General

New cxs v2.18

Changes:

  • Further improvements to Filetype detection

New cxs v2.17

Changes:

  • Added hdir:/quarantine_clamavconnector to the csf.ignore.example file
  • Improvements to php script detection where extension is not .php
  • Filetype detection speedups
  • Filetype differentiation between MS-DOS and MS Windows executables
  • Added new option –Wrefresh. To keep the cxs Watch daemon up to date, it will restart every 7 days by default. To change this interval, you can set B<--Wrefresh [days]>
  • Improvements to the decode regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.16

Changes:

  • Further improvements to the check for PHP code hidden in GIF image files for “hidden script file”, regex matching and decode scanning

New c

New cxs v2.14

Changes:

  • Improvements to the check for PHP code hidden in GIF image files for “hidden script file”, regex matching and decode scanning
  • Add link to the Changelog when cxs is upgraded
  • If an ignore file us used with cxs Watch daemon and the ignore file is modified, cxs Watch will reload the ignore file and restart the child processes. However, after making a large number of changes to the ignore file or if adding puser: or user: to the ignore file, the cxs Watch daemon should be manually restarted
  • Improved cxs Watch logging when suspicious file found and –Wloglevel set to 0
  • Exploit fingerprint definitions database additions

New csf v5.32

Changes:

  • AUTO_UPDATES enabled for new installations in csf.conf
  • Removed the JS LF_EXPLOIT_CHECK as it is no longer prevalent. If still set in csf.conf it will be ignored
  • Check MESSENGER service to ensure privileges are dropped before starting the daemon
  • Drop privileges when peforming removal during LF_DIRWATCH_DISABLE
  • For new installations, IPV6 enabled if IP6TABLES exists and an IPv6 address is found in the output from IFCONFIG. IPV6_SPI is set according to the kernel version (i.e. whether SPI is supported or not)

New cxs v2.13

Changes:

  • During cxs Watch startup default to the POSIX locale to avoid error message ambiguity for intotify from the kernel
  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.12

Changes:

  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.31

Changes:

  • Updated the LF_TRIGGER_PERM explaination in csf.conf to properly reflect the possible settings of LF_TRIGGER
  • Perform account name sanitisation checks in lfd

New cxs v2.11

Changes:

  • Further SECURITY improvements to Quarantine functionality
  • All cxs users should upgrade to this release immediately

New cxs v2.10

Changes:

  • Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue
  • All cxs users should upgrade to this release immediately