It would be great if I can avoid using file magic, because these days are many injected php script starts with PK for example, and CXS ignores it, based on the file magic. And they are spamming for example.
Is there any way to scan (and disable) any files which's md5sum is in the cxs.xtra? Now ignores it when the file magic tells it's an archive file (but with .php extension).
As title said, an regex / full text signature exclusion on cxs.ignore would be very nice.
Sample use case: you are on cPanel, you only have one ClamAV, you want to scan emails with specifics commercial signatures to detect spams, but these signatures trigger false positives on files.
Not having to move to a new page for all actions would be nice. It would also be easier and helpful if there was a way to delete multiple previous scan reports if logged in the database at a time. Even a little popup box to confirm.
may i make a sueestion,
you may create cpanel interface for ender users to scan or check file.
and more feature on whm,by the way,admin can view or make operation easier.
A user submitting the wrong login details to the mail service or htaccess login can easily result in their IP address being added to the CXS reputation list. Their access to the server will be blocked, and access to other servers using CXS reputation list.
When a user reports the problem, the first thing we do is search for & remove the IP address in CSF (as I presume most server admins will...
Managing many servers with CXS installed is great but can also generate a lot of false positive emails.
In the options of each scan, I would like to possibility to have more control over some email, for example:
Do not send emails if you have 0 hits, 0 viruses and 0 fingerprints: (Hits:0) (Viruses:0) (Fingerprints:0)
Do not report folder that are “Skipped – too many resources”
Do not...
for next CXS UI Revision we would like to critize the layout and efficiency needed when looking up in the CXS Control since CXS have very limited multi-tab detection without restarting from beginning.
In the CXS Control quarantined list, there is an icon like medical car beside the number list, we wanted that changed like old days to a + sign so that when it's clicked, it would show dropdown or...
Rather than using inotify watchers (which are expensive to setup) , if cxswatch is installed on cloudlinux version 7 then use their fchange kernel method
this will reduce server load setting up watchers, and enable cxswatch to start immediately without any of the 'hackery' that currently exists.
So I have CXS installed on a VPS. I tested using the IP Reputation feature on select lists. It caused the firewall to have problems, so I disabled IP Reputation. Disabling it does not remove the rules that it added to the IP tables, so I still have memory allocation problems. I'll get it resolved but it seems the GUI disable button should remove the rules added.
Hi Jonathan,
as always thanks for this great script that seems to be like the wine on time, every time is getting better, :D
Jonathan, could it be possible to have a CLEAN button that could repair a hacked file?
The CLEAN button could be associated with a file called CXS.CLEAN or with a form box where we could write the exact match of a particular code that we want to clean on one or more files...
It would be good to have the option to chmod and chattr a file as an alternative to quarantine. So remove all execution properties and make it uneditable
Id like to see a module worked up to send the cxs reports into a database table in WHMCS so that clients can login and look at the reports and also to fire off individual account scans without the need for them to login to WHM
We have a lot of managed server clients who we dont give root access to, both on physical and vps servers, and we have also had a number of resellers request this sort of...
With recently launch of ClamAV 0.99 with support for fanotify , I started some search about it.
The fanotify ( ) is another monitoring filesystem events API like the inotify but with some advantages:
It can recursively monitor the entire mount tree without having to mark each file/directory.
It can make access permission decisions, and the possibility to read or modify files before...
firstly I Love cxs so much with cpanel. but what about cxs plesk ? is there any plan cxs for plesk ?
You have to do because there isn't any other plugin like cxs . So save us :))
This is a feature request to be able to include additional configuration files in the cxs.ignore file.
The reason for this is so that we can manage 'cxs.ignore' with Puppet for example, but then include a file such as 'cxs.ignore.custom' for a per server customisable configuration.
You have this feature in CSF for csf.allow which is very useful there, I think it would add value to cxswatch as...
In the mail queue, I have the ability to search for messages with XX words and simply delete them. Its a fantastic tool!!
I would like to have the same ability for email already inside of the individual email boxes...
So if someone@mydomain . com has an inbox full of junk stuff, I can delete spam out of there via a keyword search.
It would also be helpful if I could do this for all the email...
Hi Chirpy,
a few days ago you included the change of 777 to 755 on directories and now it will be great if CXS could change on the fly, every time a scan is done, files like HTML, PHP, CGI, JPG, GIF or PNG to 644? Could this be done?
cxsWatch, in particular /etc/cxs/cxswatch.sh ignores the --logfile parameter so I can't put this logfile anywhere safe.
The result is that it always logs into /var/log/cxswatch.log
If the file is deleted, and the service restarted, it creates the file chmod 644. As /var/log/ is readable by all, isn't this a security issue? As a standard user of a centos machine running cpanel, I can view this...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum