cPanel

Changes:

• Fixed duplicate virus scan on script files with regex matches
• Exploit fingerprint definitions database additions

Changes:

• Added quotes around the $1 parameter in cxscgi.sh and cxsftp.sh to cope with files with spaces in their names. Existing scripts will be fixed on upgrade

Changes:

• Added initial FreeBSD (v7.2) support – currently no UI cron job support has been implemented, jobs will have to be added to /etc/crontab manually on FreeBSD
• Fixed UI quarantine restore to always use correct uid and gid
• Updated exploit definitions database
• Added some more examples to the POD and reference the examples in cxsftp.sh and cxscgi.sh

Changes:

• Added new exploit scanning option M to be used with –option (enabled by default) and –voption. The M option scans a fingerprint lookup table of over 4500 known exploit scripts. If you cron jobs or have modified cxsftp.sh or cxscgi.sh that use an –options list, you might want to add M to the list to use this new feature
• Digest::MD5 added to required perl modules
• Added extra check in UI where alternative clamdsock is ticked but none entered in the textbox
• Updated exploit definitions database
• Don’t show user in quarantine UI if empty

We’re currently offering cxs for free as part of our cPanel Service Package.Our new product is proving popular amongst web hosting providers concerned about exploits being uploaded to client sites affecting not only their account, but all accounts on the server.By including cxs with our cPanel Service Package we’re bolstering what is already a great package that helps in securing and managing your cPanel server, whether it is large or small, new or old.

ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server.

Active scanning is performed on all text files uploaded through:

• PHP upload scripts (via a mod_security or suhosin hook)
• Perl upload scripts (via a mod_security hook)
• CGI upload scripts (via a mod_security hook)
• Any other script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
• Pure-ftpd

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script and the Gumblar Virus.

cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). It has been tuned for performance and scalability.

Included with the cxs Command Line Interface (CLI) is a web-based User Interface (UI) to help:

• Run scans
• Schedule and Edit scans via CRON
• Compose CLI scan commands
• View, Delete and Restore files from Quarantine
• View documentation
• Set and Edit default values for scans
• Edit commonly used cxs files

cxs is currently a cPanel only product.More information, pricing and ordering available here:http://www.configserver.com/cp/cxs.html

We are looking for volunteer Beta Testers for a new product that we have in development:ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server:

• PHP/Perl/CGI upload scripts (using a mod_security hook)
• pure-ftpd

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving to quarantine suspicious files before they become active. Apart from this option (to delete files) the product is non-destructive.cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). Note: cxs is not a rootkit scannercxs is a commercial product that will be sold and licensed on a per server basis. Unlike competing products, it will strictly be a one-time per server license purchase with updates for the life of the product, all at a reasonable price :)This is now closed – thanks to all who are participating and we hope for a release of this product soon.