The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script (multiple variants, including obfuscated code regardless of file name) and files uploaded with the Gumblar Virus, also the recent imgaaa.net defacement scripts. It can also prevent the uploading of PHP and perl shell scripts, commonly used to launch more malicious attacks and for sending spam.
Greenix360 offers on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). We can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning.
Exploit detection includes:
- Over 6000 known exploit script fingerprint matches (in addition to standard ClamAV detection)
- Known viruses via ClamAV
- Regular expression pattern matching to help identify known/unknown exploits
- Filename matching
- Suspicious file names
- Suspicious file types
- Binary exeuctables
- Some illegal web software installations
- Custom user specified regular expression patterns
- Comprehensive constant scanning of all user data using the cxs Watch daemon - scans all user files as soon as they are modified
- Daily check for new Exploit Fingerprints