Hi guys

I'd like to know if I should configure CXS with ClamAV "Unofficial Signatures Option" if i'm using the following on clamav:

https://malware.expert/signatures/

Thoughts?

This is not a config server issue. It is an Apache APR Util issue as per:

https://www.purehacking.com/blog/josh-z ... ize-limits

With exim you usually just get one queue called the delivery queue. With Mailscanner we get a pending queue aswell.

Kind of messing up monitoring.

Anyway to have just one queue rather than monitoring both?

Hi This got blocked by CSF due to CXS block upload on ftp: Oct 15 16:15:18 lin05 cxs[876014]: IP:1.2.3.4 User:hcjvregm FTP upload:['/home/hcjvregm/public_html/cloner.php'] - Regular expression match = [symlink\s*\(] Trying to figure out why it did when the cxsftp.sh has the following: /usr/sbin/cxs ...

Customers are saying that randsomeware got through mailscanner. Customer sent to gmail where it got blocked but through mailscanner its getting through.

Now I have read that SaneSecurity can pick these types of viruses up. How does one install it?

I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {return ("mod_secur...

I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [msg "ip address blocked for 5 ...

I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...

Hi,

I am trying to install CSF / LFD on a VPS Node. But whenever I enabled CSF all is good but LFD is a problem.

Mentions all clients processes under /vz/root is a suspicous process.

How does one exclude a directly and it's subfolders and all files from LFD checks?

Thanks

Just something I decided to look at when trying to improve disk reponsiveness on server. 05:50:01 AM CPU %user %nice %system %iowait %steal %idle 06:00:01 AM all 10.19 0.54 3.43 25.82 0.00 60.02 06:10:01 AM all 12.94 0.53 5.04 29.08 0.00 52.42 06:20:02 AM all 10.75 0.81 3.28 23.46 0.00 61.71 06:30:0...