The ConfigServer eXploit Scanner (cxs) is a very powerful tool for cPanel web hosting servers. While not free, it provides active scanning of files as they are uploaded to the server, and so much more. It truly is one of the best clean-up and discovery tools out there for someone with a cPanel server. With over 3,000 known exploit script fingerprint matches (in addition to standard ClamAV detection), CXS is sure to catch most of what your clients’ sites may be hiding.
CXS let’s you scan per domain, by first letter, or by scanning your entire home directory (ie., all cPanel accounts) for malware. But what if you want to do this on a reseller basis? This script will do just that. It will take input via reseller username on the server, and will perform a detailed scan (with quarantine) for each of that reseller’s hosted accounts!