New cxs v9.09

Changes:

  • Modified privilege drop code to use defapache user setting before trying “nobody”
  • Removed redundant code from features not implemented
  • Fixed UI weekly scan description
  • Updated UI to FontAwesome v5 (keeping v4 for cPanel versions < 70.29)

New cxs v9.07

Changes:

  • Added new option to cxsControl settings for statistics collection. This provides the ability to enable or disable the collection of statistical information for the cxsControl graphs. Existing and new installations will default to DISABLED to improve scanning performance
  • Database updates are now batch processed via cron (and when accessing the cxsControl UI) to improve scanning performance. The cronjob runs every 10 minutes from /etc/cron.d/cxsdb-cron
  • Added a check for Wnotify filechange to force flush the event buffer if it grows excessively
  • Modified –dbreport to be ignored if used in cxscgi.sh, cxsftp.sh and cxs Watch, updated docs to reflect the change

New cxs v9.06

Changes:

  • Added prevention routines to stop corrupt fingerprint and regex entries from being loaded
  • Reduced memory footprint when handling fingerprints
  • Reduced memory footprint of cxs Watch controlling process
  • Fixed issue with cxs installation/upgrade sometimes restarting cxs Watch whether it was running or not
  • Modified eval+use+module checks to use bundled Module::Installed::Tiny instead
  • Fixed perl memory leak when using regexes in cxs.ignore. This fix can significantly reduce the memory overhead of cxs processes, especially with cxs Watch and –allusers scans

cxs False Positives

We had a corrupt daily update of the cxs signatures that is causing problems for some users. If you are seeing a problem with detections, please do the following immediately:

rm -fv /etc/cxs/new.fp
cxs -U
service cxswatch restart

 

If you need to perform a bulk restore from quarantine due to this issue:

Depending on the location of your quarantine, the following should work:

find /home/quarantine/cxsuser/ -type f -exec cxs --qrestore {} \;

You will get messages about “Restore failed – Restore file not found” which you can ignore.
Note: The destination file must _not_ exist otherwise the restore for the file will fail.