CXS not checking .JS files

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
Sergio
Junior Member
Posts: 1440
Joined: 12 Dec 2006, 14:56

CXS not checking .JS files

Post by Sergio »

Hi Jonathan,
yesterday a hacker managed to ftp to a compromised password on a customer and uploaded a few modified files that he downloaded previously.

All the files are java scripts with the extension .JS, I have checked the code and added the code to the xtra file, using REGALL but CXS is not checking the .js files and the files are not quarantined.

What is the best approach to check .js files?

This is an excerpt of the code injected on the file:
passtemp();}}} function passtemp(){document.write("<script src=

And here is the rule added in the xtra file:
regall:passtemp\(\)\}\}\} function passtemp\(\)\{document\.write\("\<script src\=

Any idea on how to add this is welcome.

Regards,

Sergio
ForumAdmin
Moderator
Posts: 1501
Joined: 01 Oct 2008, 09:24

Re: CXS not checking .JS files

Post by ForumAdmin »

You would have to add --deep to any scan as .js files are not server-side scripts so won't be scanned otherwise.
Sergio
Junior Member
Posts: 1440
Joined: 12 Dec 2006, 14:56

Re: CXS not checking .JS files

Post by Sergio »

Thanks for the reply, but that didn't work as well.

I am running the scan from the GUI, DEEP option is selected and doesn't catch the files infected.
ForumAdmin
Moderator
Posts: 1501
Joined: 01 Oct 2008, 09:24

Re: CXS not checking .JS files

Post by ForumAdmin »

Then I would suggest running from the command line and add --debug to the command and see if the file is being ignored for some reason.

If you still cannot find a reason and are sure that you have the entry in your --xtra [file] correctly specified, then feel free to log a ticket with access details and full information about the file you are scanning and we'll have a look for you.
Post Reply