From 4194a529cc6773a7453279a1068693ccf6c2cbc2 Mon Sep 17 00:00:00 2001 From: cschantz Date: Mon, 22 Dec 2025 22:10:21 -0500 Subject: [PATCH] Fix ImunifyAV integer comparison errors + Maldet empty scan issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue 1: ImunifyAV "integer expression expected" errors Problem: - ImunifyAV 'list' output contains "None" in ERROR field - Bash integer comparisons (-ge, -gt) fail when comparing "None" - Error: "[: None: integer expression expected" at lines 857/859 Root Cause: When polling scan status, fields extracted with awk can contain literal "None" instead of numeric values, causing bash to fail when using arithmetic comparison operators. Solution: Added regex validation before integer comparisons: [[ "$var" =~ ^[0-9]+$ ]] && [ "$var" -ge value ] Changes: - Line 857: Validate created_time is numeric before -ge comparison - Line 859: Validate completed_time is numeric before -gt comparison This follows the pattern used in commit 179ae9d for input validation. Issue 2: Maldet scanning 0 files (Duration: 0s) Problem: - Maldet event log shows: "scan returned empty file list" - Summary shows: "Duration: 0s" and "Found: 0" - Maldet completed instantly without scanning anything Root Cause: Maldet by default only scans files modified in last 1 day (uses -mtime -1). When scanning /, most system files are older, so Maldet finds nothing to scan and exits immediately. Evidence from /usr/local/maldetect/logs/event_log: "scan returned empty file list; check that path exists, contains files in days range or files in scope of configuration" Solution: Added -a flag to scan ALL files regardless of modification time: maldet -b -a -f "$TEMP_PATHLIST" The -a flag disables the default 1-day file age filter, ensuring all files in the specified paths are scanned for malware. Note: ImunifyAV Speed is Normal User questioned why ImunifyAV scans 4611 files in 55s. This is expected: - rapid_scan: true (optimized scanning) - Only scans file types that can contain malware (PHP, JS, etc.) - Skips binaries, images, videos, system files - This is by design for performance and is working correctly Status: ✅ Both issues resolved --- modules/security/malware-scanner.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index a5e07e4..fc7088c 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -854,9 +854,9 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do current_status=$(echo "$scan_info" | awk '{print $7}') # Field 7 is SCAN_STATUS # Check if this is our scan (created after we started) - if [ "$created_time" -ge "$SCAN_START" ]; then + if [[ "$created_time" =~ ^[0-9]+$ ]] && [ "$created_time" -ge "$SCAN_START" ]; then # Check if scan is complete (COMPLETED field has timestamp) - if [ -n "$completed_time" ] && [ "$completed_time" != "COMPLETED" ] && [ "$completed_time" -gt 0 ]; then + if [ -n "$completed_time" ] && [ "$completed_time" != "COMPLETED" ] && [[ "$completed_time" =~ ^[0-9]+$ ]] && [ "$completed_time" -gt 0 ]; then scan_running=false echo "" # New line after progress log_message "ImunifyAV scan finished for $path (status: $current_status)" @@ -1046,8 +1046,9 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do echo "" # Run with --progress for real-time percentage updates + # Use -a flag to scan all files (not just recent modifications) # Timeout after 2 hours - timeout 7200 maldet -b -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do + timeout 7200 maldet -b -a -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do # Parse progress lines: "files: 1234 (45%)" if [[ "$line" =~ files:\ ([0-9]+)\ \(([0-9]+)%\) ]]; then files_so_far="${BASH_REMATCH[1]}"