cPanel

New cxs v1.16

Changes:

  • Removed spurious “set to skip” message text
  • Added ” (Hits:nn)” to the Subject line of email reports
  • Added new option –ulist [file] for use with the –all option to perform scans of only those users listed in [file]
  • Regex scanning improvements
  • Disable default deep scanning on FTP and web script uploads to help avoid false-positives. If you want to continue deep scanning add –deep to cxsftp.sh and/or cxscgi.sh
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

Virus Scanner problem causes MailScanner to stop processing

In the latest version of MailScanner (v4.79.11) if MailScanner cannot find the virus scanner it will stop processing mail completely and no mail will be delivered. If your virus scanner stops working, you will see the following message in your maillog:”Virus Scanning: No virus scanners worked, so message batch was abandoned and re-tried!”If you have this issue and want to get mail flowing again while you investigate the clamd issue, see this FAQ: http://www.configserver.com/techfaq/index.php?faqid=84

New MailScanner Front-End (MSFE) v4.30

Changes:

  • Include clamd init script which will be copied and initialised if missing from /etc/init.d/ and clamd exists in /usr/local/sbin/clamd on entry into WHM UI. (init script copy in /usr/mscpanel/clamd)
  • Include clamd init script on ClamAV upgrade in UI
  • Set clamd init script ulimit to 100M to cope with increasing virus database sizes
  • Updated cPanel UI front-end display

New cxs v1.15

Changes:

  • Added breakout if –decode [file] depth is > 250 to prevent looping
  • Fixed problem with quarantine UI to cope with a trailing slash on the –quarantine [dir] statement
  • Improved detection of the quarantine directory in UI
  • Added DNS lookups on FTP IP address reports
  • Allow the use of floating point numbers with –throttle [num]
  • Added “Ignore” option for FTP quarantines files to Quarantine UI to add a file: ignore statement to a relevant ignore file if configured
  • Added new options –jumpfrom [user] and –jumpto [user] for use with the –all option to perform scans of only those user between the two points, both of which are inclusive
  • Added jumpfrom and jumpto to UI resource choice
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v4.88

Changes:

  • Fixed URL’s in Server Check report for cPanel if Security Tokens are enabled in v11.25+
  • Added ipv6 explanation that the information is determined from the output from ifconfig and display ipv6 addresses found
  • Added the ability to use Include statements in csf.deny and csf.allow, see readme.txt for information and restrictions

New cxs v1.14

Changes:

  • Added new experimental options –decode [file] and –depth [num]. See the perldoc documentation for more information
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.13

Changes:

  • Modified FrontPage extensions check to be case-insensitive
  • Use of –all –mail [email] and –nosummary will now only report suspicious accounts instead of all accounts. –report [file] will still contain the full report
  • Updated cxs perldoc help
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.12

Changes:

  • New option (-X, –xtra [file]) to allow custom regular expression matches and filenames that cxs will additionally scan for
  • Exploit fingerprint definitions database additions

SpamAssassin FH_DATE_PAST_20XX 0.0 rule bug

There’s a bug in SpamAssassin that the developers have yet to fix in sa_update that is causing problems since the turnover to 01/01/2010:https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269The bug causes every email sent since 01/01/2010 to receive a spam score of 3.19, whether it is spam or not.If you’re running our MailScanner package you can do the following to zero score that rule and alleviate the problem:

echo score FH_DATE_PAST_20XX 0.0 >> /etc/mail/spamassassin/configserver.cf