ConfigServer Services Blog

New MailScanner Front-End (MSFE) v4.30

Changes:

  • Include clamd init script which will be copied and initialised if missing from /etc/init.d/ and clamd exists in /usr/local/sbin/clamd on entry into WHM UI. (init script copy in /usr/mscpanel/clamd)
  • Include clamd init script on ClamAV upgrade in UI
  • Set clamd init script ulimit to 100M to cope with increasing virus database sizes
  • Updated cPanel UI front-end display

New cxs v1.15

Changes:

  • Added breakout if –decode [file] depth is > 250 to prevent looping
  • Fixed problem with quarantine UI to cope with a trailing slash on the –quarantine [dir] statement
  • Improved detection of the quarantine directory in UI
  • Added DNS lookups on FTP IP address reports
  • Allow the use of floating point numbers with –throttle [num]
  • Added “Ignore” option for FTP quarantines files to Quarantine UI to add a file: ignore statement to a relevant ignore file if configured
  • Added new options –jumpfrom [user] and –jumpto [user] for use with the –all option to perform scans of only those user between the two points, both of which are inclusive
  • Added jumpfrom and jumpto to UI resource choice
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v4.88

Changes:

  • Fixed URL’s in Server Check report for cPanel if Security Tokens are enabled in v11.25+
  • Added ipv6 explanation that the information is determined from the output from ifconfig and display ipv6 addresses found
  • Added the ability to use Include statements in csf.deny and csf.allow, see readme.txt for information and restrictions

New cxs v1.14

Changes:

  • Added new experimental options –decode [file] and –depth [num]. See the perldoc documentation for more information
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.13

Changes:

  • Modified FrontPage extensions check to be case-insensitive
  • Use of –all –mail [email] and –nosummary will now only report suspicious accounts instead of all accounts. –report [file] will still contain the full report
  • Updated cxs perldoc help
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v4.87

Changes:

  • Ignore csf.rignore for LT_POP3D and LT_IMAPD
  • Removed unnecessary csf.locks during some GLOBAL list updates
  • Updated Copyright notice
  • Modified the block message for LF_MODSEC and LF_SUHOSIN to be more appropriate ( i.e. not “login failures” )
  • Added new block options for BIND denied requests: LF_BIND, LF_BIND_PERM, BIND_LOG. This works in the same way as the other similar blocks, e.g. LF_SUHOSIN. It will block IP addresses that have had BIND (named) requests denied more than LF_BIND times in LF_INTERVAL seconds. Currently named client denied log lines for “update” and “zone transfer” trigger the option
  • Modified GLOBAL_ routines to continue if retrieval for one fails instead of immediately exiting
  • Added IPv6 check to Server Check
  • Display DNS lookup results for IP addresses if CC_LOOKUPS is enabled on single line comments (lfd.log, csf.deny, etc)
  • Added new options LF_PERMBLOCK_ALERT and LF_NETBLOCK_ALERT so that the respective email alerts can be disabled
  • Updated IP::Country

New cxs v1.12

Changes:

  • New option (-X, –xtra [file]) to allow custom regular expression matches and filenames that cxs will additionally scan for
  • Exploit fingerprint definitions database additions

SpamAssassin FH_DATE_PAST_20XX 0.0 rule bug

There’s a bug in SpamAssassin that the developers have yet to fix in sa_update that is causing problems since the turnover to 01/01/2010:https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269The bug causes every email sent since 01/01/2010 to receive a spam score of 3.19, whether it is spam or not.If you’re running our MailScanner package you can do the following to zero score that rule and alleviate the problem:

echo score FH_DATE_PAST_20XX 0.0 >> /etc/mail/spamassassin/configserver.cf

New cxs v1.11

Changes:

  • Modified hidden image text file to exclude most FrontPage extensions files
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions