Changes:

• Include an example cPanel Account Suspend perl script for use with --script /etc/cxs/cpanelsuspend.pl


• Exploit fingerprint definitions database additions

ClamAV 0.96.2 has been released. 
This version brings a new PDF parser, performance and memory
improvements, and a number of bugfixes and minor enhancements. 

Changes:

• Always exit if ftp/cgi user is listed in a specified ignore file


• Disable pure-uploadscript if /etc/cxs/ftpddisable exists (in addition to /etc/ftpddisable)


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Added Server Check report check that klogd is running if using syslogd or that klog module is loaded if running rsyslogd


• Added Server Check report, checks for apache settings: TraceEnable, ServerSignature, ServerTokens and FileETag on cPanel servers


• Fixed ip6tables IPV6_SPI check warning for older kernels


• Added instruction to open outgoing TCP6 and UDP6 ports when using an older kernel for ip6tables


• IPv6 Final (no longer Beta)


• Added new option LT_SKIPPERMBLOCK. If LF_PERMBLOCK is enabled but you do not want this to apply to LT_POP3D/LT_IMAPD, then enable this option


• Added new option PT_USER_ACTION. If a PT_* event is triggered, then PT_USER_ACTION will be run in a child process and passed the PID(s) of the process(es)

Changes:

• Added new option --script [script] which runs an external script whenever a match is detected against a file. See documentation for more information


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Significant improvements to --decode [file]


• Increased LWP timeout to cater for servers with slow connections to the license server


• Added total Viruses and Fingerprint Matches to the --mail Subject


• Added total Fingerprint Matches to the --summary


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

If you are running the version 3+ of rsyslog then you may not be logging iptables kernel logs.

This will prevent investigation of iptables block issues and the csf Port Scan Tracking feature.

You need to check /etc/rsyslog.conf and ensure that the following line appears near the top of the configuration file:

$ModLoad imklog

If you have added that line, then you must then restart rsyslogd:

service rsyslog restart

Changes:

• New option CLUSTER_MASTER which is the IP of the master node in a cluster allowed to send CLUSTER_CONFIG changes. This must be set in order to use CLUSTER_CONFIG options


• Added new Cluster CLI option --cfile (-cf) for sending a file to cluster members. The file will only be uploaded to the /etc/csf/ directory


• Added new Cluster CLI option --crestart (-crs) to initiate a restart of csf and lfd on all cluster members


• Removed CLI option -ccr, --cconfigr [name] [value] in favour of the new --crs, --crestart option


• Modified regular expressions to cater for RFC3339 date format in log files. For example, RFC3339 date format used by default in rsyslog on CentOS v5.5

See ClamAV changelog:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.1

Changes:

• If ftp is disabled in cPanel do not start pure-uploadscript


• New --options [E]. This option will match scripts that send out email using sendmail, exim or via SMTP. This option requires that --options [m] is also specified


• Improvement to --decode [file] variable detection


• Improvements to various eval() regex matches


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions