diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 0241007..966fd4a 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -1040,11 +1040,11 @@ done
         echo "────────────────────────────────────────"
 
         # Correlate infected files with Apache logs to find uploading IPs
-        local flagged_ips=0
+        flagged_ips=0
         while read -r infected_file; do
             # Extract file path components
-            local filename=$(basename "$infected_file")
-            local filepath=$(dirname "$infected_file")
+            filename=$(basename "$infected_file")
+            filepath=$(dirname "$infected_file")
 
             # Try to find corresponding Apache access logs
             # Look for POST requests to the directory containing the infected file
@@ -1057,7 +1057,7 @@ done
                     # Check if this log corresponds to the domain/user
                     grep -h "POST.*${filepath}" "$logfile" 2>/dev/null | tail -20 | while read -r logline; do
                         # Extract IP from Apache log line
-                        local ip=$(echo "$logline" | awk '{print $1}')
+                        ip=$(echo "$logline" | awk '{print $1}')
                         if [ -n "$ip" ] && [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
                             # Flag this IP in reputation database
                             if type flag_ip_attack &>/dev/null; then
@@ -1075,7 +1075,7 @@ done
                     # Check if this log corresponds to the domain/user
                     grep -h "POST.*${filepath}" "$logfile" 2>/dev/null | tail -20 | while read -r logline; do
                         # Extract IP from Apache log line
-                        local ip=$(echo "$logline" | awk '{print $1}')
+                        ip=$(echo "$logline" | awk '{print $1}')
                         if [ -n "$ip" ] && [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
                             # Flag this IP in reputation database
                             if type flag_ip_attack &>/dev/null; then
@@ -1168,7 +1168,7 @@ exec bash
 STANDALONE_EOF
 
     # Replace placeholder with actual paths
-    local paths_declaration="SCAN_PATHS=("
+    paths_declaration="SCAN_PATHS=("
     for path in "${scan_paths[@]}"; do
         paths_declaration+="\"$path\" "
     done
@@ -1220,7 +1220,7 @@ STANDALONE_EOF
                 echo ""
                 echo "Launching scan with nohup (background mode)..."
                 nohup bash "$session_dir/scan.sh" > "$session_dir/logs/nohup.out" 2>&1 &
-                local scan_pid=$!
+                scan_pid=$!
 
                 sleep 1