ConfigServer eXploit Scanner (cxs) - $75 $50 (Special Introductory Offer!)

ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server.

Active scanning is performed on all text files uploaded through:

• PHP upload scripts (via a mod_security or suhosin hook)
• Perl upload scripts (via a mod_security hook)
• CGI upload scripts (via a mod_security hook)
• Any other script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
  
• Pure-ftpd
  

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script (multiple variants, including obfuscated code regardless of file name) and files uploaded with the Gumblar Virus. It can also prevent the uploading of PHP and perl shell scripts, commonly used  to launch more malicious attacks and for sending spam.

cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

Exploit detection includes:

• Over 3000 known exploit script fingerprint matches (in addition to ClamAV detection)
• Known viruses via ClamAV
• Regular expression pattern matching to help identify unknown exploits
• Filename matching
• Suspicious file names
• Suspicious file types
• Binary exeuctables
• Custom user specified regular expression patterns
• ... and more!

Included with the cxs Command Line Interface (CLI) is a web-based User Interface (UI) to help:

• Run scans
• Schedule and Edit scans via CRON
• Compose CLI scan commands
• View, Delete and Restore files from Quarantine
• View documentation
• Set and Edit default values for scans
• Edit commonly used cxs files

Note: cxs is not a rootkit scanner, though it can help detect rootkits uploaded to user accounts.

Screenshots

1. cxs Main Page
2. cxs CLI Documentation Page
3. cxs CRON Page
4. cxs Quarantine Page
5. cxs Scan Page

Frequently Asked Questions

Please read the cxs FAQ before ordering cxs.

Product requirements:

• cPanel/WHM
• Redhat/CentOS/Fedora Linux
• Apache v2+
  
• ClamAV daemon process, for virus scanning
  
• Mod_security v2+, to enable upload script scanning
  
• Pure-ftpd, compiled with --with-uploadscript for ftp upload scanning
• csf, if you want pure-ftpd IP address blocking
  

Purchasing

cxs is a commercial product that is sold and licensed on a per server basis. Unlike competing products, it is strictly a one-time per server license purchase with updates for the life of the product, all at a reasonable price! We can perform a single installation per cxs license for you without additional charge. Please see the FAQ for more information about discounts and installation.

All purchases are subject to security checks. Please read our Ordering Terms  and License Terms before purchasing.

cxs comes free with our cPanel Service Package and Exploit Scan Service

Bulk purchase discounts are available. Please see the cxs FAQ.

Documentation

• changelog.txt
• license.txt
• version.txt