ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page

Store Closure for Short Break

We will be closing our Store, Email and Helpdesk from 09:00 GMT Wednesday, 30 November 2022 to 09:00 GMT Wednesday, 7 December 2022. No orders, support requests or sales emails will be processed between those dates.

If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.

There was a problem loading the comments.

How can I add my own exploit fingerprints so that cxs will detect certain files?

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
First you should run cxs directly against the file and ensure that it is NOT detected by either the fingerprint or virus option. I.e.:

cxs --options Mv /path/to/file
If it is not detected, you can submit the files to us using the --wttw option and we will examine them to determine whether they should be added to the fingerprint database. Alternatively, you can create your own fingerprints for them - information is in the cxs documentation under the option --MD5.

For example, if you have a file called exploit.php that you want to add to the fingerprints, run the following command:

md5sum exploit.php
You'll get something like this:

28f2623f836e5376bbd81782fda1be29 exploit.php
Add the result to /etc/cxs/cxs.xtra like this:

md5sum:28f2623f836e5376bbd81782fda1be29
And make sure that you add the --xtra option to your command line in the cxs script files that you are using for scanning (cxsftp.sh, cxscgi.sh, cxswatch.sh):

--xtra /etc/cxs/cxs.xtra
For instance, if your cxs command line in cxscgi.sh is this:

/usr/sbin/cxs --quiet --cgi --smtp --mail root -Q /home/quarantine --qoptions Mv "$1"
You should change it to:

/usr/sbin/cxs --quiet --cgi --smtp --mail root -Q /home/quarantine --qoptions Mv --xtra /etc/cxs/cxs.xtra "$1"
If you are running cxswatch it is best to restart it when you make changes to cxs.xtra or cxs.ignore.

Share via

Related Articles


Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services