Changes:

• Added breakout if --decode [file] depth is > 250 to prevent looping


• Fixed problem with quarantine UI to cope with a trailing slash on the --quarantine [dir] statement


• Improved detection of the quarantine directory in UI


• Added DNS lookups on FTP IP address reports


• Allow the use of floating point numbers with --throttle [num]


• Added "Ignore" option for FTP quarantines files to Quarantine UI to add a file: ignore statement to a relevant ignore file if configured


• Added new options --jumpfrom [user] and --jumpto [user] for use with the --all option to perform scans of only those user between the two points, both of which are inclusive


• Added jumpfrom and jumpto to UI resource choice


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Fixed URL's in Server Check report for cPanel if Security Tokens are enabled in v11.25+


• Added ipv6 explanation that the information is determined from the output from ifconfig and display ipv6 addresses found


• Added the ability to use Include statements in csf.deny and csf.allow, see readme.txt for information and restrictions

Changes:

• Added new experimental options --decode [file] and --depth [num]. See the perldoc documentation for more information


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Modified FrontPage extensions check to be case-insensitive


• Use of --all --mail [email] and --nosummary will now only report suspicious accounts instead of all accounts. --report [file] will still contain the full report


• Updated cxs perldoc help


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Ignore csf.rignore for LT_POP3D and LT_IMAPD


• Removed unnecessary csf.locks during some GLOBAL list updates


• Updated Copyright notice


• Modified the block message for LF_MODSEC and LF_SUHOSIN to be more appropriate ( i.e. not "login failures" )


• Added new block options for BIND denied requests: LF_BIND, LF_BIND_PERM, BIND_LOG. This works in the same way as the other similar blocks, e.g. LF_SUHOSIN. It will block IP addresses that have had BIND (named) requests denied more than LF_BIND times in LF_INTERVAL seconds. Currently named client denied log lines for "update" and "zone transfer" trigger the option


• Modified GLOBAL_ routines to continue if retrieval for one fails instead of immediately exiting


• Added IPv6 check to Server Check


• Display DNS lookup results for IP addresses if CC_LOOKUPS is enabled on single line comments (lfd.log, csf.deny, etc)


• Added new options LF_PERMBLOCK_ALERT and LF_NETBLOCK_ALERT so that the respective email alerts can be disabled


• Updated IP::Country

Changes:

• New option (-X, --xtra [file]) to allow custom regular expression matches and filenames that cxs will additionally scan for


• Exploit fingerprint definitions database additions

There's a bug in SpamAssassin that the developers have yet to fix in sa_update that is causing problems since the turnover to 01/01/2010:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269

The bug causes every email sent since 01/01/2010 to receive a spam score of 3.19, whether it is spam or not.

If you're running our MailScanner package you can do the following to zero score that rule and alleviate the problem:

Changes:

• Modified hidden image text file to exclude most FrontPage extensions files


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Added Dovecot regex checking for LT_POP3D and LT_IMAPD


• Modified Server Check for Fedora v10 EOL now that Fedora v12 has been released


• Improved Dovecot IMAP and POP3D login failure regex


• Ignore RELAYHOSTS setting for LT_POP3D and LT_IMAPD


• Fixed TLSCipherSuite Server Check for proftpd


• Added SSHD regex for "Did not receive identification string from IP" failures

Changes:

• Added new check to suspicious file routine to detect text files hiding as image files


• Made file extension checks case-insensitive


• Exploit fingerprint definitions database additions