Custom ignore script

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
danbv
Junior Member
Posts: 8
Joined: 16 Dec 2014, 11:53

Custom ignore script

Post by danbv »

Can I have cxs run a custom script before reporting or acting on a possible threat, so that the script itself can rule out false-positives or take action?

I've been getting a lot of useful hits on "social.png" files being uploaded via ftp. These are potentially dangerous, as they could be from the CryptoPHP malware. However, a simple check using the file command can tell me whether it's "PHP script text" or just harmless "PNG image data".

Now, it would be too much to ask the cxs team to perform these potentially complex checks, so allowing me to run a custom script would be great.

For example, the script would default to a 0 exit code, meaning "OK, report/act on the threat", but upon receiving exit code 1, cxs would understand "Ignore this, it's a false-positive/I've taken care of it".

Anyway I can do this already?
danbv
Junior Member
Posts: 8
Joined: 16 Dec 2014, 11:53

Re: Custom ignore script

Post by danbv »

Oh great, I guess I found the answer searching for "ConfigServer Exploit Scanner – external perl script to run upon detection of a match" on Google (can't post URL here).

Come to think of it, I wish cxs would try a bit harder not to report false-positives, a file being called social.png hardly counts as something to feel threatened by, specially if it's just a PNG file.
danbv
Junior Member
Posts: 8
Joined: 16 Dec 2014, 11:53

Re: Custom ignore script

Post by danbv »

Apparently, --script doesn't allow for the script to communicate with cxs through exit codes, which is a real bummer.
Post Reply