cxs email reports question

Post Reply
dzamanakos
Junior Member
Posts: 7
Joined: 07 Jun 2017, 12:51

cxs email reports question

Post by dzamanakos »

Hi, i'm getting tens of thousands emails per month from cxs and the subject for most of them is in the form of :
cxs on server.server.com (Hits:1)(Viruses:0)(Fingerprints:0)
Is there a way to get this reports only when a virus is detected ?

The command that is shown in the email body is :
(/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --noforce --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRru --qoptions Mv --quarantine /quarantine/files --quiet --report /var/log/cxs.scan --sizemax 500000 --smtp --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www)

Is there any flag i can use?
Thank you in advance,
Sarah
Moderator
Posts: 921
Joined: 09 Dec 2006, 22:49

Re: cxs email reports question

Post by Sarah »

Cxs has two primary actions, as we recommend configuring it:

1) To automatically quarantine files that match as known viruses or exploits. It looks like you have configured this already.

2) To alert you to files or directories that are suspicious for one reason or another, but do not match as already known viruses or exploits. Some of the matches in this category may actually be exploits and therefore you should examine the file reported to determine whether or not it is an exploit.

If you are getting repeated reports for files that you know are not exploits, you can configure cxs to ignore them. Please see the cxs documentation for the "--ignore [file]" option as well as the file /etc/cxs/cxs.ignore or /etc/cxs/cxs.ignore.example.

It is not possible to configure cxs to scan for certain file types but not send an email if it detects them, as that would be pointless. If you do not want cxs to even scan for certain types of files or matches, then you can change the "--options" setting in your cxs command or script file (cxswatch.sh, cxsftp.sh, etc.). Please see the documentation for the various file types and how to configure the "--options" setting.
Post Reply