cxs

New cxs v4.24

Changes:

  • BETA: Bayes corpus format improved – if you are using this feature, download the new corpus using “cxs –bget”
  • BETA: Bayes corpus memory footprint decreased by a further 20%
  • BETA: Bayes corpus loading speed improvements

 

New cxs v4.23

Changes:

  • Improvements to the main decoder regex
  • Improvements to decoder string extraction
  • Fixed formatting of –qlocal documentation
  • BETA: New Bayes corpus generated – if you are using thie feature, download the new corpus using “cxs –bget”
  • BETA: Bayes corpus size decreased by 25% but with increased accuracy
  • Exploit fingerprint definitions database additions

New cxs v4.22

Changes:

  • Added option –qlocal which provides quarantine support when using mod_ruid2 by storing quarantined files within a users account. See documentation for more information and caveats
  • BETA: Bayes learning improvements (speed, memory)
  • BETA: Bayes reporting improvements (speed, memory)
  • BETA: New Bayes corpus generated – if you are using thie feature, download the new corpus using “cxs –bget”
  • Improvements to PHP decoded script scanning efficiency

 

New cxs v4.21

Changes:

  • BETA: Bayes corpus loading speed improved by 100%
  • BETA: Bayes corpus memory footprint decreased by 20%
  • BETA: Increased minimum score size for Bayes reporting to help reduce false-positives

 

New cxs v4.20

Changes:

  • New option –[no]bayes (currently in BETA). Naive Bayesian probabability scanning of script files. This option uses an enhanced Naive Bayes algorithm to report a probability that a scanned script is an exploit. This is achieved through a trained corpus (database). See the cxs documentation for more details.
  • Additions to main decoder regex
  • Exploit fingerprint definitions database additions

 

New cxs v4.19

Changes:

  • Additions to main decoder regex
  • Modified option –template [file]. You can now use this to email the end user when performing –allusers and –user [user] scans. See the cxs Documentation for –template [file] for more information
  • Output improvements to –qview [file] and more information provided in the POD
  • Exploit fingerprint definitions database additions

 

New cxs v4.18

Changes:

  • HTTP::Tiny reverted to v0.041 as it breaks on some installations

 

New cxs v4.17

Changes:

  • Unsupported option –YSKIPWMAIL added. Using this, If –options [W] or –options [wW] is triggered, then the directory will be chmod as normal but no email will be sent. If any other option is triggered for the same scan, the email will still be sent. This option only applies to cxs Watch
  • Added full pseudo-breadcrumbs to cPanel csf UI
  • HTTP::Tiny upgraded to v0.042
  • On cPanel servers, use cPanel provided perldoc binary in UI if present
  • Exploit fingerprint definitions database additions

 

cxs False-positive: [P0388]

You may see a false-positive in cxs after a recent release of fingerprint detections:

# Known exploit = [Fingerprint Match] [PHP Exploit [P0388]]

To remove the false-positive, run the following:

rm -fv /etc/cxs/new.fp
cxs -U

Our apologies for any confusion that this may have caused.