Hi, i'm getting tens of thousands emails per month from cxs and the subject for most of them is in the form of :
cxs on server.server.com (Hits:1)(Viruses:0)(Fingerprints:0)
Is there a way to get this reports only when a virus is detected ?
The command that is shown in the email body is :
(/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --noforce --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRru --qoptions Mv --quarantine /quarantine/files --quiet --report /var/log/cxs.scan --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)
Is there any flag i can use?
Thank you in advance,
cxs email reports question
Re: cxs email reports question
Cxs has two primary actions, as we recommend configuring it:
1) To automatically quarantine files that match as known viruses or exploits. It looks like you have configured this already.
2) To alert you to files or directories that are suspicious for one reason or another, but do not match as already known viruses or exploits. Some of the matches in this category may actually be exploits and therefore you should examine the file reported to determine whether or not it is an exploit.
If you are getting repeated reports for files that you know are not exploits, you can configure cxs to ignore them. Please see the cxs documentation for the "--ignore [file]" option as well as the file /etc/cxs/cxs.ignore or /etc/cxs/cxs.ignore.example.
It is not possible to configure cxs to scan for certain file types but not send an email if it detects them, as that would be pointless. If you do not want cxs to even scan for certain types of files or matches, then you can change the "--options" setting in your cxs command or script file (cxswatch.sh, cxsftp.sh, etc.). Please see the documentation for the various file types and how to configure the "--options" setting.
1) To automatically quarantine files that match as known viruses or exploits. It looks like you have configured this already.
2) To alert you to files or directories that are suspicious for one reason or another, but do not match as already known viruses or exploits. Some of the matches in this category may actually be exploits and therefore you should examine the file reported to determine whether or not it is an exploit.
If you are getting repeated reports for files that you know are not exploits, you can configure cxs to ignore them. Please see the cxs documentation for the "--ignore [file]" option as well as the file /etc/cxs/cxs.ignore or /etc/cxs/cxs.ignore.example.
It is not possible to configure cxs to scan for certain file types but not send an email if it detects them, as that would be pointless. If you do not want cxs to even scan for certain types of files or matches, then you can change the "--options" setting in your cxs command or script file (cxswatch.sh, cxsftp.sh, etc.). Please see the documentation for the various file types and how to configure the "--options" setting.