cxs

Changes:

• Fixed issue on cPanel servers where the shebang on cxsdbupdate.pl was incorrect which prevented it running on some systems

Changes:

• Added new option to cxsControl settings for statistics collection. This provides the ability to enable or disable the collection of statistical information for the cxsControl graphs. Existing and new installations will default to DISABLED to improve scanning performance
• Database updates are now batch processed via cron (and when accessing the cxsControl UI) to improve scanning performance. The cronjob runs every 10 minutes from /etc/cron.d/cxsdb-cron
• Added a check for Wnotify filechange to force flush the event buffer if it grows excessively
• Modified –dbreport to be ignored if used in cxscgi.sh, cxsftp.sh and cxs Watch, updated docs to reflect the change

Changes:

• Added prevention routines to stop corrupt fingerprint and regex entries from being loaded
• Reduced memory footprint when handling fingerprints
• Reduced memory footprint of cxs Watch controlling process
• Fixed issue with cxs installation/upgrade sometimes restarting cxs Watch whether it was running or not
• Modified eval+use+module checks to use bundled Module::Installed::Tiny instead
• Fixed perl memory leak when using regexes in cxs.ignore. This fix can significantly reduce the memory overhead of cxs processes, especially with cxs Watch and –allusers scans

We had a corrupt daily update of the cxs signatures that is causing problems for some users. If you are seeing a problem with detections, please do the following immediately:

rm -fv /etc/cxs/new.fp
cxs -U
service cxswatch restart

If you need to perform a bulk restore from quarantine due to this issue:

find /home/quarantine/cxsuser/ -type f -exec cxs --qrestore {} \;

Changes:

• Fixed cxs process title incorrectly using “cxswatch – database update” when running a normal scan

Changes:

• Fixed spurious DBI error when rescanning a quarantine directory in the UI
• When running/viewing scans or configurations through the UI, ensure any configured quarantine directory is created if missing

Changes:

• Modified database reporting to a subprocess to only fork in cxs Watch

Changes:

Fixed issue with cxswatch startup improperly triggering database statistics update

Changes:

• Offload database reporting to a subprocess
• Prevent the same exploit (md5sum) being repeatedly reported through -wttw [file]

Changes:

• Added new –Wnotify [system]. This option specifies which filesystem notification API to use with cxs Watch. Defaults to [inotify]
• Added EXPERIMENTAL support for RHEL v7.* fanotify and CloudLinux v7.* File Change API (direct and via SQLite API). See the cxs documentation for information, restrictions, requirements, advantages and disadvantages of each notification system
• Modified Universal Decoder to run an all scripts, not just PHP