General

New csf v5.34

Changes:

  • Improvement to dovecot account name sanitisation checks in lfd
  • Modified cronjobs for new installs to be compatible with anacron
  • Added new option CLUSTER_BLOCK which is enabled by default. This allows you to disable automatic sharing of lfd blocks around a csf cluster, e.g. if you only wish to use the CLUSTER option to share settings and manual blocks and allows
  • Added new option RT_ACTION. If an RT_* event is triggered, then if RT_ACTION contains the path to a script, it will be run in a child process and be passed a list of items (see csf.conf – for cPanel and DA only)
  • Fix to DYNDNS Advanced Allow/Deny Filters using pipe separator
  • Set permissions to 700 on *.sh, *.pl and *.php in /etc/csf/ instead of a blanket 600 of non-csf scripts

New cxs v2.20

Changes:

  • Fixed issue with MD5 setting via UI when saving to defaults
  • Improvements to regex validation to any specified –ignore or –xtra files
  • Improvements to decode regex
  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.33

Changes:

  • Add link to the Changelog when csf is upgraded
  • Extended urlget timeout to 300 seconds to help cope with the large MaxMind City Database download where enabled
  • Include cpdavd login failures for LF_CPANEL. Added port 2077 and 2078 to the cPanel block ports when LF_SELECT enabled
  • Disable ftp Server Check reports if ftp server disabled in cPanel
  • Added regex validation to any specified csf.pignore or csf.figonre entries to lfd
  • Updated cPanel tier checks to cope with old STABLE and DNSONLY releases and newer v11.30+
  • Improvement to account name sanitisation checks in lfd

New cxs v2.19

Changes:

  • Added regex validation to any specified –ignore or –xtra files
  • Added quarantine failure reason to messages
  • Improvements to –decode ([D]) option to no longer use temporary files
  • If [Fingerprint Match] found also perform a Virus Scan
  • Automatically ignore –quarantine [dir] during scans
  • Improvements to fingerprint matching
  • Added new option –MD5 to display a matched file md5sum. See docs for more information
  • Added new option md5sum: to –ignore [file]. See docs for more information
  • Added new option md5sum: to –xtra [file]. See docs for more information
  • Added new option “Ignore MD5” to cxs Quarantine UI for ftp, web and scan entries
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.18

Changes:

  • Further improvements to Filetype detection

New cxs v2.17

Changes:

  • Added hdir:/quarantine_clamavconnector to the csf.ignore.example file
  • Improvements to php script detection where extension is not .php
  • Filetype detection speedups
  • Filetype differentiation between MS-DOS and MS Windows executables
  • Added new option –Wrefresh. To keep the cxs Watch daemon up to date, it will restart every 7 days by default. To change this interval, you can set B<--Wrefresh [days]>
  • Improvements to the decode regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.16

Changes:

  • Further improvements to the check for PHP code hidden in GIF image files for “hidden script file”, regex matching and decode scanning

New c

New cxs v2.14

Changes:

  • Improvements to the check for PHP code hidden in GIF image files for “hidden script file”, regex matching and decode scanning
  • Add link to the Changelog when cxs is upgraded
  • If an ignore file us used with cxs Watch daemon and the ignore file is modified, cxs Watch will reload the ignore file and restart the child processes. However, after making a large number of changes to the ignore file or if adding puser: or user: to the ignore file, the cxs Watch daemon should be manually restarted
  • Improved cxs Watch logging when suspicious file found and –Wloglevel set to 0
  • Exploit fingerprint definitions database additions

New csf v5.32

Changes:

  • AUTO_UPDATES enabled for new installations in csf.conf
  • Removed the JS LF_EXPLOIT_CHECK as it is no longer prevalent. If still set in csf.conf it will be ignored
  • Check MESSENGER service to ensure privileges are dropped before starting the daemon
  • Drop privileges when peforming removal during LF_DIRWATCH_DISABLE
  • For new installations, IPV6 enabled if IP6TABLES exists and an IPv6 address is found in the output from IFCONFIG. IPV6_SPI is set according to the kernel version (i.e. whether SPI is supported or not)