ConfigServer Services Blog

New cxs v1.44

Changes:

  • Added Quarantine option to UI
  • Modified the –jumpfrom [user], –jumpto [user] options so a special value can be used for the from and to [user] using a single letter then a plus sign to scan those users whose name begins with the letter specified (not case sensitive). Again, this is inclusive. For example, to scan all accounts beginning with k through to g use: –jumpfrom k+ –jumpto g+
  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.14

Changes:

  • Updated RELAY regex to detect the dovecot/courier login authentication methods on cPanel servers
  • Updated Server Check Report to reflect cPanel/WHM changes in v11.28, including additional checks and updating reference text
  • Added checks to LF_DIRWATCH_FILE to ensure watched resources exist on startup and while running a check. Those that do not exist are ignored and logged in lfd.log

New cxs v1.43

Changes:

  • Improvements to –decode ([D]) option. If the final decode depth results in a php Parse error, the previous depth is scanned instead. This improves the likelihood of a successful decode and scan
  • Improvements to –decode ([D]) option. Decode PHP scripts in memory using the interactive php interpreter instead of using temporary files
  • Improvements to –decode ([D]) option. Add timeout to php interpreter to avoid decoding hangs
  • Exploit fingerprint definitions database additions

Additional:

  • Increased the number of Exploit fingerprint definitions to over 4500
  • Updated cxs web pages to reflect latest version

New cxs v1.41

Changes:

  • Enabled option –options [Z] by default for scanning within compressed archives
  • Suppress error output from Archive::Tar
  • Exploit fingerprint definitions database additions

New cxs v1.40

Changes:

  • Improved detection of ruby and c exploits
  • Added the ability to use –quarantine and –delete when performing a manual or scheduled scan. However, since the likelihood of a false-positive is relatively high, this is not recommended without care and understanding of the implications
  • Added test for existence of –quarantine [dir]. If it does not exist an error will be shown and the scan will continue with the quarantine directive disabled
  • New –options [Z]. This option decompresses archives (e.q. zip, tar, tar.gz and tar.bz2 files) and scans each file within the archive using the same options provided to the original scan
  • Added –options [Z] to WHM UI
  • Updated perl modules requirements to now include: Archive::Zip and Archive::Tar
  • Cater for single quotes in cron jobs in the WHM UI
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cmm v1.15

Changes:

  • Updated “Manage Mail Hourly Limits” for the replacement new method in cPanel v11.28.48+

Note: This replacement new method supports per domain hourly limits again

New MailScanner Script v2.79

Changes:

  • Due to a critical vulnerability in exim cPanel have disabled the option -D in the exim binary that MailScanner Incoming Only scanning uses. This means that that method can no longer be used at this time and all MailScanner implementations that use this installer need to switch to In/Out scanning (the default install). This update forces that switch.
  • An alternative to upgrading is to simply run:/usr/mscpanel/msswitch.pl inout
  • Regardless of whether you are running either In Only or In/OUT scanning ALL clients should ensure that they are running the latest version of cPanels exim implementation either by running /scripts/upcp or /scripts/eximup
  • http://mail.cpanel.net/pipermail/news_cpanel.net/2010-December/000060.html

New csf v5.13

Changes:

  • Added obsolete OS checkes for Fedora v11 and v12, plus RedHat/CentOS v2 and v3 in Server Check
  • Fixed broken reference URL’s in Server Check for cPanel servers
  • Modified statistics to not display pie chart if no data is available
  • Sort LF_DIRWATCHFILE output by time to improve the reported results
  • Added new setting for AT_ALERT to only trigger on modification to the root account (i.e. not all superuser accounts)
  • Tested successfully for support on Fedora v14 and Ubuntu v10.10