cxs

New cxs v4.06

Changes:

  • Parameterise all calls to system() and Open3()
  • Only list viewable files in UI “Other Files” option
  • Fixed issue with ignoring user: and puser: with web scanning
  • Added new –ignore [file] option ip: – ignore IP address for web and ftp uploads. This may or may not have any impact on performance with ftp uploads as the IP address will need to be established from the message log for each file
  • Removed DNS lookup on FTP IP addresses to improve performance
  • Exploit fingerprint definitions database additions

 

New cxs v4.04

Changes:

  • Fixed issue with cxs Watch not reporting running state correctly

 

New cxs v4.03

Changes:

  • Fixed issue with reporting boolean CLI options

New cxs v4.02

Changes:

  • Fixed issue with creation of new quarantine directory for new installs
  • Improved quarantine directory detection for conversion on upgrade to v4

(see changelog for v4 for main changes for this release tree)

New cxs v4.01

Changes:

  • Introducing a new Quarantine system. This new version creates a more secure method of quarantining suspicious files in cxs. It removes the need for a directory with 1777 permissions. It also makes the layout and maintenance of the quarantine directory much simpler
  • Automatically rename old quarantine directory to [dir].(timestamp) and create new quarantine structure. An email is sent to root with a reminder to remove the old directory
  • Any pre v4 old quarantine directory can still be viewed and restored from through the UI if required, though this functionality (for old quarantine directories) will be removed in the future
  • New option –qcreate. This option is used to create a new quarantine directory structure. It will rename any pre-existing directory to [name].(timestamp)
  • New option –qclean [days]. This option is used to clean a quarantine directory specificed with –quarantine [dir], retaining the last [days] worth of files
  • New option –qrestore [file]. This option is used to restore a quarantine file via the CLI to the original file location (v4 quarantined files only)
  • New option –qview [file]. This option is used to view a quarantined file via the CLI
  • Modified cxs UI to cater for new quarantine layout and provide some additional information on quarantined files
  • Added new file /etc/cxs/cxsdaily.sh as an example file to symlink from /etc/cron.daily/ to perform daily tasks and added to RECOMMENDATIONS in the docs
  • Modified cxs Watch scanning to automatically scan newly created directories for exploits to help overcome an issue where files are created before a new directory is watched
  • Support for running cxs through suhosin has been removed
  • Fixed issue with –defapache [user]
  • Modified recommendations on file ownership and permissions when using –logfile [file]
  • HTTP::Tiny upgraded to v0.037
  • POD documentation tidy
  • Exploit fingerprint definitions database additions

New cxs v3.27

Changes:

  • NOTE: Support for using suhosin is deprecated and will be removed in the near future – use ModSecurity instead. If you are unable to use ModSecurity, you will have to rely on either cxs Watch or manual scans
  • New option added: –defapache [user]. This is the default account under which apache runs. This will be set to “apache” by default except on cPanel servers where it is set to “nobody” by default
  • Make cxs watch restart reason more verbose
  • Improved file type detection for files within archives
  • Improvements to the main decoder regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

 

New cxs v3.26

Changes:

  • Fixed issue with cxs process termination due to scanning timeouts
  • Prevent regex hangs due to some exploit tactics
  • Fixed quarantine UI not restoring file permissions correctly

 

New cxs v3.25

Changes:

  • Extended fingerprint checks for alternative linefeeds in scripts
  • Fixed functionality of the included test.cgi upload test script
  • Enforce stricter permissions on /var/log/cxswatch.log
  • Disable option to upgrade cxs in DA UI and instruct to use CLI
  • Added use of –force to –upgrade to redo upgrade to latest version if required
  • Additional checks to terminate php child process if timeout occurs
  • Exploit fingerprint definitions database additions

New cxs v3.24

Changes:

  • Added the following to Script Version Scanning:
    Joomla XCloner Ext, WP XCloner Ext
  • Added new advanced PHP decoders
  • Exploit fingerprint definitions database additions