ConfigServer eXploit Scanner (cxs) | Server Malware Protection | Web Hosting Bangalore (Bengaluru), India

eXploit Scanner (cxs)

Realtime malware protection for your cPanel server

ConfigServer eXploit Scanner (cxs)

ConfigServer eXploit Scanner (cxs) is a tool from us that performs active scanning of files as they are uploaded to the server. Initial installation with recommended configuration options is included with the license.

Active scanning can be performed on all text files:
 Actively scans all modified files within user accounts using the cxs Watch daemon regardless of how they were uploaded
 PHP upload scripts (via a ModSecurity hook)
 Perl upload scripts (via a ModSecurity hook)
 CGI upload scripts (via a ModSecurity hook)
 Any other web script type that utilises the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)
 Pure-ftpd uploads

The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam. cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

Purchasing: cxs is a commercial product that is sold and licensed on a per server basis. Unlike competing products, it is strictly a one-time per server license purchase with updates for the life of the product, all at a reasonable price! Initial default installation on a single server per license is included in the price. Please see the FAQ for more information about discounts and installation.

Exploit detection includes:
 Over 4000 known current exploit script fingerprint matches (in addition to standard ClamAV detection)
 Known viruses via ClamAV
 Regular expression pattern matching to help identify known/unknown exploits
 Filename matching
 Suspicious file names
 Suspicious file types
 Binary exeuctables
 Some illegal web software installations
 Custom user specified regular expression patterns
 Comprehensive constant scanning of all user data using the cxs Watch daemon - scans all user files as soon as they are modified
 Daily check for new Exploit Fingerprints
 Check for old version of popular web scripts (e.g. Wordpress, Joomla, osCommerce)
 Bayes probability scanning - scans scripts and passes the contents through an algorithm which produces a probability as to whether it is an exploit
 Monitor files and directories for changes and send an email report of activity
 IP Reputation System. The system provides a variety of IP blocklists gathered from information that is submitted by participating servers. This dual aspect provides the information to help protect the server using the reputation from active attacks
 Major update to Script Version Scanning. cxs now scans for more than 200 individual applications, more than 200 WordPress plugins and more than 200 Joomla Extensions. Over 700 in total!
 New in v8: cxs Setup Wizard to the UI for easy first-time configuration
 New in v8: cxs Command Wizard to help create effective scan commands
 New in v8: new quarantine interface via an SQLite database
 New in v8: statistics to provide information at a glance as to what cxs has been doing
 New in v8: command Wizards to help configure cxs Watch, Modsecurity and FTP
 New in v8: cxs Daily/Weekly Scan Wizard, to create and modify cron jobs in /etc/cron.d/cxs-cron
... and lots more!
Web-based User Interface:

Included with the cxs Command Line Interface (CLI) is a web-based User Interface (UI) to help:

 Run scans
 Schedule and Edit scans via CRON
 Compose CLI scan commands
 View, Delete and Restore files from Quarantine
 View documentation
 Set and Edit default values for scans
 Edit commonly used cxs files

Note: cxs is not a rootkit scanner, though it can help detect rootkits uploaded to user accounts.

Product requirements:
 Server with static IPv4 address (for licensing)
 Redhat/CentOS/CloudLinux Linux v6/7
 Apache v2+
 ClamAV daemon process, for virus scanning
 SQLite v3, for the quarantine, report and statistics database
 ModSecurity v2+, to enable upload script scanning (not supported for litespeed, nginx, etc. - only Apache v2+)
 Pure-ftpd, compiled with --with-uploadscript for ftp upload scanning
 csf, if you want pure-ftpd or ModSecurity IP address blocking

One-Time License Fee: ₹ 5000

Installation and configuration is complementary. Please contact us if you need to protect multiple servers.

Note: GST @ 18% will be charged in addition to the price displayed.