Why didn't this get quarantined?

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
ffeingol
Junior Member
Posts: 30
Joined: 07 Aug 2007, 23:13

Why didn't this get quarantined?

Post by ffeingol »

Hello,

CXS 'seems' to have identified this, but for some reason it's not getting quarantined. We've looked over the settings and we must just be missing it. Why isn't this getting quarantined?

Scanning FTP file...
Time : Tue Jan 15 07:07:35 2013 -0600
FTP user : #####
FTP file : /home/#####/public_html/cgi-bin/dm/dm.cgi
FTP owner : ##### (931)
Remote IP : ##.##.##.## (##.##.##.##)
Blocked : No
Deleted : No
Quarantined: No


----------- SCAN REPORT -----------
(/usr/sbin/cxs --qoptions Mv --timemax 30 --quiet --options mMOLfSGchexdnwZDR --doptions Mv --filemax 10000 --ignore /etc/cxs/cxs.ignore --virusscan --sizemax 500000 --ftp --summary --quarantine /home/cxs-quarantine --mail root --clamdsock /tmp/clamd --exploitscan /home/#####/public_html/cgi-bin/dm/dm.cgi)

# Suspected exploit file:
'/home/#####/public_html/cgi-bin/dm/dm.cgi'
# Linux Binary/Executable [application/x-executable]:
'/home/#####/public_html/cgi-bin/dm/dm.cgi'
Sarah
Moderator
Posts: 921
Joined: 09 Dec 2006, 22:49

Re: Why didn't this get quarantined?

Post by Sarah »

Your command line includes this: --qoptions Mv

This means only fingerprint matches and viruses will be quarantined. You should read the documentation about the qoptions setting and decide whether you want other file types to be quarantined and which ones. Bear in mind that there are likely to be false positives for most other types of matches besides fingerprints and viruses.

Regards,
Sarah
ffeingol
Junior Member
Posts: 30
Joined: 07 Aug 2007, 23:13

Re: Why didn't this get quarantined?

Post by ffeingol »

Hello Sarah,

Thank you very much
Post Reply