Page 1 of 1

How to block suspicous files from being uploaded

Posted: 12 Nov 2009, 10:26
by ForumAdmin
There are two files that you need to modify to allow blocking:

For FTP: /etc/cxs/cxsftp.sh

For Web Scripts: /etc/cxs/cxscgi.sh

1. If you simply want to delete suspicious uploads, add the --delete switch to cxsftp.sh and/or cxscgi.sh

2. If you want to quarantine files, then you need to pre-create the quarantine directory, e.g.:

mkdir /home/quarantine
chmod 1777 /home/quarantine


Then you need to add the --quarantine /home/quarantine switch to cxsftp.sh and/or cxscgi.sh

If you only want to quarantine viruses and fingerprint matching uploads add --quarantine /home/quarantine --qoptions vM switch to cxsftp.sh and/or cxscgi.sh

3. If you want to prevent any type of script being uploaded (e.g. through a web upload script) then you need to modify /etc/cxs/cxscgi.sh and the switch --options together with a list of the checks you want to be performed, including T. For example to perform all tests use --options mMOLfSGcChexdnwT


You should then test the configuration using the test files in /etc/cxs/test/ as explained in /etc/cxs/install.txt