First time ever CXS rule is not working, why?
Posted: 16 Dec 2023, 12:39
Hi, Sarah.
Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS?
InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working.
This is the code that I want to block:
All the rules are created (in CloudLinux) directory:
/home/domain/.cagefs/tmp
I have added the following rule in cxs.xtra:
regex101 show the rule is working:
Thanks in advance for your inputs.
Regards,
Sergio
Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS?
InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working.
This is the code that I want to block:
(the letters inside brackets are random and can be upper and/or lower case.<?php eval($_POST["ly"]);exit; ?>
All the rules are created (in CloudLinux) directory:
/home/domain/.cagefs/tmp
I have added the following rule in cxs.xtra:
Code: Select all
regall:quarantine:\<\?php eval\(\$_POST\["[a-zA-Z][a-zA-Z]"\]\);exit; \?\>
Could it be that CXS is not checking inside ".cagefs/tmp" ?MATCH INFORMATION:
Match1 0-33 <?php eval($_POST["ly"]);exit; ?>
Thanks in advance for your inputs.
Regards,
Sergio