cxs

New cxs v5.31

Changes:

  • Ensure only root can attempt to download the bayes corpus
  • Fixed POD reference to –bforget
  • Fixed POD formatting of long example commands
  • Updated Software Version Checking
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v5.30

Changes:

  • Modify cPanel install.txt to add the ConfigServer ModSecurity Vendor option
  • Added new advanced PHP decoders
  • Exploit fingerprint definitions database additions

cxs and ModSecurity v2.9

If you are using ModSecurity v2.9 with Apache you will need to add an extra ModSecurity directive to the cxs upload scanning rule for it to function as ModSecurity have changed the way that the @inspectFile function works:

SecUploadKeepFiles RelevantOnly

On a cPanel server this means that you need to edit:

/usr/local/apache/conf/modsec2.user.conf

and add the line above after the cxs ModSecurity rule and then restart httpd.

New cxs v5.29

Changes:

  • Modified documentation to address changes in ModSecurity v2.9 that requires the following is set as part of the ModSecurity config:
    SecUploadKeepFiles RelevantOnly
  • Exploit fingerprint definitions database additions

New cxs v5.28

Changes:

  • Added new option –[no]ssl. When enabled (the default) all cxs URL functions, such as updating, bayes corpus retrieval and license checking will be done over an SSL connection to ConfigServer servers
  • Added /var/run/clamd.scan/clamd.sock as another default clamd socket location for –clamdsock [socket]
  • Added unsupported option –YSKIPCGI. See POD for more information
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v5.27

Changes:

  • Fixed call for the now removed cxswatch.pm from –Wstop

New cxs v5.26

Changes:

  • Added /scripts/postftpup to restart pure-uploadscript after an ftp server upgrade

New cxs v5.25

Changes:

  • Trigger pure-uploadscript restart

New cxs v5.24

Changes:

  • Added new advanced PHP decoders
  • Exploit fingerprint definitions database additions

New cxs v5.23

Changes:

  • Added the ability to use positive –options [+][], i.e. the default list of options is used in addition to those listed when prefixed with a plus
  • Improvements to –decode ([D])
  • Added atime, ctime and mtime to newly quarantined file descriptions viewable from the UI and the CLI via –qview [file].restore4
  • Ensure /var/log/cxswatch.log ownership and permissions are set on each update in case of rotation
  • File md5sum added to cgi and ftp alert email