ConfigServer eXploit Scanner (cxs) is a tool from configserver that performs active scanning of files as they are uploaded to the server.
First you need to download and install cxs from the official site :
cd /usr/src rm -f cxs* wget https://download.configserver.com/cxsinstaller.tgz tar -xzf cxsinstaller.tgz chattr -i -R /usr/local/cwpsrv/htdocs/admin/ perl cxsinstaller.pl ipv4 rm -fv cxsinstaller.*
replace "ipv4" with the licensed server IP.
Then add clamd socket to cxs config for the scanner :
sed -i '$ a clamdsock=/var/run/clamd.amavisd/clamd.sock' /etc/cxs/cxs.defaults
after installing go to CWP-admin > Configserver Scripts >> ConfigServer Exploit Scanner and go through onscreen instruction, we recommend using default settings.
That's it you're done.
Troubleshoot if the CXS gui asking for clamd scanner socket run the `Step 2` command again and restart cxswatch service :
service cxswatch restart
TESTED BY CWP TEAM
- Malware upload over FTP/SFTP
- Malware upload using CWP User Panel
- Malware upload using any PHP version CWP has including PHP-FPM and CGI
* Upload will fail if CXS detects that file contains the malware.