ConfigServer eXploit Scanner Nulled (cxs) is a tool from us that performs active scanning of files as they are uploaded to the server. Initial installation with recommended configuration options is included with the license.
Exploit detection includes Features
- Over 4000 known current exploit script fingerprint matches (in addition to standard ClamAV detection)
- Known viruses via ClamAV
- Regular expression pattern matching to help identify known/unknown exploits
- Filename matching
- Suspicious file names
- Suspicious file types
- Binary executables
- Some illegal web software installations
- Custom user specified regular expression patterns
- Comprehensive constant scanning of all user data using the cxs Watch daemon – scans all user files as soon as they are modified
- Daily check for new Exploit Fingerprints
- Check for old version of popular web scripts (e.g. WordPress, Joomla, osCommerce)
- Bayes probability scanning – scans scripts and passes the contents through an algorithm which produces a probability as to whether it is an exploit
- Monitor files and directories for changes and send an email report of activity
- IP Reputation System. The system provides a variety of IP blocklists gathered from information that is submitted by participating servers. This dual aspect provides the information to help protect the server using the reputation from active attacks
- Major update to Script Version Scanning. cxs now scans for more than 200 individual applications, more than 200 WordPress plugins and more than 200 Joomla Extensions. Over 700 in total!
- cxs Setup Wizard to the UI for easy first-time configuration
- cxs Command Wizard to help create effective scan commands
- new quarantine interface via an SQLite database