as always thanks for this great script that seems to be like the wine on time, every time is getting better,
Jonathan, could it be possible to have a CLEAN button that could repair a hacked file?
The CLEAN button could be associated with a file called CXS.CLEAN or with a form box where we could write the exact match of a particular code that we want to clean on one or more files at once, this will be a really nice addition to CXS and will save us a lot of time.
To elaborate a little bit further, this cleaning could be performed only in ascii files.
What you think?
I was clearing up a site earlier and was thinking through the process.
I get an email with all the exploits/fingerprints/viruses etc but then cut out the filename from the email, paste in to a shell to view it and then I decide to either delete the file, quarantine it or edit it. Sometimes that's a lot of cutting/pasting.
Automating that process would be useful. So, could the email/report link to a web UI?
Each link in the report then opens the file in a web based text editor preferably with the exploit highlighted and the error message (Known exploit = [Fingerprint Match] [PHP Exploit [P0902]] etc). From there it's either edit and save, delete file or quarantine. Repeat for each exploit in the report.
Possible? Would this need changes to cxs or could a 3rd party pull in the logs?