Search found 21 matches

Search found 21 matches Page 1 of 3
by sahostking
01 Oct 2018, 10:17
Forum: General Discussion (cxs)
Topic: PHP Malware.expert Signatures with CXS
Replies: 0
Views: 737

Hi guys

I'd like to know if I should configure CXS with ClamAV "Unofficial Signatures Option" if i'm using the following on clamav:

https://malware.expert/signatures/

Thoughts?
by sahostking
06 Mar 2017, 11:52
Forum: MailScanner Front-End
Topic: Remove Pending Queue
Replies: 0
Views: 499

With exim you usually just get one queue called the delivery queue. With Mailscanner we get a pending queue aswell.

Kind of messing up monitoring.

Anyway to have just one queue rather than monitoring both?
by sahostking
15 Oct 2016, 17:25
Forum: General Discussion (cxs)
Topic: Why did this get blocked by csf
Replies: 0
Views: 761

Hi This got blocked by CSF due to CXS block upload on ftp: Oct 15 16:15:18 lin05 cxs[876014]: IP:1.2.3.4 User:hcjvregm FTP upload:['/home/hcjvregm/public_html/cloner.php'] - Regular expression match = [symlink\s*\(] Trying to figure out why it did when the cxsftp.sh has the following: /usr/sbin/cxs ...
by sahostking
18 Mar 2016, 14:21
Forum: MailScanner Front-End
Topic: Randsomeware and SaneSecurity
Replies: 0
Views: 1487

Customers are saying that randsomeware got through mailscanner. Customer sent to gmail where it got blocked but through mailscanner its getting through.

Now I have read that SaneSecurity can pick these types of viruses up. How does one install it?
by sahostking
11 Jun 2015, 09:33
Forum: General Discussion (csf)
Topic: Help with custom regex rules
Replies: 42
Views: 10613

I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {return ("mod_secur...
by sahostking
11 Jun 2015, 08:54
Forum: General Discussion (csf)
Topic: Help with custom regex rules
Replies: 42
Views: 10613

I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [msg "ip address blocked for 5 ...
by sahostking
06 Feb 2015, 10:05
Forum: General Discussion (cxs)
Topic: Trying to lower load for CXS
Replies: 1
Views: 1379

I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...
by sahostking
20 Dec 2014, 22:03
Forum: General Discussion (csf)
Topic: Exclude folder and subfolders from csf
Replies: 0
Views: 583

Hi,

I am trying to install CSF / LFD on a VPS Node. But whenever I enabled CSF all is good but LFD is a problem.

Mentions all clients processes under /vz/root is a suspicous process.

How does one exclude a directly and it's subfolders and all files from LFD checks?

Thanks
by sahostking
13 Oct 2014, 14:05
Forum: General Discussion (cxs)
Topic: iowait and cxs
Replies: 0
Views: 929

Just something I decided to look at when trying to improve disk reponsiveness on server. 05:50:01 AM CPU %user %nice %system %iowait %steal %idle 06:00:01 AM all 10.19 0.54 3.43 25.82 0.00 60.02 06:10:01 AM all 12.94 0.53 5.04 29.08 0.00 52.42 06:20:02 AM all 10.75 0.81 3.28 23.46 0.00 61.71 06:30:0...
Search found 21 matches Page 1 of 3