ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

CXS not ignoring directory that is on cxs.ignore file

https://mail.forum.configserver.com/viewtopic.php?t=13234

Page 1 of 1

CXS not ignoring directory that is on cxs.ignore file

Posted: 09 Sep 2024, 10:12
by UB_TRH
Hello,

I have a problem for about a month. Before everything was running ok but for about a month cxs daily and weekly scans didn't ignore the directories that are written in the cxs.ignore file.

The directories i am having trouble are directadmins user logs directories that are found at /home/<user_name>/domains/<domain_name>/logs

I have 2 line related for this in the cxs.ignore file:

Code: Select all

hdir:/domains/*/logs
hdir:/domains/*/logs/*
But for about a month i am getting emails from cxs daily and weekly scans like below:

Code: Select all

TimeStamp: Mon, 9 Sep 2024 00:12:37 +0300

(/usr/sbin/cxs --allusers --clamdsock /var/run/clamav/clamd.ctl --nodbreport --defapache webapps --doptions Mv --exploitscan --nofallback --filemax 0 --noforce --html --ignore /etc/cxs/cxs.ignore --mail aaa@bbb.net --options mMOLuSGchexdnZRD --noprobability --qoptions Mv --quarantine /home/_quarantine --quiet --sizemax 1000000 --smtp --ssl --nosummary --nosversionscan --timemax 30 --nounofficial --virusscan --vmrssmax 2000000 --waitscan 0 --Wmaxchild 3 --Wnotify inotify --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www --xtra /etc/cxs/cxs.xtra)

cxswatch Scanning /home/<user_name>/domains/<user_name>.com/logs/Sep-2024.tar.gz.1:

# Clamd Error for [SCAN /home/<user_name>/domains/<user_name>.com/logs/Sep-2024.tar.gz.1]: /home/<user_name>/domains/<user_name>.com/logs/Sep-2024.tar.gz.1: File path check failure: Permission denied. ERROR

'/home/<user_name>/domains/<user_name>.com/logs/Sep-2024.tar.gz.1'
(compressed file: <user_name>.com.error.log.1 [depth: 1]) Decode regex match = [decode regex: 1]
I've censored the username and email addresses.

What can i do for cxs to ignore these directories?
Any idea?

Re: CXS not ignoring directory that is on cxs.ignore file

Posted: 09 Sep 2024, 11:46
by Sarah
You cannot use wildcard characters for hdir. You can't use an asterisk by itself as a wildcard in any of the ignore lines, only as part of a regular expression with the keywords that allow it (the ones that start with p). I'd suggest you use pdir and build a regular expression that works. This might work:

Code: Select all

pdir:\/home\/.*\/domains\/.*\/logs\/
If it does not, go to a regular expression builder such as regex101.com and test some alternatives.

Re: CXS not ignoring directory that is on cxs.ignore file

Posted: 09 Sep 2024, 17:54
by UB_TRH
Hello, regex seems matched. I will try this night and will write the result. Thank you :)

Re: CXS not ignoring directory that is on cxs.ignore file

Posted: 11 Sep 2024, 05:31
by UB_TRH
It worked as below:

Code: Select all

pdir:/home/.*/domains/.*/logs/
Thank you again, i was getting lots of emails everyday
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited