ConfigServer Community Forum

How do I change the email address attached to my CXS license ?​

got a bayes medium detection today that is definitely an exploit but cannot submit via the CXS interface because it is in a zip
compressed file: revslider/V5rev.php ) Bayes exploit probability score
Original File md5sum d6365dfd71f0d2704f76330ab3b84765

Extracted PHP
MD5 827622aa39b891cb8d9c43f090efceae
SHA-1 91357d31683ce4c9a04ad86c8611cdbe0c6fd0b2

Error: File is not a script.You can only...

Hello, for the past weeks my server loads have been high and my datacenter tells me clamav is very active and it's called by cxs .

I have CLOUDLINUX 6.9 x86_64 standard, WHM 62.0 (build 21), CXS v6.35, and my loads are 4.99 5.93 5.45 for example.

I don't know what happened but clamav process is consuming very very cpu and memory.

Pid 492707
Owner root
Priority 0
CPU % 122.92
Memory % 1.76...

I am getting over 800 emails a day about how CXSWATCH is failing to start.

If I stop the service, will the scans I am getting emailed about stop?

And will it make CXS useless?

Thank you.

Aloha,

I recently purchased the ConfigServer cPanel setup package, and have now noted a ClamAV Logwatch error regarding it being outdated.

I've followed the instructions listed within the body of the email, and the update process states the package is not installed.

# yum update clamav
Loaded plugins: fastestmirror, rhnplugin, universal-hooks
This system is receiving updates from CLN....

I started getting this FAILED ⛔: cxswatch email last night and has been sending non stop for the last 5 hours.

I looked into upgrading CXS from cxs: v9.15 to v9.16 but when I try through WHM, I am getting Modification of non-creatable array value attempted, subscript -1 at /usr/sbin/cxs line 233.

Any assistance will be much appreciated. Thanks!

Hi, I have installed the script in my WHM Linux Server.

How do I scan malware and virus inside a specific /home/user using WHM interface? I can´t find it

Thanks,
Francisco

Hi, I'm not sure what the CXS_ALL firewall rule (filter) is doing but it appears for blocked IP's in CSF/LFD and when I attempt to unblock, it unblocks the IP in LFD but the CXS_ALL filter remains.

The only way to override the rule is to white-list the IP.

1) What is this filter?
2) Is there any easy way unblock IP's in this list?

Thanks,

Ian

Hello,

I need a weekly scan with notification to my email, but not email notifications for cPanel users. For this I am using this cron and this template:

cat /etc/cron.weekly/cxs_complete_weekly

/usr/sbin/cxs --nosversionscan --bayes --breport high --options -wW \
--Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300 \
-Q /home/quarantine -I /etc/cxs/cxs.ignore --xtra...

Hello,
In the previous versions there is the option to automatically change the permissions 777 to 755, could you put that option back?

Hello,

In my daily scan I use the following crontab:

/usr/sbin/cxs -mail ###@#####.## --exp --novir -o mMOSGchdnD -Z --sum -T 5 -all --ignore /etc/cxs/cxs.ignore

for some reason in more than a dozen servers I received today about 50-200 hits per server with the following reason:

# Regular expression match = :
'/home/USERNAME/public_html/cp2/libraries/pear/archive_tar/Archive_Tar.php'

I...

Hello,

Each time I disable the Email configuration via your WHM command wizard UI (for watch and daily/weekly cron), the setting is saved but upon returning to the wizard the option is checked again which would result in the option being enabled when reconfiguring the command.

Generated command/config showing email is disabled:

Wizard, after returning to it when previously disabling the email...

Hello,

I wanted to know if there is a way to not send CXS's results via mail. Even when I don't use --mail reports are sent anyways.

I am scanning lots of accounts and I don't need to receive an email for each one of them. I only need those report stored in a file, so I can read it when if I need to.

Thanks.-

As of today I am getting hundreds of Hit emails out of the blue regarding the Wordpress plugin file:

'/wp-content/uploads/sucuri/sucuri-settings.php'

(quarantined to /home/quarantine/cxsuser/ /sucuri-settings.php.1521654621_1) Known exploit =

The quarantined file contains the following file contents:

{ sucuriscan_lastlogin_redirection : enabled , sucuriscan_revproxy : disabled }

Perhaps...

So my issue is the following:

In CXS 8 the very first option is:

What to scan:
If scanning a user, only scan within in the web root (e.g. ~user/public_html/)

Now, WHM Teak Settings has:

Restrict document roots to public_html which we have set to Disabled on all 25 production servers.

Which means that Addon Domains are created in /home/user/wordpress2 instead of...

I get an alert on every file that is uploaded - T option is not enabled/checked on either FTP or Regular scan.

Example
Scanning /home/XXXXX/public_html/hosting/modules/support/Zendesk/class.jwt.php:

(/usr/sbin/cxs --baction high --bayes --breport medium --clamdsock /var/clamd --nodbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --mail root...

Awesome sounding new features!

Hi
1-I purchased cxs scanner and every time i do manual scan to all of my whm account after the scan does finish i see that some of my whm account was deleted without my permission.what shoud i do to prevent delet my whm account?
next question is that i have phishing in my server but cxs doesn't detect and remove theme and i receive abuse from datacenter every day
thanks

Getting lots of what appear to be false positives on the WordPress file:
default-widgets.php
since the WordPress 4.9.1 update.

as:
ClamAV detected virus =

Anyone else noticing this as well?

Thanks all!

Hello guys,

I have a server where CXS is installed, but when I try to run a manual scan it doesn't actually scan any files. It goes through all folders and that's it.

Here's what's happening:

# /usr/sbin/cxs --baction high --bayes --breport medium --clamdsock /var/clamd --deep --defapache nobody --report /var/log/cxs.scan --logfile /var/log/cxs.log --doptions Mv --exploitscan --fallback...