cxs

New cxs v2.13

Changes:

  • During cxs Watch startup default to the POSIX locale to avoid error message ambiguity for intotify from the kernel
  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.12

Changes:

  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.11

Changes:

  • Further SECURITY improvements to Quarantine functionality
  • All cxs users should upgrade to this release immediately

New cxs v2.10

Changes:

  • Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue
  • All cxs users should upgrade to this release immediately

New cxs v2.09

Changes:

  • New –options [R]. It will trigger a match for the inbuilt regex used by –options [D] when decoding PHP encoded (base64, etc) scripts
  • Improvements to –decode ([D]) option so that both the last and the penultimate decode level are both scanned
  • Added improved code for dropping privileges to the “nobody” user while running the interactive php interpreter as root
  • Ensure Quarantine only works on files
  • Updated UI text for options
  • Removed duplicated regex definitions from the database now that –options [R] has been added. Be sure to add R to your –options lists if you specify them if you still want to trap these.

New cxs v2.08

Changes:

  • Removed code that dropped privileges to the “nobody” user while running the interactive php interpreter as it broke subsequent scanning at depth
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.07

Changes:

  • Improvements to –decode ([D]) option
  • New Feature – Added daily check for new Exploit Fingerprints. If cxs is scheduled to check for a new version daily, an additional check for new Exploit Fingerprints released since the last cxs version is performed. These will be downloaded and used on subsequent scans
  • Exploit fingerprint definitions database additions

New cxs v2.06

Changes:

  • Fixed bug in application type detection introduced in v2.04 which restricted script specific regex detection from working correctly
  • Exploit fingerprint definitions database additions

New cxs v2.04

Changes:

  • Added Quarantine UI option to block FTP IP addresses in csf
  • Fixed Quarantine UI display problems
  • Added option –tscripts [list] which is a comma separated list of scripts that –options [T] will detect if you want to restrict which types are checked
  • Exploit fingerprint definitions database additions

New cxs v2.03

Changes:

  • Improvements to –decode [file] – don’t process ignore file
  • Speedups for –options [D]
  • Speedups for cxs Watch daemon startup
  • Fixes to cxs Watch daemon when processing new and –Wadd [file] directories where –ignore [file] and –filemax [num] were not applied
  • Improvements to hdir, hfile and hsym processing for –ignore [file]
  • Adjustments to –Wloglevel [num]
  • Improvements to FTP IP detection