diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index a37f685..dae5983 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -654,6 +654,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do case "$scanner" in imunify) + SCAN_START=$(date +%s) log_message "ImunifyAV: Updating signatures" imunify-antivirus update &>> "$LOG_DIR/imunify.log" @@ -663,36 +664,62 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do for path in "${SCAN_PATHS[@]}"; do if [ -d "$path" ]; then log_message "ImunifyAV: Scanning $path" - echo " → Scanning: $path" + echo "" + echo " 📁 Scanning path: $path" + echo " ⏳ Scanner: ImunifyAV (this may take several minutes...)" + imunify-antivirus malware on-demand start --path="$path" &>> "$LOG_DIR/imunify.log" + + # Get scan results from last scan + LAST_SCAN=$(imunify-antivirus malware on-demand list 2>/dev/null | tail -1) + FILES_SCANNED=$(echo "$LAST_SCAN" | awk '{print $10}') + echo " ✓ Scanned $FILES_SCANNED files" fi done # Extract malicious file count IMUNIFY_INFECTED=$(imunify-antivirus malware malicious list 2>/dev/null | grep -c "malicious" || echo 0) - echo "✓ ImunifyAV scan complete - Found: $IMUNIFY_INFECTED" | tee -a "$SUMMARY_FILE" - log_message "ImunifyAV: Scan complete - $IMUNIFY_INFECTED malicious files" + SCAN_END=$(date +%s) + DURATION=$((SCAN_END - SCAN_START)) + echo " ⏱️ Duration: ${DURATION}s" + echo "" + echo "✓ ImunifyAV scan complete - Found: $IMUNIFY_INFECTED | Duration: ${DURATION}s" | tee -a "$SUMMARY_FILE" + log_message "ImunifyAV: Scan complete - $IMUNIFY_INFECTED malicious files in ${DURATION}s" ;; clamav) + SCAN_START=$(date +%s) if command -v freshclam &>/dev/null; then log_message "ClamAV: Updating signatures" freshclam &>> "$LOG_DIR/clamav.log" fi log_message "ClamAV: Starting scan" + echo "" + echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}" + echo " ⏳ Scanner: ClamAV (comprehensive virus scan...)" + clamscan --infected --recursive "${SCAN_PATHS[@]}" &>> "$LOG_DIR/clamav.log" # Extract infected files grep "FOUND" "$LOG_DIR/clamav.log" | cut -d: -f1 >> "$INFECTED_LIST" 2>/dev/null + # Get scan stats from log + FILES_SCANNED=$(grep "Scanned files:" "$LOG_DIR/clamav.log" | tail -1 | awk '{print $3}') CLAM_INFECTED=$(grep -c "FOUND" "$LOG_DIR/clamav.log" 2>/dev/null || echo 0) - echo "✓ ClamAV scan complete - Found: $CLAM_INFECTED" | tee -a "$SUMMARY_FILE" - log_message "ClamAV: Scan complete - $CLAM_INFECTED infected files" + + SCAN_END=$(date +%s) + DURATION=$((SCAN_END - SCAN_START)) + echo " ✓ Scanned $FILES_SCANNED files" + echo " ⏱️ Duration: ${DURATION}s" + echo "" + echo "✓ ClamAV scan complete - Found: $CLAM_INFECTED | Duration: ${DURATION}s" | tee -a "$SUMMARY_FILE" + log_message "ClamAV: Scan complete - $CLAM_INFECTED infected files in ${DURATION}s" ;; maldet) + SCAN_START=$(date +%s) log_message "Maldet: Updating signatures" maldet -u &>> "$LOG_DIR/maldet.log" @@ -701,19 +728,37 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do printf '%s\n' "${SCAN_PATHS[@]}" > "$TEMP_PATHLIST" log_message "Maldet: Starting scan" + echo "" + echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}" + echo " ⏳ Scanner: Maldet/LMD (Linux-specific malware detection...)" + maldet -b -f "$TEMP_PATHLIST" &>> "$LOG_DIR/maldet.log" + # Extract scan results + FILES_SCANNED=$(grep "files scanned" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}') + MALDET_HITS=$(grep "malware hits" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}') + rm -f "$TEMP_PATHLIST" - echo "✓ Maldet scan complete" | tee -a "$SUMMARY_FILE" - log_message "Maldet: Scan complete" + SCAN_END=$(date +%s) + DURATION=$((SCAN_END - SCAN_START)) + echo " ✓ Scanned $FILES_SCANNED files" + echo " ⏱️ Duration: ${DURATION}s" + echo "" + echo "✓ Maldet scan complete - Found: ${MALDET_HITS:-0} | Duration: ${DURATION}s" | tee -a "$SUMMARY_FILE" + log_message "Maldet: Scan complete - ${MALDET_HITS:-0} hits in ${DURATION}s" ;; rkhunter) + SCAN_START=$(date +%s) log_message "RKHunter: Updating definitions" rkhunter --update &>> "$LOG_DIR/rkhunter.log" log_message "RKHunter: Starting scan" + echo "" + echo " 🔍 System scan: Checking for rootkits, backdoors, exploits" + echo " ⏳ Scanner: Rootkit Hunter (system-wide integrity check...)" + # --check: Run all checks # --skip-keypress: Don't wait for user input # --report-warnings-only: Only show warnings/issues @@ -725,8 +770,13 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do # Extract any rootkits found grep "Rootkit" "$LOG_DIR/rkhunter.log" | grep -i "found" >> "$INFECTED_LIST" 2>/dev/null - echo "✓ RKHunter scan complete - Warnings: $RKH_WARNINGS" | tee -a "$SUMMARY_FILE" - log_message "RKHunter: Scan complete - $RKH_WARNINGS warnings" + SCAN_END=$(date +%s) + DURATION=$((SCAN_END - SCAN_START)) + echo " ✓ System integrity check complete" + echo " ⏱️ Duration: ${DURATION}s" + echo "" + echo "✓ RKHunter scan complete - Warnings: $RKH_WARNINGS | Duration: ${DURATION}s" | tee -a "$SUMMARY_FILE" + log_message "RKHunter: Scan complete - $RKH_WARNINGS warnings in ${DURATION}s" ;; esac