ConfigServer Services Blog

Changes:

• Restore from quarantine in UI now preserves file ownership of the restored file
• Prefill UI Quarantine directory if set in cxs.defaults
• Added new option to Quarantine UI to bulk Restore files in the same way as bulk Delete works
• Exploit fingerprint definitions database additions

Changes:

• Added new option –qoptions [mMOLfSGchexdnwTEv]. By default –quarantine [dir]> will move all file matches. If –qoptions [] is also used then only the selected file types will be moved
• Added –qoptions [mMOLfSGchexdnwTEv] to UI
• Improvements to –decode ([D]) option
• Added –upgrade timer to sleep for up to 1800 seconds when running as a cron job to avoid overloading the license server
• Added the the –jumpfrom [user] and –jumpto [user] options to the UI
• Exploit fingerprint definitions database additions

Changes:

• Added Quarantine option to UI
• Modified the –jumpfrom [user], –jumpto [user] options so a special value can be used for the from and to [user] using a single letter then a plus sign to scan those users whose name begins with the letter specified (not case sensitive). Again, this is inclusive. For example, to scan all accounts beginning with k through to g use: –jumpfrom k+ –jumpto g+
• Improvements to –decode ([D]) option
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions

Changes:

• Improvements to –decode ([D]) option. If the final decode depth results in a php Parse error, the previous depth is scanned instead. This improves the likelihood of a successful decode and scan
• Improvements to –decode ([D]) option. Decode PHP scripts in memory using the interactive php interpreter instead of using temporary files
• Improvements to –decode ([D]) option. Add timeout to php interpreter to avoid decoding hangs
• Exploit fingerprint definitions database additions

Additional:

• Increased the number of Exploit fingerprint definitions to over 4500
• Updated cxs web pages to reflect latest version

Changes:

• Suppress error output from Archive::Zip

Changes:

• Enabled option –options [Z] by default for scanning within compressed archives
• Suppress error output from Archive::Tar
• Exploit fingerprint definitions database additions

Changes:

• Improved detection of ruby and c exploits
• Added the ability to use –quarantine and –delete when performing a manual or scheduled scan. However, since the likelihood of a false-positive is relatively high, this is not recommended without care and understanding of the implications
• Added test for existence of –quarantine [dir]. If it does not exist an error will be shown and the scan will continue with the quarantine directive disabled
• New –options [Z]. This option decompresses archives (e.q. zip, tar, tar.gz and tar.bz2 files) and scans each file within the archive using the same options provided to the original scan
• Added –options [Z] to WHM UI
• Updated perl modules requirements to now include: Archive::Zip and Archive::Tar
• Cater for single quotes in cron jobs in the WHM UI
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions