Restrict ImunifyAV to user-focused scans only

Issue: ImunifyAV's built-in exclusions prevent comprehensive scanning
When scanning full server ("/"), ImunifyAV only scanned 0.045% of files
in /usr/local (20 out of 44,135 files) and 0% of /opt (0 out of 7,989).

Problem Analysis:
ImunifyAV has 131 global ignore patterns that skip:
- Vendor directories (node_modules, composer, etc.)
- Cache directories (wp-content/cache, var/cache, etc.)
- Template compilation directories
- System library paths
- Development/build artifacts

These exclusions apply GLOBALLY, not just when scanning from "/".
Even when explicitly told to scan /usr/local or /opt, ImunifyAV
still applies all ignore patterns, resulting in near-zero coverage
of system directories.

Evidence from Test Scan:
  Directory     Actual Files    ImunifyAV Scanned    Coverage
  /usr/local    44,135          20                   0.045%
  /opt          7,989           0                    0%
  /var/www      1               0                    0%
  /var/lib      1               0                    0%
  /home         2,087           3,871                185% (good!)

ImunifyAV is designed for web hosting security (user content),
NOT comprehensive system malware scanning.

Solution:
Skip ImunifyAV entirely when scanning "/" (option 1: full server scan)
Use ImunifyAV ONLY for user-focused scans where it excels:
  - Option 2: All user accounts (/home or /var/www/vhosts)
  - Option 3: Specific user account
  - Option 4: Specific domain
  - Option 5: Custom path (usually user paths)

Benefits:
1. Faster scans - don't waste time on paths ImunifyAV ignores
2. Honest coverage - users know what's actually being scanned
3. ClamAV + Maldet provide TRUE comprehensive system coverage
4. ImunifyAV still used where it works best (user content)

Changes:
1. Added skip logic at start of ImunifyAV case (line 808)
   - Detects if SCAN_PATHS = ["/"]
   - Shows informative message explaining why it's skipped
   - Logs skip reason to session.log
   - Adds skip notice to summary report
   - Uses 'continue' to skip to next scanner

2. Removed path expansion logic (no longer needed)
   - Deleted 8-path expansion for "/"
   - Now uses SCAN_PATHS as-is for user-focused scans

3. Updated menu to show which scanners are used:
   - Option 1: "Scan entire server (ClamAV, Maldet, RKHunter)"
   - Options 2-5: "All scanners" (includes ImunifyAV)

Scanner Usage by Menu Option:
  1. Full server:      ClamAV ✓  Maldet ✓  RKHunter ✓  ImunifyAV ✗
  2. All users:        ClamAV ✓  Maldet ✓  RKHunter ✓  ImunifyAV ✓
  3. Specific user:    ClamAV ✓  Maldet ✓  RKHunter ✓  ImunifyAV ✓
  4. Specific domain:  ClamAV ✓  Maldet ✓  RKHunter ✓  ImunifyAV ✓
  5. Custom path:      ClamAV ✓  Maldet ✓  RKHunter ✓  ImunifyAV ✓

User Requirement:
"okay lets just make sure that imunify is included in users only scans.
And make sure in the malware scanner menu that Imunify can only be
used in user specific scans"

Status: ✅ Implemented - ImunifyAV now only used for user scans

modules/security/malware-scanner.sh

@@ -803,6 +803,21 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
 
     case "$scanner" in
         imunify)
+            # ImunifyAV has built-in exclusions that prevent comprehensive system scanning
+            # Only use ImunifyAV for user-focused scans (not full server scans)
+            if [ "${#SCAN_PATHS[@]}" -eq 1 ] && [ "${SCAN_PATHS[0]}" = "/" ]; then
+                echo ""
+                echo "ℹ️  Skipping ImunifyAV for full server scan"
+                echo "   Reason: ImunifyAV has built-in exclusions that skip system directories"
+                echo "   ClamAV and Maldet will provide comprehensive coverage instead"
+                echo ""
+                log_message "ImunifyAV: Skipped (not suitable for full server scans - use ClamAV/Maldet instead)"
+                {
+                    echo "⊘ ImunifyAV scan skipped (not suitable for full system scans)"
+                } >> "$SUMMARY_FILE"
+                continue
+            fi
+
             SCAN_START=$(date +%s)
             log_message "ImunifyAV: Updating signatures"
 
@@ -811,31 +826,14 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
                 echo "⚠️  WARNING: Signature update failed, using existing signatures"
             fi
 
-            log_message "ImunifyAV: Starting on-demand scan (synchronous)"
+            log_message "ImunifyAV: Starting on-demand scan"
 
             # Use on-demand start with background monitoring for progress
             LAST_SCAN=""
             TOTAL_FILES_SCANNED=0
 
-            # ImunifyAV has built-in exclusions that skip /usr, /opt, /var system directories
+            # For user-focused scans, use paths as-is
-            # When scanning "/", expand to comprehensive paths for better coverage
+            local IMUNIFY_SCAN_PATHS=("${SCAN_PATHS[@]}")
-            local IMUNIFY_SCAN_PATHS=()
-            if [ "${#SCAN_PATHS[@]}" -eq 1 ] && [ "${SCAN_PATHS[0]}" = "/" ]; then
-                log_message "ImunifyAV: Expanding / to comprehensive scan paths"
-                # Scan all major directories that might contain malware
-                IMUNIFY_SCAN_PATHS=(
-                    "/home"           # All user home directories
-                    "/var/www"        # Web content
-                    "/usr/local"      # Locally installed software
-                    "/opt"            # Optional software packages
-                    "/var/lib"        # Variable state information
-                    "/tmp"            # Temporary files
-                    "/var/tmp"        # Persistent temp files
-                    "/root"           # Root user home
-                )
-            else
-                IMUNIFY_SCAN_PATHS=("${SCAN_PATHS[@]}")
-            fi
 
             for path in "${IMUNIFY_SCAN_PATHS[@]}"; do
                 if [ -d "$path" ]; then
@@ -2017,11 +2015,11 @@ show_scan_menu() {
         echo ""
 
         echo -e "${CYAN}Create New Scan:${NC}"
-        echo "  1. Scan entire server (full system - all directories)"
+        echo "  1. Scan entire server (ClamAV, Maldet, RKHunter)"
-        echo "  2. Scan all user accounts (all user home directories)"
+        echo "  2. Scan all user accounts (All scanners - recommended)"
-        echo "  3. Scan specific user account"
+        echo "  3. Scan specific user account (All scanners)"
-        echo "  4. Scan specific domain"
+        echo "  4. Scan specific domain (All scanners)"
-        echo "  5. Scan custom path"
+        echo "  5. Scan custom path (All scanners)"
         echo ""
         echo -e "${CYAN}Monitor & Manage:${NC}"
         echo "  6. Check scan status"