Ignore "[\/proc\/self\/environ]" expressions

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
1 post Page 1 of 1
Junior Member
Posts: 13
Joined: 22 Apr 2016, 17:35

Can anyone outline how to configured ConfigServer to ignore all [\/proc\/self\/environ] expressions?

I get tons of emails with things like this:

----------- SCAN REPORT -----------

TimeStamp: Thu, 3 Jan 2019 00:00:03 -0700

(/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --ctime 25 --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore --mail root --options OLfmMChexdDZRP --qoptions Mv --quiet --report /root/scandaily.log --sizemax 1000000 --ssl --nosummary --sversionscan --timemax 30 --nounofficial --virusscan --voptions fmMhexT --www)

(63) alseedas, Scanning /home/XXXXXXXX/public_html:

Regular expression match = [\/proc\/self\/environ]

FYI, each of my clients HTACCESS files has the following setting which I do use settings recommended by Securitycheck Pro Prevent:

## /proc/self/environ? Go away!
RewriteCond %{QUERY_STRING} proc/self/environ [NC,OR]

I know if I comment out this setting, it would probably stop these emails but this is a useful setting to block attacks so I just need a way to config ConfigServer to disregard this setting.
1 post Page 1 of 1