cPanel

New cxs v4.25

Changes:

  • Fingerprint P0452 removed as it appears some legitimate scripts are using the same obfuscation technique commonly used in exploits
  • BETA: Bayes corpus size decreased by a further 28% but with increased accuracy
  • Exploit fingerprint definitions database additions

 

New cxs v4.24

Changes:

  • BETA: Bayes corpus format improved – if you are using this feature, download the new corpus using “cxs –bget”
  • BETA: Bayes corpus memory footprint decreased by a further 20%
  • BETA: Bayes corpus loading speed improvements

 

New cxs v4.23

Changes:

  • Improvements to the main decoder regex
  • Improvements to decoder string extraction
  • Fixed formatting of –qlocal documentation
  • BETA: New Bayes corpus generated – if you are using thie feature, download the new corpus using “cxs –bget”
  • BETA: Bayes corpus size decreased by 25% but with increased accuracy
  • Exploit fingerprint definitions database additions

New cxs v4.22

Changes:

  • Added option –qlocal which provides quarantine support when using mod_ruid2 by storing quarantined files within a users account. See documentation for more information and caveats
  • BETA: Bayes learning improvements (speed, memory)
  • BETA: Bayes reporting improvements (speed, memory)
  • BETA: New Bayes corpus generated – if you are using thie feature, download the new corpus using “cxs –bget”
  • Improvements to PHP decoded script scanning efficiency

 

New cxs v4.21

Changes:

  • BETA: Bayes corpus loading speed improved by 100%
  • BETA: Bayes corpus memory footprint decreased by 20%
  • BETA: Increased minimum score size for Bayes reporting to help reduce false-positives

 

New cxs v4.20

Changes:

  • New option –[no]bayes (currently in BETA). Naive Bayesian probabability scanning of script files. This option uses an enhanced Naive Bayes algorithm to report a probability that a scanned script is an exploit. This is achieved through a trained corpus (database). See the cxs documentation for more details.
  • Additions to main decoder regex
  • Exploit fingerprint definitions database additions

 

New csf v7.03

Changes:

  • Added new option DROP_UID_LOGGING which allows UID logging to be disabled for outgoing connections. This option is enabled by default and can be disabled on OS’s that do not support –log-uid
  • Preupgrade copy of csf.conf now created in /var/lib/csf/backup/ for use with the csf –profile option
  • Updates to sanity.txt for new options
  • Modified DSHIELD blocklist URL from feeds.dshield.org/block.txt to www.dshield.org/block.txt for new and existing installs

 

New csf v7.02

Changes:

  • Make auto.pl scripts more resilient to avoid leaving an incomplete configuration file after upgrades
  • Improved output errors if FASTSTART fails
  • Ensure UNZIP binary exists before attempting to process GeoLite CSV Country database
  • Corrected FASTSTART description in Server Report check
  • Modified auto.pl to not automatically enable IPV6 on Virtuozzo/OpenVZ
  • Report all errors after csf starts in case they were missed in the main output

 

ClamAV 0.98.2 (withdrawn)

ClamAV have rather unceremoniously yanked their last update and deleted their blog posts and changelog for it. We’ve downgraded our installer to the previous version. People should probably downgrade back to 0.98.1 to avoid any issues.