First time ever CXS rule is not working, why?

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

First time ever CXS rule is not working, why?

Post by Sergio »

Hi, Sarah.
Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS?

InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working.

This is the code that I want to block:
<?php eval($_POST["ly"]);exit; ?>
(the letters inside brackets are random and can be upper and/or lower case.

All the rules are created (in CloudLinux) directory:
/home/domain/.cagefs/tmp

I have added the following rule in cxs.xtra:

Code: Select all

regall:quarantine:\<\?php eval\(\$_POST\["[a-zA-Z][a-zA-Z]"\]\);exit; \?\>
regex101 show the rule is working:
MATCH INFORMATION:
Match1 0-33 <?php eval($_POST["ly"]);exit; ?>
Could it be that CXS is not checking inside ".cagefs/tmp" ?

Thanks in advance for your inputs.

Regards,
Sergio
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: First time ever CXS rule is not working, why?

Post by Sarah »

Hi Sergio,

By default cxs will not scan files outside the users public_html directory, so unless you have disabled this limitation (by removing --www or unchecking the option in the wizards) then it will not be scanning those files at all.

Regards,
Sarah
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: First time ever CXS rule is not working, why?

Post by Sergio »

Ohhh, that is why.

Thought I was doing something wrong, thanks for telling, appreciated.

Best Regards,
Sergio
Post Reply