Hi guys
I'd like to know if I should configure CXS with ClamAV "Unofficial Signatures Option" if i'm using the following on clamav:
https://malware.expert/signatures/
Thoughts?
Search found 21 matches
- 01 Oct 2018, 10:17
- Forum: General Discussion (cxs)
- Topic: PHP Malware.expert Signatures with CXS
- Replies: 0
- Views: 990
- 01 Nov 2017, 12:34
- Forum: General Discussion (cmc)
- Topic: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
- Replies: 2
- Views: 2812
This is not a config server issue. It is an Apache APR Util issue as per:
https://www.purehacking.com/blog/josh-z ... ize-limits
https://www.purehacking.com/blog/josh-z ... ize-limits
- 06 Mar 2017, 11:52
- Forum: MailScanner Front-End
- Topic: Remove Pending Queue
- Replies: 0
- Views: 726
With exim you usually just get one queue called the delivery queue. With Mailscanner we get a pending queue aswell.
Kind of messing up monitoring.
Anyway to have just one queue rather than monitoring both?
Kind of messing up monitoring.
Anyway to have just one queue rather than monitoring both?
- 15 Oct 2016, 17:25
- Forum: General Discussion (cxs)
- Topic: Why did this get blocked by csf
- Replies: 0
- Views: 997
Hi This got blocked by CSF due to CXS block upload on ftp: Oct 15 16:15:18 lin05 cxs[876014]: IP:1.2.3.4 User:hcjvregm FTP upload:['/home/hcjvregm/public_html/cloner.php'] - Regular expression match = [symlink\s*\(] Trying to figure out why it did when the cxsftp.sh has the following: /usr/sbin/cxs ...
- 18 Mar 2016, 14:21
- Forum: MailScanner Front-End
- Topic: Randsomeware and SaneSecurity
- Replies: 0
- Views: 1733
Customers are saying that randsomeware got through mailscanner. Customer sent to gmail where it got blocked but through mailscanner its getting through.
Now I have read that SaneSecurity can pick these types of viruses up. How does one install it?
Now I have read that SaneSecurity can pick these types of viruses up. How does one install it?
- 11 Jun 2015, 09:33
- Forum: General Discussion (csf)
- Topic: Help with custom regex rules
- Replies: 42
- Views: 13434
I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {return ("mod_secur...
- 11 Jun 2015, 08:54
- Forum: General Discussion (csf)
- Topic: Help with custom regex rules
- Replies: 42
- Views: 13434
I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [msg "ip address blocked for 5 ...
- 06 Feb 2015, 10:05
- Forum: General Discussion (cxs)
- Topic: Trying to lower load for CXS
- Replies: 1
- Views: 1643
I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...
- 20 Dec 2014, 22:03
- Forum: General Discussion (csf)
- Topic: Exclude folder and subfolders from csf
- Replies: 0
- Views: 742
Hi,
I am trying to install CSF / LFD on a VPS Node. But whenever I enabled CSF all is good but LFD is a problem.
Mentions all clients processes under /vz/root is a suspicous process.
How does one exclude a directly and it's subfolders and all files from LFD checks?
Thanks
I am trying to install CSF / LFD on a VPS Node. But whenever I enabled CSF all is good but LFD is a problem.
Mentions all clients processes under /vz/root is a suspicous process.
How does one exclude a directly and it's subfolders and all files from LFD checks?
Thanks
- 13 Oct 2014, 14:05
- Forum: General Discussion (cxs)
- Topic: iowait and cxs
- Replies: 0
- Views: 1122
Just something I decided to look at when trying to improve disk reponsiveness on server. 05:50:01 AM CPU %user %nice %system %iowait %steal %idle 06:00:01 AM all 10.19 0.54 3.43 25.82 0.00 60.02 06:10:01 AM all 12.94 0.53 5.04 29.08 0.00 52.42 06:20:02 AM all 10.75 0.81 3.28 23.46 0.00 61.71 06:30:0...