submitting "exploits & malware"

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
dvk01
Junior Member
Posts: 80
Joined: 20 Feb 2010, 18:10

submitting "exploits & malware"

Post by dvk01 »

got a bayes medium detection today that is definitely an exploit but cannot submit via the CXS interface because it is in a zip
compressed file: revslider/V5rev.php [depth: 1]) Bayes exploit probability score [medium probability]
Original File md5sum d6365dfd71f0d2704f76330ab3b84765

Extracted PHP
MD5 827622aa39b891cb8d9c43f090efceae
SHA-1 91357d31683ce4c9a04ad86c8611cdbe0c6fd0b2
Error: File is not a script.You can only submit script exploit files, not binaries or defacements or injected html files, etc.
Obviously I cannot paste the code here so how can we submit these detections to get them added to CXS
Top
Firewalls4Life
Junior Member
Posts: 73
Joined: 21 Nov 2011, 18:43

Re: submitting "exploits & malware"

Post by Firewalls4Life »

Found this in the documentation:

I would just recommend you extract the zip and submit the file.

Maybe @ForumAdmin can request a future improvement where a sample can be submitted when it is inside an archive file.

Code: Select all

--wttw [file]
This option is available for submitting exploits to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. It will veryify that the script isn't normally detected as a Virus or Fingerprint.

If you want to include a short comment with the submission you can use the --comment "text" option. The text must by enclosed by either single or double quotes, otherwise the comment will be lost.

If you are submitting a false-positive for a fingerprint match, you must use --[no]force to skip the scan check.
Top
Post Reply

Return to “General Discussion (cxs)”