ConfigServer eXploit Scanner

Your protection from viruses and malware

ConfigServer eXploit Scanner (CXS) is a tool that initiates active scans of files uploading on your hosting and blocks every suspicious file (quarantine). An absolutely necessary tool for hosting security and protection against any malicious activity.

ConfigServer eXploit Scanner (CXS) is a tool that initiates active scans of files uploading on your hosting and blocks every suspicious file (quarantine). An absolutely necessary tool for hosting security and protection against any malicious activity.

The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam.

CXS also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

Features

Active scanning can be performed on all text files:

Actively scans all modified files within user accounts using the CXS Watch daemon regardless of how they were uploaded.

PHP upload scripts (via a ModSecurity hook)

Perl upload scripts (via a ModSecurity hook)

CGI upload scripts (via a ModSecurity hook)

Any other web script type that utilises the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)

Pure-ftpd uploads

Exploit detection includes:

Over 4000 known current exploit script fingerprint matches (in addition to standard ClamAV detection)

Known viruses via ClamAV

Custom user specified regular expression patterns

Regular expression pattern matching

Comprehensive constant scanning of all user data using the CXS Watch daemon - scans all user files as soon as they are modified

Monitor files and directories for changes and send an email report of activity

Suspicious file names

Daily check for new Exploit Fingerprints

Suspicious file types

Binary executables

Some illegal web software installations

Check for old version of popular web scripts (e.g. Wordpress, Joomla, osCommerce)

Bayes probabillity scanning - scans scripts and passes the contents through an algorithm which produces a probability as to whether it is an exploit

... and lots more!