regall:POST\

Is there a way to tell quarantine to auto quarantine files with my specific signatures as well?

Something like an Other Files -> etc/cxs/cxs.autoquarantine
option would sure be nice. Your...

Hi
Can i add new Fingerprint not included in cxs scanner so any one will upload that shell will be quarantined as others
thanks in advance.

Hi.

On Centos 7, I cant start cxs service.

-rwxr-xr-x. 1 root root 111 feb 25 14:08 /etc/cxs/cxswatch.sh*
Also try
-rwxr-----. 1 root root 111 feb 25 14:08 /etc/cxs/cxswatch.sh*

-- Subject: Unit cxswatch.service has begun start-up
-- Defined-By: systemd
-- Support:
--
-- Unit cxswatch.service has begun starting up.
mar 09 07:14:46 srv108.tamainut.net systemd : Failed at step EXEC spawning...

hello

my cpanel server ip changed
After changing the IP of the server and change the IP license
Shell can not remove cxs
Shell has already been removed in less than 1 second shell, but now run loose, but not deleted

please help me for solve this problem ...

thanks ,

I have reported excess process running on my VPS resulting in clamd and Mysql termination frequently.

My web host has advised following:
===========================================
It is advised that it would be preferable to uninstall ClamAV since CXS is already installed on the server. The working of both the applications is the same hence it is suggested to uninstall the ClamAV. We would...

Hi,
I recently installed CXS installed on my server.
I now have some unusual issues that I am trying to figure out if it is tied to CXS and if so, how I can make things work again.

On one of the websites I have a post form that I will be inputting into a textarea field XML data for processing. For some reason when I copy and paste the xml data straight into the form and submit, this is no...

Hello,

We want to know all options for use in cxs.template. Where to find documentation for this?

Options:

User Contact: ( this option not working )
We also want to know how to avoid sending the SCAN REPORT

Thanks!

I changed the primary IP for this web server and now cxs hascxs is not licensed for this server failed with this error message:
cxs is not licensed for this server

How do I update for the new IP?

RS

Hi,

I have three servers with cxs installed. None are showing auto update emails for cxs or csf, and all three reported this, this morning:

lfd on {srvername}: System Integrity checking detected a modified system file
From: root@{srvername}
To: root@{srvername}

Time:     Sun Nov  8 04:00:11 2015 -0600

The following list of files have FAILED the md5sum comparison test. This means that the...

I'm getting an issue with cxs it shows service is stopped even i have start the service and it shows:

#/etc/init.d/cxswatch start
Starting cxswatch daemon:Error: Another instance of cxswatch is running

# /etc/init.d/cxswatch status
Status of cxswatch daemon: Stopped

Is it possible to use cxs scanner without cpanel for other type of hosting servers?

Hello,

Please How to restore all quarantine files?

Thanks

Hello,

I am in badly need of getting two php files ignored from qurantain. i did the following steps. but still it qurantaines :(

1.
#touch /etc/cxs/cxs.ignore
#chmod 644 /etc/cxs/cxs.ignore

2.
#nano cxs.ignore

and added the two files to the bottom of the existing content

......
hdir:/etc
hdir:/mail
hdir:/tmp
hdir:/.cagefs
hdir:/.fantasticodata
hdir:/.rvsitebuilder
hdir:/.sqmaildata...

We are seeing dozens of emails every day alerting us to files being uploaded to /tmp by web scripts, some of which do not even exist. I am guessing that the bad guys are POSTing blindly, and the files are uploaded to /tmp until they are finished uploading, then when the script doesn't exist or handle the upload, the hack is failed and the bad guys move on.

Meanwhile, we have this malware file...

Hi there

May i know if there is a list or online database that provide more information on the type of exploit that is causing the files to be quaratined inside CXS ?

For example the exploit below P0966 is there more information to be found on the type of exploit it is, what it does etc ?

Reason: Known exploit = [PHP Wordpress Exploit ]

I realized that the function (W) world writable directory (777) and chmod to 755
stopped working. I discovered the problem after trying to fix permissions for an account, as I often do. To my surprise the files with 777 permissions were not detected nor mentioned in the log CSX.
I do not always when the problem started or what version. I'm currently using the version 5.30, and problem occurs on...