ConfigServer eXploit Scanner
Your protection from viruses and malware
ConfigServer eXploit Scanner (CXS) is a tool that initiates active scans of files uploading on your hosting and blocks every suspicious file (quarantine). An absolutely necessary tool for hosting security and protection against any malicious activity.
ConfigServer eXploit Scanner (CXS) is a tool that initiates active scans of files uploading on your hosting and blocks every suspicious file (quarantine). An absolutely necessary tool for hosting security and protection against any malicious activity.
The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam.
CXS also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.
Features
Active scanning can be performed on all text files:
Actively scans all modified files within user accounts using the CXS Watch daemon regardless of how they were uploaded.
PHP upload scripts (via a ModSecurity hook)
Perl upload scripts (via a ModSecurity hook)
CGI upload scripts (via a ModSecurity hook)
Any other web script type that utilises the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)
Pure-ftpd uploads
Exploit detection includes:
Over 4000 known current exploit script fingerprint matches (in addition to standard ClamAV detection)
Known viruses via ClamAV
Custom user specified regular expression patterns
Regular expression pattern matching
Comprehensive constant scanning of all user data using the CXS Watch daemon - scans all user files as soon as they are modified
Monitor files and directories for changes and send an email report of activity
Suspicious file names
Daily check for new Exploit Fingerprints
Suspicious file types
Binary executables
Some illegal web software installations
Check for old version of popular web scripts (e.g. Wordpress, Joomla, osCommerce)
Bayes probabillity scanning - scans scripts and passes the contents through an algorithm which produces a probability as to whether it is an exploit
... and lots more!