ConfigServer Services Blog

New cxs v1.19

Changes:

  • Fixed bug preventing csf from blocking FTP IP addresses when –block used
  • Added failure message from csf to FTP email if deny fails
  • Added new exploit scanning option W to be used with –option (must be explicitly added to the options list – the same way as the C option). The W option will chmod all world writable directories found to 755. Use this option with care as it could prevent web scripts from functioning on non-suPHP or non-SUEXEC enabled systems

New cxs v1.18

Changes:

  • Scanning speedup when using –voptions
  • Improvements to –decode performance and effectiveness
  • New optimised fingerprint database. This new database, though with fewer entries, is better targetted at detecting relevant exploits that ClamAV misses (the majority!)
  • Changed “Match for fingerprint of an exploit” to “Known exploit = [Fingerprint Match]”
  • Changed “Match for regular expression (regex)” to “Regular expression match = [regex]”

New csf v4.89

Changes:

  • New SSHD regex added
  • Added Server Check to check whether SSHD UseDNS is set to “no” – it should be disabled
  • Added an Important Note to the readme.txt regarding the sshd UseDNS setting
  • Speedup for LF_DIRWATCH regex matching

New cxs v1.16

Changes:

  • Removed spurious “set to skip” message text
  • Added ” (Hits:nn)” to the Subject line of email reports
  • Added new option –ulist [file] for use with the –all option to perform scans of only those users listed in [file]
  • Regex scanning improvements
  • Disable default deep scanning on FTP and web script uploads to help avoid false-positives. If you want to continue deep scanning add –deep to cxsftp.sh and/or cxscgi.sh
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

Virus Scanner problem causes MailScanner to stop processing

In the latest version of MailScanner (v4.79.11) if MailScanner cannot find the virus scanner it will stop processing mail completely and no mail will be delivered. If your virus scanner stops working, you will see the following message in your maillog:”Virus Scanning: No virus scanners worked, so message batch was abandoned and re-tried!”If you have this issue and want to get mail flowing again while you investigate the clamd issue, see this FAQ: http://www.configserver.com/techfaq/index.php?faqid=84

New MailScanner Front-End (MSFE) v4.30

Changes:

  • Include clamd init script which will be copied and initialised if missing from /etc/init.d/ and clamd exists in /usr/local/sbin/clamd on entry into WHM UI. (init script copy in /usr/mscpanel/clamd)
  • Include clamd init script on ClamAV upgrade in UI
  • Set clamd init script ulimit to 100M to cope with increasing virus database sizes
  • Updated cPanel UI front-end display

New cxs v1.15

Changes:

  • Added breakout if –decode [file] depth is > 250 to prevent looping
  • Fixed problem with quarantine UI to cope with a trailing slash on the –quarantine [dir] statement
  • Improved detection of the quarantine directory in UI
  • Added DNS lookups on FTP IP address reports
  • Allow the use of floating point numbers with –throttle [num]
  • Added “Ignore” option for FTP quarantines files to Quarantine UI to add a file: ignore statement to a relevant ignore file if configured
  • Added new options –jumpfrom [user] and –jumpto [user] for use with the –all option to perform scans of only those user between the two points, both of which are inclusive
  • Added jumpfrom and jumpto to UI resource choice
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v4.88

Changes:

  • Fixed URL’s in Server Check report for cPanel if Security Tokens are enabled in v11.25+
  • Added ipv6 explanation that the information is determined from the output from ifconfig and display ipv6 addresses found
  • Added the ability to use Include statements in csf.deny and csf.allow, see readme.txt for information and restrictions