New cxs v9.07

Changes:

  • Added new option to cxsControl settings for statistics collection. This provides the ability to enable or disable the collection of statistical information for the cxsControl graphs. Existing and new installations will default to DISABLED to improve scanning performance
  • Database updates are now batch processed via cron (and when accessing the cxsControl UI) to improve scanning performance. The cronjob runs every 10 minutes from /etc/cron.d/cxsdb-cron
  • Added a check for Wnotify filechange to force flush the event buffer if it grows excessively
  • Modified –dbreport to be ignored if used in cxscgi.sh, cxsftp.sh and cxs Watch, updated docs to reflect the change

New cxs v9.06

Changes:

  • Added prevention routines to stop corrupt fingerprint and regex entries from being loaded
  • Reduced memory footprint when handling fingerprints
  • Reduced memory footprint of cxs Watch controlling process
  • Fixed issue with cxs installation/upgrade sometimes restarting cxs Watch whether it was running or not
  • Modified eval+use+module checks to use bundled Module::Installed::Tiny instead
  • Fixed perl memory leak when using regexes in cxs.ignore. This fix can significantly reduce the memory overhead of cxs processes, especially with cxs Watch and –allusers scans

cxs False Positives

We had a corrupt daily update of the cxs signatures that is causing problems for some users. If you are seeing a problem with detections, please do the following immediately:

rm -fv /etc/cxs/new.fp
cxs -U
service cxswatch restart

 

If you need to perform a bulk restore from quarantine due to this issue:

Depending on the location of your quarantine, the following should work:

find /home/quarantine/cxsuser/ -type f -exec cxs --qrestore {} \;

You will get messages about “Restore failed – Restore file not found” which you can ignore.
Note: The destination file must _not_ exist otherwise the restore for the file will fail.

New cxs v9.04

Changes:

  • Fixed spurious DBI error when rescanning a quarantine directory in the UI
  • When running/viewing scans or configurations through the UI, ensure any configured quarantine directory is created if missing

New cxs v9.00

Changes:

  • Added new –Wnotify [system]. This option specifies which filesystem notification API to use with cxs Watch. Defaults to [inotify]
  • Added EXPERIMENTAL support for RHEL v7.* fanotify and CloudLinux v7.* File Change API (direct and via SQLite API). See the cxs documentation for information, restrictions, requirements, advantages and disadvantages of each notification system
  • Modified Universal Decoder to run an all scripts, not just PHP