ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page
There was a problem loading the comments.

How can I add my own exploit fingerprints so that cxs will detect certain files?

Support Portal  »  Knowledgebase  »  Viewing Article

First you should run cxs directly against the file and ensure that it is NOT detected by either the fingerprint or virus option. I.e.:

cxs --options Mv /path/to/file
If it is not detected, you can submit the files to us using the --wttw option and we will examine them to determine whether they should be added to the fingerprint database. Alternatively, you can create your own fingerprints for them - information is in the cxs documentation under the option --MD5.

For example, if you have a file called exploit.php that you want to add to the fingerprints, run the following command:

md5sum exploit.php
You'll get something like this:

28f2623f836e5376bbd81782fda1be29 exploit.php
Add the result to /etc/cxs/cxs.xtra like this:

And make sure that you add the --xtra option to your command line in the cxs script files that you are using for scanning (,,

--xtra /etc/cxs/cxs.xtra
For instance, if your cxs command line in is this:

/usr/sbin/cxs --quiet --cgi --smtp --mail root -Q /home/quarantine --qoptions Mv "$1"
You should change it to:

/usr/sbin/cxs --quiet --cgi --smtp --mail root -Q /home/quarantine --qoptions Mv --xtra /etc/cxs/cxs.xtra "$1"
If you are running cxswatch it is best to restart it when you make changes to cxs.xtra or cxs.ignore.

Share via

Related Articles

Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services