ConfigServer eXploit Scanner (cxs) is a tool from configserver that performs active scanning of files as they are uploaded to the server.
First you need to download and install cxs from the official site :
Step 1
cd /usr/src
rm -f cxs*
wget https://download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
chattr -i -R /usr/local/cwpsrv/htdocs/admin/
perl cxsinstaller.pl ipv4
rm -fv cxsinstaller.*
replace "ipv4" with the licensed server IP.
Step 2
After installing go to CWP.admin > Configserver Scripts >> ConfigServer Exploit Scanner and go through onscreen instruction, we recommend to use default settings.
That's it you're done.
Troubleshoot if the CXS GUI asking for clamd scanner socket run the below command and restart cxswatch service :
Add clamd socket to cxs config for the scanner :
sed -i '$ a clamdsock=/var/run/clamd.amavisd/clamd.sock' /etc/cxs/cxs.defaults
Restart CXS service :
service cxswatch restart
TESTED BY CWP TEAM
- Malware upload over FTP/SFTP
- Malware upload using CWP User Panel
- Malware upload using any PHP version CWP has including PHP-FPM and CGI
* Upload will fail if CXS detects that file contains the malware.