ChangeLog: v2.47 - Added new advanced PHP decoders for --decode ([D]) Change main cxs Watch process name during startup while still starting Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.46 - Added two new advanced PHP decoders for --decode ([D]) Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.45 - Modification to quarantine to ensure unique filenames Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.44 - Added new --ignore [file] option pscript: - regex of web script to ignore Set --options [P] ftp timeout to 10 seconds Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.43 - SECURITY FIX. Anyone running cxs on a DirectAdmin server should upgrade to this release immediately Add check for successful open of admin.list on DA servers to avoid a segfault, which could lead to a buffer overflow v2.42 - Fixed problem where dir: ignores where not being fully implemented in single file scans Fixed problem where dir: and hdir: ignores where not being fully implemented by the cxs Watch daemon when auto-reloading an ignore file Exploit fingerprint definitions database additions v2.41 - Developed another new advanced PHP decoder for --decode ([D]) Fixed advanced decoder output formatting when using --decode [file] Exploit regex definitions database additions v2.40 - Modifications to cxs Watch daemon so that it no longer needs to completely restart if changes to --xtra [file] are detected Added detection and decoding of Hex encoding to advanced PHP decoders Exploit fingerprint definitions database additions v2.39 - Memory management and speedup improvements for cxs Watch Daemon Improvements to advanced PHP decoders to --decode ([D]) Corrected cxs POD to read --upgrade instead of --update Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.38 - Added more advanced PHP decoders to --decode ([D]) Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.37 - cxs Watch - report error if unable to increase /proc/sys/fs/inotify/max_user_watches Further improvements to --timemax [secs] reports Further improvements to error reporting during scans Exploit fingerprint definitions database additions v2.36 - cxs Watch will now restart if a change to a specific --xtra [file] is made. This triggers a full restart of cxs Watch Improvements to --timemax [secs] Improvements to error reporting during scans Added more advanced PHP decoders to --decode ([D]) Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.35 - Added new option --timemax [secs]. Scan timeout per file in seconds to prevent looping. Default is 30 seconds Additional logging on cxs watch startup to show the progress of user account inotify setup Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.34 - Modifications to the UI Updates to the failure detection of the quarantine procedure New option --force. If --force is not used then cxs will refuse to scan within restricted directories: /usr /var /bin /lib /lib64 /boot Modified daily update check to only restart cxs Watch if updates are actually new Modified cxs Watch to no longer require a /scripts/postwwwacct entry (which is now ignored) as it now monitors /var/cpanel/users/ for new users on cPanel servers Exploit fingerprint definitions database additions v2.33 - Redesigned cxs UI, included functions for controlling cxs Watch Added TERM logging to the cxs Watch daemon to signify termination v2.32 - Added init script for cxswatch daemon on cPanel servers. This is instead of using /etc/rc.local to start the daemon and can also be used to stop/start/restart/status the daemon. See the cxs documentation for more information Added entry to chkserv.d on cPanel servers so that cPanel will monitor the cxswatch daemon using tailwatchd. See the cxs documentation for more information v2.31 - Fixed issue with tarball and zip file contents checking Further improvements to the Fingerprint matching system Exploit fingerprint definitions database additions v2.30 - Significant speedups for pattern matching Improvements to the Fingerprint matching system which includes speedups and additional identification methods Fixed error message for scanning an non-existent file Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.29 - Fixed problem with quarantine file naming convention causing duplicate file names under certain circumstances and failing to quarantine the second instance Fixed spurious Cpanel::Version::gettree() warning in cPanel error log Exploit regex definitions database additions v2.28 - Fixed problem with cxs Watch daemon restart introduced in v2.2.27. You will have to manually restart any running cxs Watch daemon after this upgrade If BSD::Resource perl module is installed, double the configured process stack size to help avoid Segmentation Faults Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.27 - New --options [P]. This option will search standard web application configuration files for MySQL database passwords. It will then attempt to login via FTP on localhost with the username of the account being processed and the detected password (it will attempt up to two password hits per configuration file). If the login is successful, the option will trigger a match. See CLI documentation for more info Separated and highlighted advanced Exploit Scan options in the UI that can affect user data and/or produce false-positives in the vain hope it will stop some people just ticking everything and then wondering where their files have gone Added Net::FTP to the perl module requirements (this is a core perl module so should already be installed) New options --uidmin [uid] and --uidmax [uid] for the GENERIC install when used with --allusers. These have no effect on cPanel and DA Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.26 - Added new option for --xtra [file]: regfile: which is a regular expression match for a file or directory name Added new CLI option --smtp. This will send emails generated by --mail [email] via localhost SMTP instead of sendmail Added MIME::Base64 and Net::SMTP to the perl module requirements (both are core perl modules so should already be installed) v2.25 - Fix for UI version processing issue v2.24 - Allow binary submissions via --wttw Improvements to --decode ([D]) option Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.23 - Improved cxs Watch daemon scanning to include moved files to detect files uploaded by the cPanel File Manager Fixed bug where --cleanlog [file] was not logging the filename for cxsftp.sh scanning Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.22 - Exploit regex definitions database correction v2.21 - Speedups to --decode ([D]) option Improvements to decode regex Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.20 - Fixed issue with MD5 setting via UI when saving to defaults Improvements to regex validation to any specified --ignore or --xtra files Improvements to decode regex Improvements to --decode ([D]) option Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.19 - Added regex validation to any specified --ignore or --xtra files Added quarantine failure reason to messages Improvements to --decode ([D]) option to no longer use temporary files If [Fingerprint Match] found also perform a Virus Scan Automatically ignore --quarantine [dir] during scans Improvements to fingerprint matching Added new option --MD5 to display a matched file md5sum. See docs for more information Added new option md5sum: to --ignore [file]. See docs for more information Added new option md5sum: to --xtra [file]. See docs for more information Added new option "Ignore MD5" to cxs Quarantine UI for ftp, web and scan entries Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.18 - Further improvements to Filetype detection v2.17 - Added hdir:/quarantine_clamavconnector to the csf.ignore.example file Improvements to php script detection where extension is not .php Filetype detection speedups Filetype differentiation between MS-DOS and MS Windows executables Added new option --Wrefresh. To keep the cxs Watch daemon up to date, it will restart every 7 days by default. To change this interval, you can set B<--Wrefresh [days]> Improvements to the decode regex Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.16 - Further improvements to the check for PHP code hidden in GIF image files for "hidden script file", regex matching and decode scanning v2.14 - Improvements to the check for PHP code hidden in GIF image files for "hidden script file", regex matching and decode scanning Add link to the Changelog when cxs is upgraded If an ignore file us used with cxs Watch daemon and the ignore file is modified, cxs Watch will reload the ignore file and restart the child processes. However, after making a large number of changes to the ignore file or if adding puser: or user: to the ignore file, the cxs Watch daemon should be manually restarted Improved cxs Watch logging when suspicious file found and --Wloglevel set to 0 Exploit fingerprint definitions database additions v2.13 - During cxs Watch startup default to the POSIX locale to avoid error message ambiguity for intotify from the kernel Improvements to --decode ([D]) option Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.12 - Improvements to --decode ([D]) option Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.11 - Further SECURITY improvements to Quarantine functionality All cxs users should upgrade to this release immediately v2.10 - Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue All cxs users should upgrade to this release immediately v2.09 - New --options [R]. It will trigger a match for the inbuilt regex used by --options [D] when decoding PHP encoded (base64, etc) scripts Improvements to --decode ([D]) option so that both the last and the penultimate decode level are both scanned Added improved code for dropping privileges to the "nobody" user while running the interactive php interpreter as root Ensure Quarantine only works on files Updated UI text for options Removed duplicated regex definitions from the database now that --options [R] has been added. Be sure to add R to your --options lists if you specify them if you still want to trap these. v2.08 - Removed code that dropped privileges to the "nobody" user while running the interactive php interpreter as it broke subsequent scanning at depth Exploit regex definitions database additions Exploit fingerprint definitions database additions v2.07 - Improvements to --decode ([D]) option New Feature - Added daily check for new Exploit Fingerprints. If cxs is scheduled to check for a new version daily, an additional check for new Exploit Fingerprints released since the last cxs version is performed. These will be downloaded and used on subsequent scans Exploit fingerprint definitions database additions v2.06 - Fixed bug in application type detection introduced in v2.04 which restricted script specific regex detection from working correctly Exploit fingerprint definitions database additions v2.04 - Added Quarantine UI option to block FTP IP addresses in csf Fixed Quarantine UI display problems Added option --tscripts [list] which is a comma separated list of scripts that --options [T] will detect if you want to restrict which types are checked Exploit fingerprint definitions database additions v2.03 - Improvements to --decode [file] - don't process ignore file Speedups for --options [D] Speedups for cxs Watch daemon startup Fixes to cxs Watch daemon when processing new and --Wadd [file] directories where --ignore [file] and --filemax [num] were not applied Improvements to hdir, hfile and hsym processing for --ignore [file] Adjustments to --Wloglevel [num] Improvements to FTP IP detection v2.02 - Fixed bugs in --decode [file] output report and improved content of the report Exploit fingerprint definitions database additions v2.01 - Modified --decode [file] and --options [D] to drop privileges to the "nobody" user while running the interactive php interpreter and on the ownership of the decoded file while processing it v2.00 - Added new scanning option: cxs Watch. This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods. This new feature requires: Redhat/CentOS v5+ (i.e. a kernel that supports inotify) Linux::Inotify2 Perl module Systems that do not meet these requirements can continue to use the ftp and web script upload scanning methods. See the documentation for more information about this new option under --Wstart --options [D] now enabled by default to improve exploit detection rates (default options:mMOLfSGchexdnwZD) Updated POD documentation, including a new RECOMMENDATIONS section Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.56 - Reinstated the Scan Report header for the --all option lost in v1.55 Added new option --www to only scan within the public_html/ directory when using --allusers or --user [user] Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.55 - Modified FTP IP Address lookup code to only read the last 64K of the relevant log file, improving lookup speed and resource usage Made /etc/init.d/pure-uploadscript LSB compliant Exploit fingerprint definitions database additions v1.54 - Added a note to the CGI alert email for ModSecurity false-positives where the request body is inspected before Apache has a chance to determine whether the called script exists (i.e. a 404) Added new option --wttw [file] which is available for submitting text exploits (i.e. PHP, Perl, Shell) to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. Please be sure to read the documentation before using this option Exploit fingerprint definitions database additions v1.53 - Sort File::Find directory traversal/files alphabetically Multiple scanning performance and resource usage improvements --voptions [M] removed as it serves no function Added text for --options [M] (Known exploit) where we have it Improvements to relative path file/directory scanning Exploit fingerprint definitions database additions v1.52 - Ignore SIGPIPE when using --decode (--options [D]) while running interactive php interpreter, which caused scans to abort Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.51 - Sort Quarantine UI users If --quarantine or --delete fails (e.g. an immutable file), report failure to do so. Failure to quarantine will no longer attempt removal of the original file Only "View" quarantine files in UI if they are text files Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.50 - Fixed a problem with the use of File::Copy and the quarantine system where files that are moved across file systems do not retain the correct permissions v1.49 - Display complete cxs command options at the top of reports, not just the CLI command (i.e. include defaults and cxs.default entries) Added a "View Quarantine" button at the bottom of the "View Quarantine User" UI page to return to the quarantine view Added default clamd rpm and apt-get socket location detection (/var/run/clamav/clamd.sock and /var/run/clamav/clamd.ctl) DirectAdmin development work (not currently supported) (RedHat Enterprise v3+/CentOS v3+/Debian v5+) Added code for future multiple license servers Fixed a problem with the use of File::Copy and the quarantine system where files that are moved across file systems do not retain the correct ownership Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.48 - Modified FTP scanning to honour hfile: ignore file entries Fixed problem with --qoptions [] sending all scan result matches to quarantine after a single legitimate match was found, regardless of the --qoptions [] specified v1.47 - Fixed problem with UI upgrade sleeping before upgrading (as introduced for cron jobs). Upgrading to this version will still sleep through the UI, but subsequent versions should be fine. Instead of using the UI, using the CLI will avoid this problem for this upgrade, i.e.: cxs -U v1.46 - Restore from quarantine in UI now preserves file ownership of the restored file Prefill UI Quarantine directory if set in cxs.defaults Added new option to Quarantine UI to bulk Restore files in the same way as bulk Delete works Exploit fingerprint definitions database additions v1.45 - Added new option --qoptions [mMOLfSGchexdnwTEv]. By default --quarantine [dir]> will move all file matches. If --qoptions [] is also used then only the selected file types will be moved Added --qoptions [mMOLfSGchexdnwTEv] to UI Improvements to --decode ([D]) option Added --upgrade timer to sleep for up to 1800 seconds when running as a cron job to avoid overloading the license server Added the the --jumpfrom [user] and --jumpto [user] options to the UI Exploit fingerprint definitions database additions v1.44 - Added Quarantine option to UI Modified the --jumpfrom [user], --jumpto [user] options so a special value can be used for the from and to [user] using a single letter then a plus sign to scan those users whose name begins with the letter specified (not case sensitive). Again, this is inclusive. For example, to scan all accounts beginning with k through to g use: --jumpfrom k+ --jumpto g+ Improvements to --decode ([D]) option Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.43 - Improvements to --decode ([D]) option. If the final decode depth results in a php Parse error, the previous depth is scanned instead. This improves the likelihood of a successful decode and scan Improvements to --decode ([D]) option. Decode PHP scripts in memory using the interactive php interpreter instead of using temporary files Improvements to --decode ([D]) option. Add timeout to php interpreter to avoid decoding hangs Exploit fingerprint definitions database additions v1.42 - Suppress error output from Archive::Zip v1.41 - Enabled option --options [Z] by default for scanning within compressed archives Suppress error output from Archive::Tar Exploit fingerprint definitions database additions v1.40 - Improved detection of ruby and c exploits Added the ability to use --quarantine and --delete when performing a manual or scheduled scan. However, since the likelihood of a false-positive is relatively high, this is not recommended without care and understanding of the implications Added test for existence of --quarantine [dir]. If it does not exist an error will be shown and the scan will continue with the quarantine directive disabled New --options [Z]. This option decompresses archives (i.e. zip, tar, tar.gz and tar.bz2 files) and scans each file within the archive using the same options provided to the original scan Added --options [Z] to WHM UI Updated perl modules requirements to now include: Archive::Zip and Archive::Tar Cater for single quotes in cron jobs in the WHM UI Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.39 - Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.38 - Improvements to --decode ([D]) option Added [D] option to WHM UI Fixed typo in WHM UI More detailed message for when --filemax reached in a directory Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.37 - Fixed bug in --options [D] when running under a non-root account Modified --script [script] execution to prevent stray output from [script] when --quiet used Added retry timeout in WHM UI for checking www.configserver.com for new version information (to avoid repeated hangs when unreachable) Included additional instructions in install.txt to install additional unofficial ClamAV databases from Sanesecurity Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.36 - Significant Improvements to --decode ([D]) option Added verbose switch to example cPanel Account Suspend perl script Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.35 - Optimised fingerprint definitions database Removed fingerprint definitions database false-positive v1.34 - Fixed licensing issue with v1.33 v1.33 - Updated example cPanel Account Suspend perl script to be verbose cxs startup speedups Add support to --script to pass the username when using --user [user] Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.32 - Include an example cPanel Account Suspend perl script for use with --script /etc/cxs/cpanelsuspend.pl Exploit fingerprint definitions database additions v1.31 - Always exit if ftp/cgi user is listed in a specified ignore file Disable pure-uploadscript if /etc/cxs/ftpddisable exists (in addition to /etc/ftpddisable) Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.30 - Added new option --script [script] which runs an external script whenever a match is detected against a file. See documentation for more information Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.29 - Significant improvements to --decode [file] Increased LWP timeout to cater for servers with slow connections to the license server Added total Viruses and Fingerprint Matches to the --mail Subject Added total Fingerprint Matches to the --summary Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.28 - If ftp is disabled in cPanel do not start pure-uploadscript New --options [E]. This option will match scripts that send out email using sendmail, exim or via SMTP. This option requires that --options [m] is also specified Improvement to --decode [file] variable detection Improvements to various eval() regex matches Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.27 - Fixed issue introduced in v1.26 that prevented ignoring of hdir and hfile options in an ignore file v1.26 - Allow the use of --background (-B) in cxsftp.sh Skip processing a home directory of / when using --all Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.25 - Improved handling of --decode failures Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.24 - Improvements to --decode [file] Add the cxs command line to a report even if the scan report is empty Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.23 - Fixed a false-positive detection of c/c++ source files Added filename legend to View option UI in Other Files For single or multiple user scans, Symlinks within the homedir will now be ignored Removed [\;\|\`\\] regex checks from the [f] and [d] --options, as it appears to be of little value (you could always add back such a check using a similar regex entry in an xtra file) Modified hidden text in image file check to only report if the text is script code Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.22 - Fixed --options [D] output not going to a --report [file] Improvement to --decode [file] variable detection Exploit fingerprint definitions database additions v1.21 - Added UID check to ensure updates are only performed by root (UID=0) New --options [D]. This is an experimental option that puts any PHP scripts containing an eval() function that decodes base64 and rot13 data through the (experimental) --decode [file] option during a scan. This will then highlight the decoded result if it hits any regex, fingerprint or virus scan matches Added eval(str_rot13 to --decode [file] Fixed --decode [file] not scanning final decoded result with regex definitions and fingerprints Improvements to --decode [file] detection and processing Modified pure-uploadscript init file to cope with multiple pure-ftpd pids on restart and to stop pure-ftpd more cleanly Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.20 - Improvements to regex definitions database Added new ignore options for sym:, psym: and hsym: to allow ignoring of symlinks Modified --generate to add sym: for symlinks to ignore file All UI user selections modified to be dropdown lists Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.19 - Fixed bug preventing csf from blocking FTP IP addresses when --block used Added failure message from csf to FTP email if deny fails Added new exploit scanning option W to be used with --option (must be explicitly added to the options list - the same way as the C option). The W option will chmod all world writable directories found to 755. Use this option with care as it could prevent web scripts from functioning on non-suPHP or non-SUEXEC enabled systems v1.18 - Scanning speedup when using --voptions Improvements to --decode performance and effectiveness New optimised fingerprint database. This new database, though with fewer entries, is better targetted at detecting relevant exploits that ClamAV misses (the majority!) Changed "Match for fingerprint of an exploit" to "Known exploit = [Fingerprint Match]" Changed "Match for regular expression (regex)" to "Regular expression match = [regex]" v1.17 - Fixed email " (Hits:nn)" not totalling all accounts hits v1.16 - Removed spurious "set to skip" message text Added " (Hits:nn)" to the Subject line of email reports Added new option --ulist [file] for use with the --all option to perform scans of only those users listed in [file] Regex scanning improvements Disable default deep scanning on FTP and web script uploads to help avoid false-positives. If you want to continue deep scanning add --deep to cxsftp.sh and/or cxscgi.sh Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.15 - Added breakout if --decode [file] depth is > 250 to prevent looping Fixed problem with quarantine UI to cope with a trailing slash on the --quarantine [dir] statement Improved detection of the quarantine directory in UI Added DNS lookups on FTP IP address reports Allow the use of floating point numbers with --throttle [num] Added "Ignore" option for FTP quarantines files to Quarantine UI to add a file: ignore statement to a relevant ignore file if configured Added new options --jumpfrom [user] and --jumpto [user] for use with the --all option to perform scans of only those user between the two points, both of which are inclusive Added jumpfrom and jumpto to UI resource choice Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.14 - Added new experimental options --decode [file] and --depth [num]. See the perldoc documentation for more information Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.13 - Modified FrontPage extensions check to be case-insensitive Use of --all --mail [email] and --nosummary will now only report suspicious accounts instead of all accounts. --report [file] will still contain the full report Updated cxs perldoc help Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.12 - New option (-X, --xtra [file]) to allow custom regular expression matches and filenames that cxs will additionally scan for Exploit fingerprint definitions database additions v1.11 - Modified hidden image text file to exclude most FrontPage extensions files Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.10 - Added new check to suspicious file routine to detect text files hiding as image files Made file extension checks case-insensitive Exploit fingerprint definitions database additions v1.09 - Improved licensing code tolerance on network failure for web and ftp scanning on servers that are behind NAT Exploit regex definitions database additions Exploit fingerprint definitions database additions Ftp and web scanning speedups v1.08 - Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.07 - Exploit regex definitions database additions Exploit fingerprint definitions database additions v1.06 - Fixed issue with pure-uploadscript restart on cron job cxs upgrade Exploit fingerprint definitions database additions v1.05 - Improved UI detection of the quarantine directory in cxsftp.sh and cxscgi.sh if used v1.04 - Fixed duplicate virus scan on script files with regex matches Exploit fingerprint definitions database additions v1.03 - Added quotes around the $1 parameter in cxscgi.sh and cxsftp.sh to cope with files with spaces in their names. Existing scripts will be fixed on upgrade v1.02 - Added initial FreeBSD (v7.2) support - currently no UI cron job support has been implemented, jobs will have to be added to /etc/crontab manually on FreeBSD Fixed UI quarantine restore to always use correct uid and gid Exploit fingerprint definitions database additions Added some more examples to the POD and reference the examples in cxsftp.sh and cxscgi.sh v1.01 - Added new exploit scanning option M to be used with --option (enabled by default) and --voption. The M option scans a fingerprint lookup table of over 4500 known exploit scripts. If you cron jobs or have modified cxsftp.sh or cxscgi.sh that use an --options list, you might want to add M to the list to use this new feature Digest::MD5 added to required perl modules Added extra check in UI where alternative clamdsock is ticked but none entered in the textbox Exploit regex definitions database additions Don't show user in quarantine UI if empty v1.00 - Initial release