ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

Please help me with file ignore

https://forum.configserver.com/viewtopic.php?t=9003

Page 1 of 1

Please help me with file ignore

Posted: 07 Oct 2015, 13:47
by fzamaan
Hello,

I am in badly need of getting two php files ignored from qurantain. i did the following steps. but still it qurantaines :(

1.
#touch /etc/cxs/cxs.ignore
#chmod 644 /etc/cxs/cxs.ignore

2.
#nano cxs.ignore

and added the two files to the bottom of the existing content


......
hdir:/etc
hdir:/mail
hdir:/tmp
hdir:/.cagefs
hdir:/.fantasticodata
hdir:/.rvsitebuilder
hdir:/.sqmaildata
hdir:/.trash
hdir:/.quarantine
hdir:/quarantine_clamavconnector
hsym:/access-logs
hfile:/public_html/cgi-bin/randhtml.cgi
hfile:/public_html/cgi-bin/entropybanner.cgi
hfile:/public_html/cgi-bin/cgiemail
hfile:/public_html/cgi-bin/cgiecho
hfile:/public_html/cgi-bin/cpdownload/cpaneldownacct.cgi
hfile:/public_html/cgi-bin/cpdownload/cpaneldownload.cgi
hfile:/public_html/cgi-bin/cpdownload/cpanelkill.cgi
hfile:/public_html/cgi-bin/cpdownload/cpanelwrap.c
hfile:/public_html/cgi-bin/cpdownload/cpanelwrap.cgi
pfile:^/tmp/clamav-.*
pdir:^/tmp/clamav-.*
pfile:^/tmp/cxs_.*
md5sum:f3c8aaf882d1ed25a7f5fe7fd2ee4d9d
file:/home/mindcalc/public_html/wp-content/themes/classroom_math_ote061/functions.php
file:/home/mindcalc/public_html/wp-content/themes/classroom_math_ote061/footer.php

Kindly help me with this issue.

Thank you
john

Re: Please help me with file ignore

Posted: 07 Oct 2015, 17:49
by Michael_Inet-Design
Probably overkill, but try:

hfile:/public_html/wp-content/themes/classroom_math_ote061/functions.php
hfile:/public_html/wp-content/themes/classroom_math_ote061/footer.php

That should test if the "file:" format is non-functional or if you've made a typo in your file path/name.

Best,
Michael

Re: Please help me with file ignore

Posted: 08 Oct 2015, 06:06
by fzamaan
Hello,
i tried all this and no luck :(

hfile:/home/mindcalc/public_html/wp-content/themes/classroom_math_ote061/functions.php
hfile:/home/mindcalc/public_html/wp-content/themes/classroom_math_ote061/footer.php
hfile:/public_html/wp-content/themes/classroom_math_ote061/functions.php
hfile:/public_html/wp-content/themes/classroom_math_ote061/footer.php

Re: Please help me with file ignore

Posted: 08 Oct 2015, 08:55
by Sarah
Have you added --ignore /etc/cxs/cxs.ignore to your cxs command, i.e. in /etc/cxs/cxswatch.sh?

Re: Please help me with file ignore

Posted: 08 Oct 2015, 10:28
by fzamaan
oh no idea about that. can you kindly give me some more info on --ignore and cxswatch.sh?
you have not mentioned anything related to cxswatch.sh here at "Dealing with false-positives in cxs"
viewtopic.php?t=2910

Re: Please help me with file ignore

Posted: 08 Oct 2015, 10:45
by Sarah
I assume you are using cxswatch. If you want cxswatch to ignore anything, you have to tell it where to find the file with the ignore information. The only way to configure this is to modify the command line in the file /etc/cxs/cxswatch.sh. In the cxs documentation, all of the settings to be used with cxs commands are described, including --ignore.

Edit cxswatch.sh and add "--ignore /etc/cxs/cxs.ignore" to the cxs command line, and then restart cxswatch.

Re: Please help me with file ignore

Posted: 08 Oct 2015, 11:09
by fzamaan
Hello,

i figured it out, i added the thing to the end of the line and it works now.
Thank you for the support.

/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp --mail root --quarantine /home/quarantine/ --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300 --ignore /etc/cxs/cxs.ignore

Re: Please help me with file ignore

Posted: 08 Oct 2015, 11:10
by fzamaan
Thanks sarah for the additional information.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited