Changes:

- Use temporary files when performing a virus scan during --decode ([D])

- Change all clamd STREAM to SCAN scanning

- Use a robust routine for creating random temporary files during --options [Z] (scanning within archives)

- Exploit fingerprint definitions database additions



 

Changes:

- Allow a value of 0 for --Wrefresh which disables the functionality in the cxs Watch daemon

- Added new advanced PHP decoder for --decode ([D])

- Stop cxs Watch from following symlinks

- Exploit regex definitions database additions

- Exploit fingerprint definitions database additions





 

Changes:

- Modified upgrade warning for integrated UI to not use the DA warning text

- Validate local IP addresses

- Only check local IPv6 addresses if IPV6 is enabled in config

- Separate IPv4 from IPv6 ignore CIDRs due to Net::CIDR::Lite restrictions

- Improvements to ignore files IP address validation

- Add server check for PHP v5.2.* to the obsolete/security risk list

- Add server check for RedHat/CentOS v4.* and Fedora < v15 to the obsolete/security risk list

- Removed server checks for RLimitMEM/RLimitCPU

 

Changes:

- Added new advanced PHP decoders for --decode ([D])

- Change main cxs Watch process name during startup while still starting

- Exploit regex definitions database additions

- Exploit fingerprint definitions database additions

 

Changes:

- Only log Log Scanner in lfd.log if DEBUG set to 2 to allow empty reports if monitoring lfd.log

- Added new option LF_BOGON_SKIP. If you don't want BOGON rules applied to specific NICs, then list them in a comma separated list

- Added new option LF_CONSOLE_EMAIL_ALERT which will send an email if there is a root login to the server console. This is enabled by default

• Added two new advanced PHP decoders for --decode ([D])


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

• New feature - Log Scanner. This feature will send out an email summary of the log lines of each log listed in /etc/csf/csf.logfiles. All lines will be reported unless they match a regular expression in /etc/csf/csf.logignore


• Set LWP::UserAgent agent to "csf/[version]" instead of the default

• Modification to quarantine to ensure unique filenames


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

• Modified to remove cPanel process limits when run


• Modified from using backticks to open3


• Removed use of wget binary

• Fixed version module error in cPanel log


• cPanel v11.28+ now a requirement