Added hdir:/quarantine_clamavconnector to the csf.ignore.example file
Improvements to php script detection where extension is not .php
Filetype detection speedups
Filetype differentiation between MS-DOS and MS Windows executables
Added new option –Wrefresh. To keep the cxs Watch daemon up to date, it will restart every 7 days by default. To change this interval, you can set B<--Wrefresh [days]>
Improvements to the check for PHP code hidden in GIF image files for “hidden script file”, regex matching and decode scanning
Add link to the Changelog when cxs is upgraded
If an ignore file us used with cxs Watch daemon and the ignore file is modified, cxs Watch will reload the ignore file and restart the child processes. However, after making a large number of changes to the ignore file or if adding puser: or user: to the ignore file, the cxs Watch daemon should be manually restarted
Improved cxs Watch logging when suspicious file found and –Wloglevel set to 0
AUTO_UPDATES enabled for new installations in csf.conf
Removed the JS LF_EXPLOIT_CHECK as it is no longer prevalent. If still set in csf.conf it will be ignored
Check MESSENGER service to ensure privileges are dropped before starting the daemon
Drop privileges when peforming removal during LF_DIRWATCH_DISABLE
For new installations, IPV6 enabled if IP6TABLES exists and an IPv6 address is found in the output from IFCONFIG. IPV6_SPI is set according to the kernel version (i.e. whether SPI is supported or not)