Server Software and Configuration Services
Changes:
– cxs Watch will now fail to start or will terminate on VPS servers if /proc/sys/fs/inotify/max_user_watches is set too low
– Added error reporting if clamd fails to respond, but stop reporting clamd errors if too many consecutive errors occur
– Updated POD regarding the new csf option: LF_CXS
Changes:
– New option LF_QOS added which matches hits against the mod_qos Apache module
– New option LF_CXS added which matches hits against the mod_security Apache module rule for cxs if implemented
Changes:
– Improved temporary file cleanup
– Change cxs UI to use /sbin/pidof to determine if the Watch daemon is stopped, starting or running. If /sbin/pidof does not exist, no status is shown
– Modification to prevent scan failure if FTP is down and –options [P] used
– Exploit fingerprint definitions database additions
Changes:
– Improvements to the Fingerprint Matching system
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions
Changes:
– Improvements to non-core perl module loading
– Improvements to PT_LOAD Apache Status retrieval and messages
– Regex modifications to cater for Dovecot v2.1+
– On cPanel servers, block additional ports that exim uses in the WHM > Service Manager for RT_*_BLOCK
Changes:
– Use temporary files when performing a virus scan during –decode ([D])
– Change all clamd STREAM to SCAN scanning
– Use a robust routine for creating random temporary files during –options [Z] (scanning within archives)
– Exploit fingerprint definitions database additions
Changes:
– Allow a value of 0 for –Wrefresh which disables the functionality in the cxs Watch daemon
– Added new advanced PHP decoder for –decode ([D])
– Stop cxs Watch from following symlinks
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions
Changes:
– Modified upgrade warning for integrated UI to not use the DA warning text
– Validate local IP addresses
– Only check local IPv6 addresses if IPV6 is enabled in config
– Separate IPv4 from IPv6 ignore CIDRs due to Net::CIDR::Lite restrictions
– Improvements to ignore files IP address validation
– Add server check for PHP v5.2.* to the obsolete/security risk list
– Add server check for RedHat/CentOS v4.* and Fedora < v15 to the obsolete/security risk list
- Removed server checks for RLimitMEM/RLimitCPU
Changes:
– Added new advanced PHP decoders for –decode ([D])
– Change main cxs Watch process name during startup while still starting
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions