cxs

Changes:

• Fixed a problem with the use of File::Copy and the quarantine system where files that are moved across file systems do not retain the correct permissions

Changes:

• Display complete cxs command options at the top of reports, not just the CLI command (i.e. include defaults and cxs.default entries)
• Added a “View Quarantine” button at the bottom of the “View Quarantine User” UI page to return to the quarantine view
• Added default clamd rpm and apt-get socket location detection (/var/run/clamav/clamd.sock and /var/run/clamav/clamd.ctl)
• DirectAdmin development work (not currently supported) (RedHat Enterprise v3+/CentOS v3+/Debian v5+)
• Added code for future multiple license servers
• Fixed a problem with the use of File::Copy and the quarantine system where files that are moved across file systems do not retain the correct ownership
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions

Changes:

• Modified FTP scanning to honour hfile: ignore file entries
• Fixed problem with –qoptions [] sending all scan result matches to quarantine after a single legitimate match was found, regardless of the –qoptions [] specified

Changes:

• Fixed problem with UI upgrade sleeping before upgrading (as introduced for cron jobs). Upgrading to this version will still sleep through the UI, but subsequent versions should be fine. Instead of using the UI, using the CLI will avoid this problem for this upgrade, i.e.: cxs -U

Changes:

• Restore from quarantine in UI now preserves file ownership of the restored file
• Prefill UI Quarantine directory if set in cxs.defaults
• Added new option to Quarantine UI to bulk Restore files in the same way as bulk Delete works
• Exploit fingerprint definitions database additions

Changes:

• Added new option –qoptions [mMOLfSGchexdnwTEv]. By default –quarantine [dir]> will move all file matches. If –qoptions [] is also used then only the selected file types will be moved
• Added –qoptions [mMOLfSGchexdnwTEv] to UI
• Improvements to –decode ([D]) option
• Added –upgrade timer to sleep for up to 1800 seconds when running as a cron job to avoid overloading the license server
• Added the the –jumpfrom [user] and –jumpto [user] options to the UI
• Exploit fingerprint definitions database additions

Changes:

• Added Quarantine option to UI
• Modified the –jumpfrom [user], –jumpto [user] options so a special value can be used for the from and to [user] using a single letter then a plus sign to scan those users whose name begins with the letter specified (not case sensitive). Again, this is inclusive. For example, to scan all accounts beginning with k through to g use: –jumpfrom k+ –jumpto g+
• Improvements to –decode ([D]) option
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions

Changes:

• Improvements to –decode ([D]) option. If the final decode depth results in a php Parse error, the previous depth is scanned instead. This improves the likelihood of a successful decode and scan
• Improvements to –decode ([D]) option. Decode PHP scripts in memory using the interactive php interpreter instead of using temporary files
• Improvements to –decode ([D]) option. Add timeout to php interpreter to avoid decoding hangs
• Exploit fingerprint definitions database additions

Additional:

• Increased the number of Exploit fingerprint definitions to over 4500
• Updated cxs web pages to reflect latest version

Changes:

• Suppress error output from Archive::Zip

Changes:

• Enabled option –options [Z] by default for scanning within compressed archives
• Suppress error output from Archive::Tar
• Exploit fingerprint definitions database additions