From 4d563be71643c6a530776f1143975ffcc5a0f65b Mon Sep 17 00:00:00 2001 From: cschantz Date: Mon, 22 Dec 2025 18:09:47 -0500 Subject: [PATCH] Malware scanner: Fix critical bugs in error handling Fixed two critical bugs that could cause failures: **Bug 1: Trap handler file existence checks** Problem: Trap handler tried to write to log files that might not exist if script exited early (before directories created) Impact: Could cause errors on Ctrl+C or early exit Fix: Added file/directory existence checks before all log operations - Check SESSION_LOG exists before logging - Check RESULTS_DIR exists before writing interrupted status - Use parameter expansion with default for RKHUNTER_TEMP_INSTALLED **Bug 2: Undefined variable in ImunifyAV** Problem: LAST_SCAN variable used at line 818 could be undefined if all scan paths failed or were skipped Impact: Could cause "unbound variable" error Fix: Initialize LAST_SCAN="" before loop, check if non-empty before use - Set LAST_SCAN="" at line 790 - Added check: if [ -n "$LAST_SCAN" ]; then - Set IMUNIFY_INFECTED=0 if LAST_SCAN is empty Changes to cleanup_on_exit() function: - All log_message calls now wrapped in SESSION_LOG existence check - Summary file writes wrapped in RESULTS_DIR existence check - Uses ${RKHUNTER_TEMP_INSTALLED:-false} to prevent unbound var Changes to ImunifyAV scanner: - Initialize LAST_SCAN="" before path loop - Check LAST_SCAN is non-empty before extracting infected count - Fallback to IMUNIFY_INFECTED=0 if no scan data Testing: Syntax validated, edge cases handled --- modules/security/malware-scanner.sh | 40 +++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 4556aa0..19c392e 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -575,24 +575,37 @@ log_message() { cleanup_on_exit() { local exit_code=$? echo "" - log_message "Cleanup triggered (exit code: $exit_code)" + + # Only log if session log exists + if [ -f "$SESSION_LOG" ]; then + log_message "Cleanup triggered (exit code: $exit_code)" + fi # Remove temporarily installed RKHunter - if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then - log_message "Removing temporarily installed RKHunter..." + if [ "${RKHUNTER_TEMP_INSTALLED:-false}" = "true" ]; then + if [ -f "$SESSION_LOG" ]; then + log_message "Removing temporarily installed RKHunter..." + fi echo "→ Cleaning up: Removing Rootkit Hunter..." if command -v yum &>/dev/null; then yum remove -y rkhunter &>/dev/null 2>&1 - log_message "RKHunter removed" + if [ -f "$SESSION_LOG" ]; then + log_message "RKHunter removed" + fi fi fi - # Save interrupted status - if [ $exit_code -ne 0 ]; then - echo "SCAN INTERRUPTED" >> "$SUMMARY_FILE" - echo "Exit code: $exit_code" >> "$SUMMARY_FILE" - echo "Time: $(date)" >> "$SUMMARY_FILE" - log_message "Scan interrupted with exit code: $exit_code" + # Save interrupted status (only if summary file directory exists) + if [ $exit_code -ne 0 ] && [ -d "$RESULTS_DIR" ]; then + { + echo "" + echo "SCAN INTERRUPTED" + echo "Exit code: $exit_code" + echo "Time: $(date)" + } >> "$SUMMARY_FILE" + if [ -f "$SESSION_LOG" ]; then + log_message "Scan interrupted with exit code: $exit_code" + fi fi } @@ -774,6 +787,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do log_message "ImunifyAV: Starting on-demand scan (synchronous)" # Use on-demand start (synchronous) instead of queue (asynchronous) + LAST_SCAN="" for path in "${SCAN_PATHS[@]}"; do if [ -d "$path" ]; then log_message "ImunifyAV: Scanning $path" @@ -802,7 +816,11 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do # Extract malicious file count # Skip header line and count data rows, or use TOTAL_MALICIOUS from most recent scan - IMUNIFY_INFECTED=$(echo "$LAST_SCAN" | awk '{print $12}') + if [ -n "$LAST_SCAN" ]; then + IMUNIFY_INFECTED=$(echo "$LAST_SCAN" | awk '{print $12}') + else + IMUNIFY_INFECTED=0 + fi # Verify we got a valid number, otherwise try malicious list if ! [[ "$IMUNIFY_INFECTED" =~ ^[0-9]+$ ]]; then IMUNIFY_INFECTED=$(imunify-antivirus malware malicious list 2>/dev/null | tail -n +2 | wc -l || echo 0)