Page 1 of 1

How to disable instant cxs email notifications

Posted: 24 Sep 2019, 17:18
by internetbug256
Hi there. This is my first post in this community.
I just got the very good cleanup service from Jacob performed on my server, and now I am getting 50+ emails per day about:

subject: cxs Scan on xxxx.mydomain..com (Hits:1) (Viruses:0) (Fingerprints:1)

I would like to either get a daily digest, or just suppress them. Is there any quick adjustment in the settings I can do?

Thanks

Re: How to disable instant cxs email notifications

Posted: 11 Sep 2020, 16:33
by ibumu
Hello. I need the same and I not found this option or some information on FAQs, can you help us?

Re: How to disable instant cxs email notifications

Posted: 11 Sep 2020, 21:34
by Sarah
There is no option for a daily digest, because the point of cxs watch is to alert you immediately when a suspicious file or exploit has been uploaded.

Cxs has two primary functions, as we recommend configuring it:

1) To automatically quarantine files that match as known viruses or exploits. We configure cxs to do this by default when we install it (unless requested to not do so).

2) To alert you to files or directories that are suspicious for one reason or another, but do not match as already known viruses or exploits. Some of the matches in this category will be exploits and therefore you should examine the file reported to determine whether or not it is an exploit.

If you are getting repeated reports for files that you know are not exploits, you can configure cxs to ignore them. Please see the cxs documentation for the "--ignore [file]" option as well as the file /etc/cxs/cxs.ignore or /etc/cxs/cxs.ignore.example.

It is not possible to configure cxs to scan for certain file types but not send an email if it detects them, as that would be pointless. If you do not want cxs to even scan for certain types of files or matches, then you can change the "--options" setting in your cxs command or script file (cxswatch.sh, cxsftp.sh, etc.). Please see the documentation for the various file types and how to configure the "--options" setting.

If you want cxs to continue scanning and have correctly configured it to quarantine all the types of matches that you are concerned about, but you don't want to receive any email alerts, simply remove the --mail option and its setting (--mail root by default) from the cxs command line in the relevant script file (i.e. cxswatch.sh for cxswatch scanning). Please note you should only do this if cxs is already configured to quarantine known exploits and viruses.

Regards,
Sarah