ConfigServer Community Forum

sahostking

Hi guys

I'd like to know if I should configure CXS with ClamAV "Unofficial Signatures Option" if i'm using the following on clamav:

https://malware.expert/signatures/

Thoughts?

sahostking

This is not a config server issue. It is an Apache APR Util issue as per:

https://www.purehacking.com/blog/josh-z ... ize-limits

sahostking

With exim you usually just get one queue called the delivery queue. With Mailscanner we get a pending queue aswell.

Kind of messing up monitoring.

Anyway to have just one queue rather than monitoring both?

sahostking

Hi This got blocked by CSF due to CXS block upload on ftp: Oct 15 16:15:18 lin05 cxs[876014]: IP:1.2.3.4 User:hcjvregm FTP upload:['/home/hcjvregm/public_html/cloner.php'] - Regular expression match = [symlink\s*\(] Trying to figure out why it did when the cxsftp.sh has the following: /usr/sbin/cxs ...

sahostking

Customers are saying that randsomeware got through mailscanner. Customer sent to gmail where it got blocked but through mailscanner its getting through.

Now I have read that SaneSecurity can pick these types of viruses up. How does one install it?

sahostking

I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {return ("mod_secur...

sahostking

I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [msg "ip address blocked for 5 ...

sahostking

I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...

sahostking

Hi,

I am trying to install CSF / LFD on a VPS Node. But whenever I enabled CSF all is good but LFD is a problem.

Mentions all clients processes under /vz/root is a suspicous process.

How does one exclude a directly and it's subfolders and all files from LFD checks?

Thanks

sahostking

Just something I decided to look at when trying to improve disk reponsiveness on server. 05:50:01 AM CPU %user %nice %system %iowait %steal %idle 06:00:01 AM all 10.19 0.54 3.43 25.82 0.00 60.02 06:10:01 AM all 12.94 0.53 5.04 29.08 0.00 52.42 06:20:02 AM all 10.75 0.81 3.28 23.46 0.00 61.71 06:30:0...

ConfigServer Community Forum

Search found 21 matches

PHP Malware.expert Signatures with CXS

Re: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied

Remove Pending Queue

Why did this get blocked by csf

Randsomeware and SaneSecurity

Re: Help with custom regex rules

Re: Help with custom regex rules

Trying to lower load for CXS

Exclude folder and subfolders from csf

iowait and cxs