diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 02876f0..e184216 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -1399,9 +1399,137 @@ else echo "⚠️ Scan Validation: $validation_issues issue(s) found - review logs" >> "$SUMMARY_FILE" fi -# Generate client report automatically +# Generate client report automatically (inline to work in standalone scripts) log_message "Generating client-facing security report" -generate_client_report "$SCAN_DIR" > /dev/null 2>&1 + +# Check if function exists, if not generate inline +if declare -f generate_client_report > /dev/null 2>&1; then + generate_client_report "$SCAN_DIR" > /dev/null 2>&1 +else + # Inline client report generation for standalone scripts + client_report_file="$RESULTS_DIR/client_report.txt" + + # Extract scan info + scan_date=$(grep "Started:" "$SUMMARY_FILE" | head -1 | sed 's/Started: //' || echo "Unknown") + scan_paths=$(sed -n '/^Paths:/,/^$/p' "$SUMMARY_FILE" | tail -n +2 | grep -v "^$" | tr '\n' ', ' | sed 's/, $//' || echo "/home") + + # Analyze infected files for false positives + real_threats_count=0 + false_positives_list="" + real_threats_list="" + + if [ -f "$RESULTS_DIR/infected_files.txt" ] && [ -s "$RESULTS_DIR/infected_files.txt" ]; then + while IFS= read -r file; do + if [[ "$file" =~ /logs?/.*\.(log|gz|bz2)$ ]] || \ + [[ "$file" =~ /awstats/ ]] || \ + [[ "$file" =~ /tmp/.*\.txt$ ]] || \ + [[ "$file" =~ \.log\.[0-9]+$ ]]; then + false_positives_list="${false_positives_list} • $file"$'\n' + else + real_threats_list="${real_threats_list}📁 $file"$'\n' + ((real_threats_count++)) + fi + done < "$RESULTS_DIR/infected_files.txt" + fi + + # Generate report + { + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "SECURITY SCAN REPORT" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "Scan Date: $scan_date" + echo "Scan Coverage: $scan_paths" + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "OVERALL STATUS" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + + if [ "$real_threats_count" -eq 0 ]; then + echo "✅ NO ACTIVE MALWARE DETECTED" + echo "" + echo "Your server is clean. No malicious files were found in" + echo "web-accessible directories or user content areas." + else + echo "⚠️ MALWARE DETECTED - ACTION REQUIRED" + echo "" + echo "Found $real_threats_count infected file(s) that require immediate attention." + fi + echo "" + + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "SCAN DETAILS" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "We performed a comprehensive security scan using multiple" + echo "industry-standard malware detection engines:" + echo "" + echo " • ImunifyAV - Advanced threat detection" + echo " • ClamAV - Open-source antivirus engine" + echo " • Linux Maldet - Web malware specialist" + echo " • Rootkit Hunter - System integrity checker" + echo "" + + if [ "$real_threats_count" -gt 0 ]; then + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "INFECTED FILES REQUIRING ATTENTION" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "$real_threats_list" + echo "RECOMMENDED ACTIONS:" + echo "" + echo "1. Review each file to confirm it is malicious" + echo "2. Remove or quarantine infected files immediately" + echo "3. Change all passwords (hosting, FTP, database, CMS admin)" + echo "4. Review file upload functionality in web applications" + echo "5. Update all web applications, plugins, and themes" + echo "6. Check access logs for unauthorized access patterns" + echo "" + fi + + if [ -n "$false_positives_list" ]; then + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "INFORMATIONAL DETECTIONS (No Action Required)" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "The following files triggered alerts but are likely false" + echo "positives. These are log files that contain records of" + echo "attack attempts against your server (which were blocked):" + echo "" + echo "$false_positives_list" + echo "These files are safe and contain evidence of your server" + echo "correctly blocking malicious requests. No action needed." + echo "" + fi + + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "ONGOING SECURITY RECOMMENDATIONS" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "To maintain server security, we recommend:" + echo "" + echo " ✓ Run malware scans monthly (or after any security incident)" + echo " ✓ Keep all software updated (WordPress, plugins, PHP, etc.)" + echo " ✓ Use strong, unique passwords for all accounts" + echo " ✓ Enable automatic security updates where possible" + echo " ✓ Review file permissions regularly" + echo " ✓ Monitor server logs for suspicious activity" + echo " ✓ Maintain regular backups (stored off-server)" + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "TECHNICAL DETAILS" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "Scan ID: $(basename $SCAN_DIR)" + echo "Report Generated: $(date)" + echo "" + echo "For technical details and full scan logs, please contact" + echo "your system administrator." + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + } > "$client_report_file" +fi # Display completion clear