CLEAN button in quarantine?

Post Reply
Sergio
Junior Member
Posts: 1719
Joined: 12 Dec 2006, 14:56

CLEAN button in quarantine?

Post by Sergio »

Hi Jonathan,
as always thanks for this great script that seems to be like the wine on time, every time is getting better, :D

Jonathan, could it be possible to have a CLEAN button that could repair a hacked file?

The CLEAN button could be associated with a file called CXS.CLEAN or with a form box where we could write the exact match of a particular code that we want to clean on one or more files at once, this will be a really nice addition to CXS and will save us a lot of time.

To elaborate a little bit further, this cleaning could be performed only in ascii files.

What you think?

Regards,

Sergio
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: CLEAN button in quarantine?

Post by chirpy »

I'll have a think about this, but it may really be outside of the responsibility that we want to keep cxs within.
aegis
Junior Member
Posts: 12
Joined: 31 Jan 2010, 00:13

Re: CLEAN button in quarantine?

Post by aegis »

Thread resurrection.

I was clearing up a site earlier and was thinking through the process.

I get an email with all the exploits/fingerprints/viruses etc but then cut out the filename from the email, paste in to a shell to view it and then I decide to either delete the file, quarantine it or edit it. Sometimes that's a lot of cutting/pasting.

Automating that process would be useful. So, could the email/report link to a web UI?

Each link in the report then opens the file in a web based text editor preferably with the exploit highlighted and the error message (Known exploit = [Fingerprint Match] [PHP Exploit [P0902]] etc). From there it's either edit and save, delete file or quarantine. Repeat for each exploit in the report.

Possible? Would this need changes to cxs or could a 3rd party pull in the logs?
Post Reply