Overview

Pyxsoft is a complete security system for web servers. It includes anti malware services, WAF and content accelerator through caching.

It has been carefully designed to reduce CPU consumption and server load while improving performance and speed of web content delivery.

Components

When installing Pyxsoft, the following components will be installed:

  • Pyxsoft UI: Corresponds to the Pyxsoft user interface. Runs as a service called pyxsoft
  • PxShield: Corresponds to the WAF and website accelerator. It runs as a service called pxshield
  • PxScan: This is the service responsible for scanning files for malware. The service is called pxscand

Each of these services can be administered with the linux systemctl command using the following commands:

# Start service
systemctl start service-name

# Stop service
systemctl stop service-name

# Restart service
systemctl restart service-name

How does Pyxsoft work?

The three installed services (pyxsoft, pxshield and pxscand) constantly interact with each other, establishing excellent protection for the servers.

The pyxsoft service

The service called pyxsoft opens port 2930 and 2931 for the system administrator user to perform all configurations. Port 2930 is used for http connections and port 2931 for https connections.

When connecting to port 2931, pyxsoft will look for any SSL certificate installed with the server name to establish the connection. In case no SSL certificate is found for the server name, a self-signed certificate will be used.

The use of self-signed certificates generates a warning in the browser. In case this warning appears, it is possible to ignore it as long as you are sure that the connection is made to the correct server.

Currently the instant file scanning service is provided by the pyxsoft service. There are plans to separate this functionality to another service in a future release.

Instant file scanning

Instant file scanning is a fundamental feature of the Pyxsoft protection system. It consists of monitoring the file system, so that every time a file is created or modified, Pyxsoft will check its contents for potentially dangerous content.

On a web server it is not expected that there will be many modifications or file creations, so the process is not costly in terms of CPU usage.

Folders where users’ email is stored, temporary folders and system folders are excluded from the instant file scan. This is in order not to overuse the CPU, considering that trojans cannot be executed in these folders.

Testing the instant scan

To test if the instant scan is working correctly, we can perform the following test:

# Move to the web folder of one of the domains.
cd path-to-user-publlic-html-folder

# Create EICAR test malware
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > eicar.php

Once the file is created we can check the folder again and we will see that the file was apparently not created.

Actually what happened is that Pyxsoft detected the creation of a potentially dangerous file and immediately quarantined it.

Check your email as a notification should have been sent.

EICAR-Test-File is not a threat, it was created to imitate the detection of a threat by antivirus software.