Custom ignore script
Posted: 16 Dec 2014, 13:45
Can I have cxs run a custom script before reporting or acting on a possible threat, so that the script itself can rule out false-positives or take action?
I've been getting a lot of useful hits on "social.png" files being uploaded via ftp. These are potentially dangerous, as they could be from the CryptoPHP malware. However, a simple check using the file command can tell me whether it's "PHP script text" or just harmless "PNG image data".
Now, it would be too much to ask the cxs team to perform these potentially complex checks, so allowing me to run a custom script would be great.
For example, the script would default to a 0 exit code, meaning "OK, report/act on the threat", but upon receiving exit code 1, cxs would understand "Ignore this, it's a false-positive/I've taken care of it".
Anyway I can do this already?
I've been getting a lot of useful hits on "social.png" files being uploaded via ftp. These are potentially dangerous, as they could be from the CryptoPHP malware. However, a simple check using the file command can tell me whether it's "PHP script text" or just harmless "PNG image data".
Now, it would be too much to ask the cxs team to perform these potentially complex checks, so allowing me to run a custom script would be great.
For example, the script would default to a 0 exit code, meaning "OK, report/act on the threat", but upon receiving exit code 1, cxs would understand "Ignore this, it's a false-positive/I've taken care of it".
Anyway I can do this already?