ConfigServer Services Blog

New cxs v1.56

Changes:

  • Reinstated the Scan Report header for the –all option lost in v1.55
  • Added new option –www to only scan within the public_html/ directory when using –allusers or –user [user]
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.55

Changes:

  • Modified FTP IP Address lookup code to only read the last 64K of the relevant log file, improving lookup speed and resource usage
  • Made /etc/init.d/pure-uploadscript LSB compliant
  • Exploit fingerprint definitions database additions

New csf v5.19

Changes:

  • Added stats workaround for February/March calculations
  • Added new option CC_IGNORE – this Country Code list will prevent lfd from blocking IP address hits for the listed CC’s
  • Reduced CC_* memory usage when loading zones
  • Modified lfd logging for regex.pm and regex.custom.pm login failures to lfd.log to use the return reason from the regex match instead of a generic message. This does mean that the format for these messages has changed
  • DA Server Check for proftpd – check whether pureftp=1 in DA config
  • Replaced IP::Country and Geography::Countries with Geo::IP:: PurePerl using the MaxMind GeoLite Country database for CC_LOOKUPS
  • Added new option GUNZIP which is required to expand the MaxMind GeoLite Country database
  • Extended CC_LOOKUPS which can now be configured to report Country Code and Country and City using the MaxMind City Database. See csf.conf for more information
  • Added Donation buttons to csf UI main page

New csf v5.18

Changes:

  • Remove RT_POPRELAY_* from csf.conf on DA servers as it does not apply
  • Improved Server Check for cPanel Update configuration check
  • Modifed csf restart to not start bandmin during the stop phase
  • Modified LF_DIRWATCH to remove dependency on File::Type
  • Modified LF_DIRWATCH for speedups and removed the need for a file size limit
  • Debian v6 support confirmed
  • Added /etc/bind/named.conf.options to the list of named.conf files to check for recursion settings (for Debian)

New cxs v1.54

Changes:

  • Added a note to the CGI alert email for ModSecurity false-positives where the request body is inspected before Apache has a chance to determine whether the called script exists (i.e. a 404)
  • Added new option –wttw [file] which is available for submitting text exploits (i.e. PHP, Perl, Shell) to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. Please be sure to read the documentation before using this option
  • Exploit fingerprint definitions database additions

New cxs v1.53

Changes:

  • Sort File::Find directory traversal/files alphabetically
  • Multiple scanning performance and resource usage improvements
  • –voptions [M] removed as it serves no function
  • Added text for –options [M] (Known exploit) where we have it
  • Improvements to relative path file/directory scanning
  • Exploit fingerprint definitions database additions

New cxs v1.52

Changes:

  • Ignore SIGPIPE when using –decode (–options [D]) while running interactive php interpreter, which caused scans to abort
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New ClamAV v0.97

ClamAV 0.97 brings many improvements, including complete Windows support(all major components compile out-of-box under Visual Studio), support forsignatures based on SHA1 and SHA256, better error detection, as well as speed and memory optimizations. The complete list of changes is available in the ChangeLog file. For upgrade notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes097Download : http://downloads.sourceforge.net/clamav/clamav-0.97.tar.gzPGP sig  : http://downloads.sourceforge.net/clamav/clamav-0.97.tar.gz.sigBugfixes : http://www.clamav.net/release-info/bugs/0.97ChangeLog: http://www.clamav.net/release-info/changelog/0.97

New cxs v1.51

Changes:

  • Sort Quarantine UI users
  • If –quarantine or –delete fails (e.g. an immutable file), report failure to do so. Failure to quarantine will no longer attempt removal of the original file
  • Only “View” quarantine files in UI if they are text files
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions