cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ImunifyAV output parsing in malware scanner

Browse Source 
Changes:
- Fixed incorrect scan result retrieval (was getting oldest scan instead of newest)
- Changed tail -1 to tail -n +2 | head -1 (skip header, get most recent scan)
- Fixed field number from 0 to 1 (TOTAL files scanned)
- Extract TOTAL_MALICIOUS from scan result directly (field 12)
- Added number validation to ImunifyAV, ClamAV, and Maldet parsers
- Now correctly reports realistic file counts (e.g., 3997 files in 69s, not millions)

Tested:
✓ ImunifyAV parsing verified with actual output
✓ Syntax check passed

Bug reference: BUG_014 in REFDB_FORMAT.txt
This commit is contained in:
cschantz
2025-11-13 16:52:44 -05:00
parent 828575bba6
commit 1dbba56b06
2 changed files with 54 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+28 -4
View File
@@ -670,15 +670,26 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
imunify-antivirus malware on-demand start --path="$path" &>> "$LOG_DIR/imunify.log"
# Get scan results from last scan
LAST_SCAN=$(imunify-antivirus malware on-demand list 2>/dev/null | tail -1)
FILES_SCANNED=$(echo "$LAST_SCAN" | awk '{print $10}')
# Get scan results from most recent scan (newest scans are at top)
# Skip header line (tail -n +2), then get first data line (head -1)
# Field 11 is TOTAL (files scanned)
LAST_SCAN=$(imunify-antivirus malware on-demand list 2>/dev/null | tail -n +2 | head -1)
FILES_SCANNED=$(echo "$LAST_SCAN" | awk '{print $11}')
# Verify we got a valid number, otherwise show 0
if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then
FILES_SCANNED=0
fi
echo " ✓ Scanned $FILES_SCANNED files"
fi
done
# Extract malicious file count
IMUNIFY_INFECTED=$(imunify-antivirus malware malicious list 2>/dev/null | grep -c "malicious" || echo 0)
# Skip header line and count data rows, or use TOTAL_MALICIOUS from most recent scan
IMUNIFY_INFECTED=$(echo "$LAST_SCAN" | awk '{print $12}')
# Verify we got a valid number, otherwise try malicious list
if ! [[ "$IMUNIFY_INFECTED" =~ ^[0-9]+$ ]]; then
IMUNIFY_INFECTED=$(imunify-antivirus malware malicious list 2>/dev/null | tail -n +2 | wc -l || echo 0)
fi
SCAN_END=$(date +%s)
DURATION=$((SCAN_END - SCAN_START))
@@ -709,6 +720,11 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
FILES_SCANNED=$(grep "Scanned files:" "$LOG_DIR/clamav.log" | tail -1 | awk '{print $3}')
CLAM_INFECTED=$(grep -c "FOUND" "$LOG_DIR/clamav.log" 2>/dev/null || echo 0)
# Validate numbers
if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then
FILES_SCANNED=0
fi
SCAN_END=$(date +%s)
DURATION=$((SCAN_END - SCAN_START))
echo " ✓ Scanned $FILES_SCANNED files"
@@ -738,6 +754,14 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
FILES_SCANNED=$(grep "files scanned" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}')
MALDET_HITS=$(grep "malware hits" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}')
# Validate numbers
if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then
FILES_SCANNED=0
fi
if ! [[ "$MALDET_HITS" =~ ^[0-9]+$ ]]; then
MALDET_HITS=0
fi
rm -f "$TEMP_PATHLIST"
SCAN_END=$(date +%s)