First you should run cxs directly against the file and ensure that it
is NOT detected by either the fingerprint or virus option. I.e.:
cxs --options Mv /path/to/file
If it is not detected, you can submit the files to us using the
--wttw option and we will examine them to determine whether they should
be added to the fingerprint database. Alternatively, you can create your
own fingerprints for them - information is in the cxs documentation
under the option --MD5.
For example, if you have a file called exploit.php that you want to add to the fingerprints, run the following command:
You'll get something like this:
Add the result to /etc/cxs/cxs.xtra like this:
And make sure that you add the --xtra option to your command line in
the cxs script files that you are using for scanning (cxsftp.sh,
For instance, if your cxs command line in cxscgi.sh is this:
/usr/sbin/cxs --quiet --cgi --smtp --mail root -Q /home/quarantine --qoptions Mv "$1"
You should change it to:
/usr/sbin/cxs --quiet --cgi --smtp --mail root -Q /home/quarantine --qoptions Mv --xtra /etc/cxs/cxs.xtra "$1"
If you are running cxswatch it is best to restart it when you make changes to cxs.xtra or cxs.ignore.