Fixed bug preventing csf from blocking FTP IP addresses when –block used
Added failure message from csf to FTP email if deny fails
Added new exploit scanning option W to be used with –option (must be explicitly added to the options list – the same way as the C option). The W option will chmod all world writable directories found to 755. Use this option with care as it could prevent web scripts from functioning on non-suPHP or non-SUEXEC enabled systems
Improvements to –decode performance and effectiveness
New optimised fingerprint database. This new database, though with fewer entries, is better targetted at detecting relevant exploits that ClamAV misses (the majority!)
Changed “Match for fingerprint of an exploit” to “Known exploit = [Fingerprint Match]”
Changed “Match for regular expression (regex)” to “Regular expression match = [regex]”
Added ” (Hits:nn)” to the Subject line of email reports
Added new option –ulist [file] for use with the –all option to perform scans of only those users listed in [file]
Regex scanning improvements
Disable default deep scanning on FTP and web script uploads to help avoid false-positives. If you want to continue deep scanning add –deep to cxsftp.sh and/or cxscgi.sh
Added breakout if –decode [file] depth is > 250 to prevent looping
Fixed problem with quarantine UI to cope with a trailing slash on the –quarantine [dir] statement
Improved detection of the quarantine directory in UI
Added DNS lookups on FTP IP address reports
Allow the use of floating point numbers with –throttle [num]
Added “Ignore” option for FTP quarantines files to Quarantine UI to add a file: ignore statement to a relevant ignore file if configured
Added new options –jumpfrom [user] and –jumpto [user] for use with the –all option to perform scans of only those user between the two points, both of which are inclusive
Modified FrontPage extensions check to be case-insensitive
Use of –all –mail [email] and –nosummary will now only report suspicious accounts instead of all accounts. –report [file] will still contain the full report
