ConfigServer eXploit Scanner (cxs) is a tool from configserver that performs active scanning of files as they are uploaded to the server.

First you need to download and install cxs from the official site :

Step 1

cd /usr/src
rm -f cxs*
tar -xzf cxsinstaller.tgz
chattr -i -R /usr/local/cwpsrv/htdocs/admin/
perl ipv4
rm -fv cxsinstaller.*

replace "ipv4" with the licensed server IP.

Step 2

Then add clamd socket to cxs config for the scanner :

sed -i '$ a clamdsock=/var/run/clamd.amavisd/clamd.sock' /etc/cxs/cxs.defaults

after installing go to CWP-admin > Configserver Scripts >> ConfigServer Exploit Scanner and go through onscreen instruction, we recommend using default settings.

That's it you're done.

Troubleshoot if the CXS gui asking for clamd scanner socket run the `Step 2` command again and restart cxswatch service :

service cxswatch restart

- Malware upload over FTP/SFTP
- Malware upload using CWP User Panel
- Malware upload using any PHP version CWP has including PHP-FPM and CGI
* Upload will fail if CXS detects that file contains the malware.