How to block suspicous files from being uploaded

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Locked
ForumAdmin
Moderator
Posts: 1522
Joined: 01 Oct 2008, 09:24

How to block suspicous files from being uploaded

Post by ForumAdmin »

There are two files that you need to modify to allow blocking:

For FTP: /etc/cxs/cxsftp.sh

For Web Scripts: /etc/cxs/cxscgi.sh

1. If you simply want to delete suspicious uploads, add the --delete switch to cxsftp.sh and/or cxscgi.sh

2. If you want to quarantine files, then you need to pre-create the quarantine directory, e.g.:

mkdir /home/quarantine
chmod 1777 /home/quarantine


Then you need to add the --quarantine /home/quarantine switch to cxsftp.sh and/or cxscgi.sh

If you only want to quarantine viruses and fingerprint matching uploads add --quarantine /home/quarantine --qoptions vM switch to cxsftp.sh and/or cxscgi.sh

3. If you want to prevent any type of script being uploaded (e.g. through a web upload script) then you need to modify /etc/cxs/cxscgi.sh and the switch --options together with a list of the checks you want to be performed, including T. For example to perform all tests use --options mMOLfSGcChexdnwT


You should then test the configuration using the test files in /etc/cxs/test/ as explained in /etc/cxs/install.txt
Locked