ConfigServer Community Forum

Hello,

New here, I apologize if this has been asked before. Tried searching the CXS subforum but couldn't find a similar thread.

I'm new to CXS, just got it ~2 weeks ago. I seem to be experiencing an odd one. CXS doesn't seem to pick up malware files after the server has rebooted, it only starts detecting them when I click restart CXS Watch from the ConfigServer eXploit Scanner section.

I've...

You must install ClamAV (Clamavconnector on cPanel) or ensure clamd is running to use this product correctly
If the clamd socket is not automatically detected, and to clear this message, you must set clamdsock=/path/to/socket in /etc/cxs/cxs.defaults to the live socket location

how to solve this.

I got an email with this message:

Scanning web upload script file...
Time : Mon, 16 Sep 2019 15:23:48 -0500
Web referer URL :
Local IP : 162.241.XXX.XXX
Web upload script user : nobody (99)
Web upload script owner: ()
Web upload script path : /home/FOLDERNAME/public_html/wp-content
Web upload script URL :
Remote IP : 202.104.9.163
Deleted : No
Quarantined : Yes

NOTE: does not exist on this...

hi guy

Currently, I receive reports from CXS, same as this screen :

I want to customize the report

Remove some changes, and reorder the order of the fields

Is it possible to modify or customize this report? How ? where?? which file to edit?

Hello everybody,

What is autodiscover.cgi up to?

How on earth can autodiscover.cgi upload a web file?

Scanning web upload script file...
Time : Fri, 11 Sep 2020 19:30:11 +0100
Web referer URL :
Local IP : 127.0.0.1
Web upload script user : nobody (99)
Web upload script owner: root (0)
Web upload script path : /usr/local/cpanel/cgi-sys/autodiscover.cgi
Web upload script URL :
Remote IP :...

Hi there. This is my first post in this community.
I just got the very good cleanup service from Jacob performed on my server, and now I am getting 50+ emails per day about:

subject: cxs Scan on xxxx.mydomain..com (Hits:1) (Viruses:0) (Fingerprints:1)

I would like to either get a daily digest, or just suppress them. Is there any quick adjustment in the settings I can do?

Thanks

Hello,

I transferred a suspicious file via FTP and I get this email error:

# Clamd Error for : Undefined path for Socket::pack_sockaddr_un at /usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/Socket.pm line 873.

Anyone had this issue ?

Server OS: CentOS 7
WHM Cpanel latest version v90.0.5

Hello,

I receive this error when scan detects suspicious files:

Quarantine disabled - Directory has > incorrect structure and should be recreated

This are the 3 directories inside: cxscgi cxsmon cxsuser

permissions:

drwxr-xr-x. 5 root root 4096 Sep 4 15:28 quarantine
drwx-wx---. 2 root nobody 4096 Sep 4 15:28 cxscgi
drw-------. 2 root root 4096 Sep 4 15:28 cxsmon
drw-------. 2 root root...

Hello,

I migrate my WHM Cpanel to another server. Is there any instruction on how to install cxs on WHM Cpanel and how to backup and and restore CXS ?

Thank you !

Hi,

Is it possible in cxs to send antivirus reports to the user directly ?

Thanks.

Hi,

I have CXS and ImmunifyAV+ both installed but I had to uninstall ClamAV.
I keep on getting mail now that ClamAV is required etc.

What to do in such case ?

Thanks in advance.

Hi there Folks

CXS is still a mystery to me so, while I'm slowing getting to grips with it being on our servers, could someone advise what to do with this?

.../public_html/accesson1.php] does not exist on this server. ModSecurity is still triggering cxs to scan the attempted uploading of potentially malicious data

I get these messages everyday from CXS from various of our servers. Do I...

Hello,

I need to clean the server of this file:

How to use xtra file to do it?
Thanks

Hello, 2 days ago the CXS started to send me more than 9000 messages/day from this user. Almost every minute I got a new message.

cxswatch Scanning /home/deangelispedro/public_html/eventoscris/wp-includes/css/wp-config.php:

'/home/deangelispedro/public_html/eventoscris/wp-includes/css/wp-config.php'
(quarantined to /home/quarantine/cxsuser/deangelispedro/wp-config.php.1591704356_1) Known...

Hi Guys,

Several of my fleet of VPS's has been performing weirdly lately. They're spread geographically and between different providers. All of my issues have gone away and server load has reduced as soon as CXSwatch and CXS were stopped. and they begin again after it is re-enabled.

I'm talking going from average 25% of 8 CPU cores and 8GB of ram to 98% for long periods of time across multiple...

Hi there, Folks

I'm new here so please treat me gently! :D

I have just recently had CXS installed on one of my cPanel servers - the idea being to test it and then if it works well, to purchase it for the other servers in our rack. However, the first problem I have come across is the inability of the transfer tool to work in cPanel. I have tried to copy an account from another of our cPanel...

The cXs Installer does not check for ClamAV before continuing. I think that the installer should check for ClamAV installation first, before continuing and then exit if it is not present with a warning to the user that it can't install until ClamAV has been installed first.

Hi,

I am looking for some added protection to make sure that if someone uploads a PDF it really is a PDF and that it is safe. PDF is one example, it could be one of many common file types. I am thinking that CXS could provide an added layer of protection by scanning a file as soon as it has been uploaded to the server from a form in a web application. It could then quarantine anything...

Hi,

Is it possible to exclude to scan any file extension? For example, my server has tons of pictures .png, .jpg,etc and that takes TBs of space and the things that get hacked are mostly .php and .ico files, can I exclude some extensions so the process take quite less time?

Hi,

I am getting too many of the following alerts:

Nov 14 12:10:08 srvurb01 cxswatch : Modified '/xxx/yyy/wp-content/temp-write-test-5dcd3610705490-77004072'
Nov 14 12:10:08 srvurb01 cxswatch : Deleted: '/xxx/yyy/wp-content/temp-write-test-5dcd3610705490-77004072'

And I can't get cxs.ignore to work them out.

would it be:
pfile:temp-write-test-.*

or others?

Thank you very much,