cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: ClamAV installation and add individual scanner installation options

Browse Source 
CRITICAL FIXES:
- ClamAV installation: Add graceful fallback to yum if cPanel scripts missing
  (fixes exit code 127 on systems without /scripts/check_cpanel_rpms)
- Double-scanning: Replace build_reference_database() with db_ensure_fresh()
  (eliminates unnecessary cache rebuilds, saves 20-30s per module launch)

ENHANCEMENTS:
- Add individual scanner installation functions:
  * install_maldet_only() - Install just Maldet
  * install_clamav_only() - Install just ClamAV
  * install_rkhunter_only() - Install just RKHunter

- Update Maldet submenu:
  * Show installation status (✓ Installed / ✗ NOT installed)
  * Add option 8: Install Maldet

- Update main Configuration menu:
  * Option 10: Install Maldet (individual)
  * Option 11: Install ClamAV (individual)
  * Option 12: Install RKHunter (individual)
  * Option 13: Install ALL scanners (batch)

Documentation: Added SCANNER_INSTALLATION_IMPROVEMENTS.md with implementation details
This commit is contained in:
Developer
2026-04-21 19:08:21 -04:00
parent e87225e2aa
commit 2eda47a480
2 changed files with 593 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+187 -14
View File
@@ -251,6 +251,151 @@ show_scanner_installation_guide() {
echo ""
}
# Install individual scanners
install_maldet_only() {
echo ""
print_header "Installing Maldet (Linux Malware Detection)"
echo ""
if is_maldet_installed; then
echo -e "${GREEN}✓ Maldet is already installed${NC}"
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
return 0
fi
echo "Maldet is a fast, Linux-specific malware scanner"
echo "Repository: https://github.com/rfxn/maldet"
echo ""
echo "Installing via wget..."
echo ""
if cd /tmp 2>/dev/null; then
if wget -q https://www.rfxn.com/downloads/maldetect-latest.tar.gz 2>/dev/null; then
if tar xzf maldetect-latest.tar.gz 2>/dev/null; then
if cd maldetect-* 2>/dev/null && bash install.sh > /tmp/maldet-install.log 2>&1; then
echo -e "${GREEN}✓ Maldet installed successfully${NC}"
# Update signatures in background
echo ""
echo "Updating malware signatures..."
if command -v maldet &>/dev/null; then
maldet -u > /dev/null 2>&1 &
echo " (signatures updating in background)"
fi
else
echo -e "${RED}✗ Installation failed. Check /tmp/maldet-install.log${NC}"
fi
cd /tmp
rm -rf maldetect-* maldetect-latest.tar.gz 2>/dev/null || true
else
echo -e "${RED}✗ Failed to extract Maldet${NC}"
fi
else
echo -e "${RED}✗ Failed to download Maldet${NC}"
echo "Try manually:"
echo " wget https://www.rfxn.com/downloads/maldetect-latest.tar.gz"
echo " tar xzf maldetect-latest.tar.gz"
echo " cd maldetect-* && ./install.sh"
fi
fi
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
}
install_clamav_only() {
echo ""
print_header "Installing ClamAV (Open Source Antivirus)"
echo ""
if is_clamav_installed; then
echo -e "${GREEN}✓ ClamAV is already installed${NC}"
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
return 0
fi
echo "Installing ClamAV and updating virus definitions..."
echo ""
if command -v yum &>/dev/null; then
echo "Using yum package manager..."
yum install -y clamav clamav-daemon clamav-update 2>&1 | tail -5
elif command -v apt-get &>/dev/null; then
echo "Using apt package manager..."
apt-get update > /dev/null 2>&1
apt-get install -y clamav clamav-daemon 2>&1 | tail -5
else
echo -e "${RED}✗ No compatible package manager found${NC}"
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
return 1
fi
echo ""
if is_clamav_installed; then
echo -e "${GREEN}✓ ClamAV installed successfully${NC}"
# Update signatures
echo ""
echo "Updating virus signatures..."
for freshclam_path in /usr/bin/freshclam /usr/sbin/freshclam /usr/local/bin/freshclam; do
if [ -x "$freshclam_path" ]; then
timeout 60 "$freshclam_path" > /dev/null 2>&1 &
echo " (signatures updating in background)"
break
fi
done
else
echo -e "${RED}✗ Installation may have failed${NC}"
fi
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
}
install_rkhunter_only() {
echo ""
print_header "Installing RKHunter (Rootkit Detection)"
echo ""
if is_rkhunter_installed; then
echo -e "${GREEN}✓ RKHunter is already installed${NC}"
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
return 0
fi
echo "Installing RKHunter..."
echo ""
if command -v yum &>/dev/null; then
echo "Using yum package manager..."
yum install -y epel-release 2>&1 > /dev/null || true
yum install -y rkhunter 2>&1 | tail -3
elif command -v apt-get &>/dev/null; then
echo "Using apt package manager..."
apt-get update > /dev/null 2>&1
apt-get install -y rkhunter 2>&1 | tail -3
else
echo -e "${RED}✗ No compatible package manager found${NC}"
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
return 1
fi
echo ""
if is_rkhunter_installed; then
echo -e "${GREEN}✓ RKHunter installed successfully${NC}"
else
echo -e "${RED}✗ Installation may have failed${NC}"
fi
echo ""
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
}
# Install all scanners at once
install_all_scanners() {
echo ""
@@ -290,8 +435,20 @@ install_all_scanners() {
echo -e "${GREEN}✓ ClamAV already installed (cPanel)${NC}"
else
echo " → Installing via cPanel package manager..."
/scripts/update_local_rpm_versions --edit target_settings.clamav installed 2>/dev/null || true
/scripts/check_cpanel_rpms --fix --targets=clamav 2>&1 | tail -3
# Check if cPanel scripts exist before using them
if [ -f "/scripts/update_local_rpm_versions" ] && [ -f "/scripts/check_cpanel_rpms" ]; then
/scripts/update_local_rpm_versions --edit target_settings.clamav installed 2>/dev/null || true
if ! /scripts/check_cpanel_rpms --fix --targets=clamav 2>&1 | tail -3; then
# cPanel scripts failed, fall back to standard yum
echo " → cPanel package manager unavailable, trying standard yum..."
yum install -y clamav clamav-update 2>&1 | grep -E "Installing|Installed|already" || echo " (installation in progress)"
fi
else
# cPanel scripts don't exist, fall back to standard yum
echo " → cPanel tools not available, using standard package manager..."
yum install -y clamav clamav-update 2>&1 | grep -E "Installing|Installed|already" || echo " (installation in progress)"
fi
fi
# IMPORTANT: Don't fall through to standard yum - cPanel packages conflict!
elif [ -f "/usr/local/psa/version" ]; then
@@ -2620,7 +2777,15 @@ maldet_scan_submenu() {
echo "Fast, efficient, Linux-specific malware detection"
echo ""
echo "Select scan type:"
# Show installation status
if is_maldet_installed; then
echo -e "${GREEN}✓ Status: Installed${NC}"
else
echo -e "${RED}✗ Status: NOT installed${NC}"
fi
echo ""
echo "Select option:"
echo -e " ${CYAN}1.${NC} Scan entire server (fastest comprehensive scan)"
echo -e " ${CYAN}2.${NC} Scan all user accounts"
echo -e " ${CYAN}3.${NC} Scan specific user account"
@@ -2629,14 +2794,15 @@ maldet_scan_submenu() {
echo ""
echo -e " ${CYAN}6.${NC} Update Maldet signatures"
echo -e " ${CYAN}7.${NC} View Maldet results"
echo -e " ${CYAN}8.${NC} Install Maldet"
echo ""
echo -e " ${RED}0.${NC} Back to main menu"
echo ""
while true; do
read -p "Select option (0-7): " choice
read -p "Select option (0-8): " choice
if ! [[ "$choice" =~ ^[0-7]$ ]]; then
if ! [[ "$choice" =~ ^[0-8]$ ]]; then
echo -e "${RED}Invalid option${NC}"
sleep 1
continue
@@ -2650,6 +2816,7 @@ maldet_scan_submenu() {
5) maldet_launch_scan "custom"; break ;;
6) maldet_update_signatures; break ;;
7) maldet_view_results; break ;;
8) install_maldet_only; break ;;
0) return 0 ;;
esac
done
@@ -2775,9 +2942,9 @@ show_scan_menu() {
return 1
fi
# Build reference database once for the entire menu session
if command -v build_reference_database &>/dev/null; then
build_reference_database 2>/dev/null || true
# Ensure reference database is fresh (only rebuild if > 1 hour old)
if command -v db_ensure_fresh &>/dev/null; then
db_ensure_fresh 2>/dev/null || true
clear
fi
@@ -2815,17 +2982,20 @@ show_scan_menu() {
echo -e " ${CYAN}9.${NC} Delete scan sessions"
echo ""
echo -e "${CYAN}Configuration:${NC}"
echo -e " ${CYAN}10.${NC} Install all scanners"
echo -e " ${CYAN}11.${NC} Scanner settings"
echo -e " ${CYAN}10.${NC} Install Maldet (fast, Linux-specific)"
echo -e " ${CYAN}11.${NC} Install ClamAV (open source antivirus)"
echo -e " ${CYAN}12.${NC} Install RKHunter (rootkit detection)"
echo -e " ${CYAN}13.${NC} Install ALL scanners (recommended)"
echo -e " ${CYAN}14.${NC} Scanner settings"
echo ""
echo -e " ${RED}0.${NC} Back"
echo ""
# Validate choice input with retry loop
while true; do
read -p "Select option (0-11): " choice
read -p "Select option (0-14): " choice
if ! [[ "$choice" =~ ^([0-9]|10|11)$ ]]; then
if ! [[ "$choice" =~ ^([0-9]|1[0-4])$ ]]; then
echo -e "${RED}Invalid option${NC}"
sleep 1
continue
@@ -2841,8 +3011,11 @@ show_scan_menu() {
7) check_standalone_status; break ;;
8) view_scan_results; break ;;
9) delete_standalone_sessions; break ;;
10) install_all_scanners; break ;;
11) scanner_settings; break ;;
10) install_maldet_only; break ;;
11) install_clamav_only; break ;;
12) install_rkhunter_only; break ;;
13) install_all_scanners; break ;;
14) scanner_settings; break ;;
0) return 0 ;;
esac
done