cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ImunifyAV integer comparison errors + Maldet empty scan issue

Browse Source 
Issue 1: ImunifyAV "integer expression expected" errors
Problem:
- ImunifyAV 'list' output contains "None" in ERROR field
- Bash integer comparisons (-ge, -gt) fail when comparing "None"
- Error: "[: None: integer expression expected" at lines 857/859

Root Cause:
When polling scan status, fields extracted with awk can contain
literal "None" instead of numeric values, causing bash to fail
when using arithmetic comparison operators.

Solution:
Added regex validation before integer comparisons:
  [[ "$var" =~ ^[0-9]+$ ]] && [ "$var" -ge value ]

Changes:
- Line 857: Validate created_time is numeric before -ge comparison
- Line 859: Validate completed_time is numeric before -gt comparison

This follows the pattern used in commit 179ae9d for input validation.

Issue 2: Maldet scanning 0 files (Duration: 0s)
Problem:
- Maldet event log shows: "scan returned empty file list"
- Summary shows: "Duration: 0s" and "Found: 0"
- Maldet completed instantly without scanning anything

Root Cause:
Maldet by default only scans files modified in last 1 day (uses -mtime -1).
When scanning /, most system files are older, so Maldet finds nothing
to scan and exits immediately.

Evidence from /usr/local/maldetect/logs/event_log:
  "scan returned empty file list; check that path exists,
   contains files in days range or files in scope of configuration"

Solution:
Added -a flag to scan ALL files regardless of modification time:
  maldet -b -a -f "$TEMP_PATHLIST"

The -a flag disables the default 1-day file age filter, ensuring
all files in the specified paths are scanned for malware.

Note: ImunifyAV Speed is Normal
User questioned why ImunifyAV scans 4611 files in 55s. This is expected:
- rapid_scan: true (optimized scanning)
- Only scans file types that can contain malware (PHP, JS, etc.)
- Skips binaries, images, videos, system files
- This is by design for performance and is working correctly

Status:  Both issues resolved
This commit is contained in:
cschantz
2025-12-22 22:10:21 -05:00
parent 46d6885682
commit 02bbabe0a4
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+4 -3
View File
@@ -854,9 +854,9 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
current_status=$(echo "$scan_info" | awk '{print $7}') # Field 7 is SCAN_STATUS
# Check if this is our scan (created after we started)
if [ "$created_time" -ge "$SCAN_START" ]; then
if [[ "$created_time" =~ ^[0-9]+$ ]] && [ "$created_time" -ge "$SCAN_START" ]; then
# Check if scan is complete (COMPLETED field has timestamp)
if [ -n "$completed_time" ] && [ "$completed_time" != "COMPLETED" ] && [ "$completed_time" -gt 0 ]; then
if [ -n "$completed_time" ] && [ "$completed_time" != "COMPLETED" ] && [[ "$completed_time" =~ ^[0-9]+$ ]] && [ "$completed_time" -gt 0 ]; then
scan_running=false
echo "" # New line after progress
log_message "ImunifyAV scan finished for $path (status: $current_status)"
@@ -1046,8 +1046,9 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
echo ""
# Run with --progress for real-time percentage updates
# Use -a flag to scan all files (not just recent modifications)
# Timeout after 2 hours
timeout 7200 maldet -b -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do
timeout 7200 maldet -b -a -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do
# Parse progress lines: "files: 1234 (45%)"
if [[ "$line" =~ files:\ ([0-9]+)\ \(([0-9]+)%\) ]]; then
files_so_far="${BASH_REMATCH[1]}"