cxs

New cxs v2.60

Changes:
– Ensure that an account name is only passed to –script [script] when performing a manual scan using –user or –all
– Ignore adobe-xap-filters when detecting hidden script files
– Exploit fingerprint definitions database additions

New cxs v2.59

Changes:
– Improvements to quarantine procedure

New cxs v2.58

Changes:
– Fixed a problem in the UI where the selections for –options were applied from /etc/cxs/cxs.defaults, if set, rather the selections in the UI if all the standard selections were ticked
– UI improvements
– Change file name check behaviour so that it still detects with empty files
– Include all item sizes in –summary report
– Include all ignored files in –summary report
– Improvements to hidden script file detection
– Exploit fingerprint definitions database additions

New cxs v2.57

Changes:
– Fixed problem with quarantine move failing – introduced in v2.56
– Implement ignores for rate limit warnings in cxs Watch daemon
– Allow a value of 0 for –filemax [num] which disables the feature
– Set –filemax [num] to 0 in cxswatch.sh for new installs

New cxs v2.56

Changes:
– Improvements to quarantine move failure message
– Implement ignores in compressed files
– Added a rate limit warning to cxs Watch daemon. If a file is scanned more then (2 * Wsleep) times in (10 * Wsleep) seconds then a warning is logged. This is to help identify frequently scanned files that you might want to ignore (e.g. if they are very frequently updated log files)
– Improved installation procedure for checking required perl modules
– Exploit fingerprint definitions database additions

New csf v5.49

Changes:
– Remove atd from Service Check in Server Check Report
– Ensure all DNS traffic between non-local IP addresses in /etc/resolv.conf is allowed through the firewall when DNS_STRICT_NS is not enabled
– Added exim to example script pt_deleted_action.pl
– Added /var/log/cxswatch.log to csf.logfiles for new installations
– Added new option LF_ALERT_SMTP which allows lfd to be configured to send alert emails via SMTP instead of through the SENDMAIL binary. LF_ALERT_SMTP needs to be set to the name or IP address of the SMTP server to use this feature
– Added new option CC_DROP_CIDR. Set this option to a valid CIDR to ignore CIDR blocks smaller than this value when implementing CC_DENY/CC_ALLOW/CC_ALLOW_FILTER. This can help reduce the number of CC entries and may improve iptables throughput
– Improved installation procedure for checking required perl modules

New cxs v2.55

Changes:
– Changes to htaccessdisable.pl example script
– Increased default value for –filemax [num] in cxswatch.sh for new installs
– If necessary, log license error to cxs Watch daemon log

New cxs v2.54

Changes:
– Added logrotate configuration for cxswatch
– Include an example perl script that will disable directory access with a .htaccess file if a match is found using the –script [script] option: /etc/cxs/htaccessdisable.pl
– Modifications to cxs Watch daemon so that it no longer needs to completely restart when new daily detections are downloaded
– Always log if skipping directories in cxs Watch daemon due to –filemax [num]
– Fixed a problem with a false-positive in the php interpreter timeout
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.53

Changes:
– Timeout added for php interpreter during –decode ([D])
– Do not disable –viruscan if clamd not running in cxs Watch
– Exploit fingerprint definitions database additions

New cxs v2.52

Changes:
– cxs Watch will now fail to start or will terminate on VPS servers if /proc/sys/fs/inotify/max_user_watches is set too low
– Added error reporting if clamd fails to respond, but stop reporting clamd errors if too many consecutive errors occur
– Updated POD regarding the new csf option: LF_CXS