How to block suspicous files from being uploaded
Posted: 12 Nov 2009, 10:26
There are two files that you need to modify to allow blocking:
For FTP: /etc/cxs/cxsftp.sh
For Web Scripts: /etc/cxs/cxscgi.sh
1. If you simply want to delete suspicious uploads, add the --delete switch to cxsftp.sh and/or cxscgi.sh
2. If you want to quarantine files, then you need to pre-create the quarantine directory, e.g.:
mkdir /home/quarantine
chmod 1777 /home/quarantine
Then you need to add the --quarantine /home/quarantine switch to cxsftp.sh and/or cxscgi.sh
If you only want to quarantine viruses and fingerprint matching uploads add --quarantine /home/quarantine --qoptions vM switch to cxsftp.sh and/or cxscgi.sh
3. If you want to prevent any type of script being uploaded (e.g. through a web upload script) then you need to modify /etc/cxs/cxscgi.sh and the switch --options together with a list of the checks you want to be performed, including T. For example to perform all tests use --options mMOLfSGcChexdnwT
You should then test the configuration using the test files in /etc/cxs/test/ as explained in /etc/cxs/install.txt
For FTP: /etc/cxs/cxsftp.sh
For Web Scripts: /etc/cxs/cxscgi.sh
1. If you simply want to delete suspicious uploads, add the --delete switch to cxsftp.sh and/or cxscgi.sh
2. If you want to quarantine files, then you need to pre-create the quarantine directory, e.g.:
mkdir /home/quarantine
chmod 1777 /home/quarantine
Then you need to add the --quarantine /home/quarantine switch to cxsftp.sh and/or cxscgi.sh
If you only want to quarantine viruses and fingerprint matching uploads add --quarantine /home/quarantine --qoptions vM switch to cxsftp.sh and/or cxscgi.sh
3. If you want to prevent any type of script being uploaded (e.g. through a web upload script) then you need to modify /etc/cxs/cxscgi.sh and the switch --options together with a list of the checks you want to be performed, including T. For example to perform all tests use --options mMOLfSGcChexdnwT
You should then test the configuration using the test files in /etc/cxs/test/ as explained in /etc/cxs/install.txt