If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
----------- SCAN REPORT -----------
(/usr/sbin/cxs --allusers --clamdsock /tmp/clamd --deep --doptions Mv --exploitscan --filemax 0 --ignore /etc/cxs/cxs.ignore --logfile /var/log/cxs.log --mail --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --report /var/log/cxs.scan --sizemax 500000 --smtp --summary --timemax 30 --virusscan --voptions hx --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --Wsymlink /etc/cxs/symlinkdisable.example.pl --Wsymlinkmax 5 --Wsymlinksec 300 --www)
cxswatch Scanning /home/slysaor/public_html/images/xxu.php:
# Suspicious image file (hidden script file):
I have allot of files I'm seeing like this and they are all remote access scripts that gives full control to the site.
- If all have the same file name you can add the following command to your cxs.xtra file:
- If you have a piece of code of script, you can use the following command on you cxs.xtra file:
regphp:[a piece of code written in regex notation]
Thanks for the reply I added it as you suggested which seemed to work initially all those files were found however this morning they are all back and all cxs is doing is warning about suspicious files instead of quarantining the files which is very strange.
This is what I have in the xtra file
Thanks in advance,