From 1d47cc8556c43b1f6a42f7faf16662653da2cac6 Mon Sep 17 00:00:00 2001 From: cschantz Date: Mon, 22 Dec 2025 22:59:29 -0500 Subject: [PATCH] Fix scan status detection - eliminate false "RUNNING" status Issue: All completed scans showing as "RUNNING" in status check User reported 5 scans showing RUNNING when they actually completed hours ago, with 0 scans showing as COMPLETED despite being done. Root Cause: Line 1851 used: `pgrep -f "$dir/scan.sh"` This pattern matches ANY process with that path in its command line: - The actual scan.sh process (correct) - Shell sessions viewing results (false positive) - Editors/viewers with the file open (false positive) - grep/tail commands on logs (false positive) - Any process that touched those files (false positive) This caused completed scans to always show as "RUNNING" because there were always SOME processes matching the overly broad pattern. Evidence from User's Status Check: malware-20251222-202658 [RUNNING] Latest: "Scan session ended - opening interactive shell" Scan says "ended" but status shows RUNNING - clear false positive! Solution - Two-part Fix: 1. Use More Specific Process Match: Changed from: pgrep -f "$dir/scan.sh" Changed to: pgrep -f "bash $dir/scan.sh" This only matches actual bash execution of the script, not viewers, editors, or other processes. 2. Add Marker File for Reliability: Create .scan_running marker when scan starts Remove .scan_running marker when scan exits (in cleanup trap) Status check: pgrep OR marker file = running This handles edge cases where process check might fail but provides definitive state tracking. Changes: 1. check_standalone_status() (line 1852): - Added "bash " prefix to pgrep pattern - Added OR check for .scan_running marker file - Both in running detection and delete listing 2. Standalone scan.sh template (lines 655, 607): - Create marker: touch "$SCAN_DIR/.scan_running" after start - Remove marker: rm -f "$SCAN_DIR/.scan_running" in cleanup_on_exit 3. delete_standalone_sessions() (line 1917): - Same pgrep + marker file logic for consistency Result: Now completed scans will correctly show [COMPLETED] status instead of falsely showing [RUNNING] due to viewer processes. Status detection is now accurate and reliable! --- modules/security/malware-scanner.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 5f7e6cd..a485dc2 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -603,6 +603,9 @@ cleanup_on_exit() { local exit_code=$? echo "" + # Remove running marker file + rm -f "$SCAN_DIR/.scan_running" + # Only log if session log exists if [ -f "$SESSION_LOG" ]; then log_message "Cleanup triggered (exit code: $exit_code)" @@ -651,6 +654,9 @@ echo "" log_message "Scan session started" +# Create marker file to indicate scan is running +touch "$SCAN_DIR/.scan_running" + # Detect available scanners AVAILABLE_SCANNERS=() @@ -1847,8 +1853,9 @@ check_standalone_status() { for dir in "${standalone_dirs[@]}"; do local session_name=$(basename "$dir") - # Check if still running - if pgrep -f "$dir/scan.sh" > /dev/null 2>&1; then + # Check if still running by looking for bash process executing scan.sh + # Use pgrep with exact match to avoid false positives from viewers/editors + if pgrep -f "bash $dir/scan.sh" > /dev/null 2>&1 || [ -f "$dir/.scan_running" ]; then echo -e " ${GREEN}●${NC} $session_name [RUNNING]" ((running_count++)) @@ -1913,7 +1920,7 @@ delete_standalone_sessions() { local session_name=$(basename "$dir") local status="completed" - if pgrep -f "$dir/scan.sh" > /dev/null 2>&1; then + if pgrep -f "bash $dir/scan.sh" > /dev/null 2>&1 || [ -f "$dir/.scan_running" ]; then status="${GREEN}running${NC}" fi