Hi ConfigServer,
We've recently noticed that the function 'LF_SCRIPT_ALERT' stopped working across all of our servers (operate approximately 100 servers in total).
Stopped working on Thursday 3rd March 2015 (date in Australia at the time).
There's only a single thing on that date that I can see has changed with exim - see: https://documentation.cpanel.net/displa ... -1531+Exim
Please note the log_selector function is set to default by cPanel:
================================================================
log_selector = +arguments +subject +received_recipients
If you already use extended exim logging, then you need to either include
+arguments +received_recipients or use +all
================================================================
Our log_selector across all servers is:
+incoming_port +smtp_connection +all_parents -retry_defer +subject +arguments +received_recipients
I believe this issue may be somehow relative to the update pushed by cPanel.
LF_SCRIPT_ALERT Stopped Working
Re: LF_SCRIPT_ALERT Stopped Working
Hi CSF staff,
We have exactly the same problem!
Best regards.
We have exactly the same problem!
Best regards.
Script Alert Disabled on 2 Servers
Hello,
I used to receive a script alert path for any email sent but over the last 72 hours since i wanted to hire a sys to code a malware automatic removal, the alert are just gone.
I'm not sure how to fix this behavior.
It used to be enabled by default, but it suddenly changed.
These wordpress malwares are really ruining my days and if i don't have the path, it is a bit harder.
I used to receive a script alert path for any email sent but over the last 72 hours since i wanted to hire a sys to code a malware automatic removal, the alert are just gone.
I'm not sure how to fix this behavior.
It used to be enabled by default, but it suddenly changed.
These wordpress malwares are really ruining my days and if i don't have the path, it is a bit harder.
Re: Script Alert Disabled on 2 Servers
Here is what I used to receive :
Time: Sat Feb 27 21:11:41 2016 +0100
Path: '/home/potential/malware'
Count: 101 emails sent
Sample of the first 10 emails:
Time: Sat Feb 27 21:11:41 2016 +0100
Path: '/home/potential/malware'
Count: 101 emails sent
Sample of the first 10 emails:
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: LF_SCRIPT_ALERT Stopped Working
This is a problem with cPanel's EXIM since they implemented a fix for CVE-2016-1531. EXIM now always reports the path as / instead of the path to the script directory, i.e. cwd=/ instead of cwd=/some/script/path/
This is only something that cPanel can fix and we have reported it to them.
This is only something that cPanel can fix and we have reported it to them.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: LF_SCRIPT_ALERT Stopped Working
The end of the world is here right now 
.
Wordpress malware kingdom is wild opened.
.Wordpress malware kingdom is wild opened.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: LF_SCRIPT_ALERT Stopped Working
We have just be informed by cPanel that they have developed a workaround that will be released imminently for EXIM that should restore the functionality. Yay!
Re: LF_SCRIPT_ALERT Stopped Working
Oh well, doomsday was avoided thanks to you!
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: LF_SCRIPT_ALERT Stopped Working
Thanks to cPanel, they had already been working on the workaround.