Dealing with false-positives in cxs

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
1 post Page 1 of 1
Posts: 1450
Joined: 01 Oct 2008, 09:24

When you run cxs you will invariably encounter false-positives that trigger one or more of the scanning options.

We do not recommend that you simply stop using the option that triggers, rather it would be better to simply ignore the false-positive files using an ignore file as per the documentation.

The best way to generate the ignore file is to create it first, e.g.:
Code: Select all
touch /etc/cxs/cxs.ignore
chmod 644 /etc/cxs/cxs.ignore
Or use the /etc/cxs/cxs.ignore.example file:
Code: Select all
cp /etc/cxs/cxs.ignore.example /etc/cxs/cxs.ignore
chmod 644 /etc/cxs/cxs.ignore
Then you need to populate it. You can either add your ignore file individually with entries such as:
Code: Select all
Or, you can generate ignore file entries using the scan report as input. You can generate the report file when you run a scan using the --report option, or you can save the output from the scan into a file on disk (e.g. if you received it only in an email), e.g. to cxs.scan. Using this as an example, you can then use the --generate option to append entries to your ignore file:

(Note: remember to remove all entries in the scan report that you do not want in the ignore file first)
Code: Select all
cxs --generate --report cxs.scan --ignore /etc/cxs/cxs.ignore
If you now look in cxs.ignore you should see ignore lines for each item found in the scan report. Make sure you use the --ignore /etc/cxs/cxs.ignore (or whatever you called your ignore file) in all future scans.

You should be very careful when using an ignore file about listing directories to ignore as this will stop cxs scanning the directory and its contents which might not be what you intend.
1 post Page 1 of 1