Fix integer comparison safety issues (6 HIGH priority)

Added parameter expansion with defaults to prevent comparison errors
on potentially empty variables:

- live-attack-monitor-v2.sh: IPSET_CREATE_EXIT, IPTABLES_EXIT
- live-attack-monitor.sh: IPSET_CREATE_EXIT, IPTABLES_EXIT
- malware-scanner.sh: START_EXIT
- email-diagnostics.sh: check_type, account_found

Pattern: Changed "$VAR" to "${VAR:-default}" in integer comparisons
to ensure safe comparisons even if variable is unexpectedly empty.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

modules/email/email-diagnostics.sh

@@ -709,7 +709,7 @@ if [ "$greylist" -gt 0 ] && [ "$delivered" -eq 0 ]; then
     echo ""
 fi
 
-if [ "$check_type" != "2" ] && [ $account_found -eq 0 ]; then
+if [ "${check_type:-1}" != "2" ] && [ "${account_found:-0}" -eq 0 ]; then
     echo "Email account not found:"
     echo "  1. Verify the email address is spelled correctly"
     echo "  2. Check if domain DNS points to this server"

modules/security/live-attack-monitor-v2.sh

@@ -93,7 +93,7 @@ if command -v ipset &>/dev/null; then
         IPSET_CREATE_OUTPUT=$(ipset create "$IPSET_NAME" hash:ip timeout 3600 maxelem 65536 2>&1)
         IPSET_CREATE_EXIT=$?
 
-        if [ $IPSET_CREATE_EXIT -eq 0 ]; then
+        if [ "${IPSET_CREATE_EXIT:-1}" -eq 0 ]; then
             IPSET_AVAILABLE=1
             IPSET_SUPPORTS_TIMEOUT=1
 
@@ -101,7 +101,7 @@ if command -v ipset &>/dev/null; then
             IPTABLES_OUTPUT=$(iptables -I INPUT -m set --match-set "$IPSET_NAME" src -j DROP 2>&1)
             IPTABLES_EXIT=$?
 
-            if [ $IPTABLES_EXIT -ne 0 ]; then
+            if [ "${IPTABLES_EXIT:-1}" -ne 0 ]; then
                 # iptables rule failed - clean up ipset and report error
                 ipset destroy "$IPSET_NAME" 2>/dev/null
                 IPSET_AVAILABLE=0

modules/security/live-attack-monitor.sh

@@ -93,7 +93,7 @@ if command -v ipset &>/dev/null; then
         IPSET_CREATE_OUTPUT=$(ipset create "$IPSET_NAME" hash:ip timeout 3600 maxelem 65536 2>&1)
         IPSET_CREATE_EXIT=$?
 
-        if [ $IPSET_CREATE_EXIT -eq 0 ]; then
+        if [ "${IPSET_CREATE_EXIT:-1}" -eq 0 ]; then
             IPSET_AVAILABLE=1
             IPSET_SUPPORTS_TIMEOUT=1
 
@@ -101,7 +101,7 @@ if command -v ipset &>/dev/null; then
             IPTABLES_OUTPUT=$(iptables -I INPUT -m set --match-set "$IPSET_NAME" src -j DROP 2>&1)
             IPTABLES_EXIT=$?
 
-            if [ $IPTABLES_EXIT -ne 0 ]; then
+            if [ "${IPTABLES_EXIT:-1}" -ne 0 ]; then
                 # iptables rule failed - clean up ipset and report error
                 ipset destroy "$IPSET_NAME" 2>/dev/null
                 IPSET_AVAILABLE=0

modules/security/malware-scanner.sh

@@ -853,7 +853,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
                     imunify-antivirus malware on-demand start --path="$path" &>> "$LOG_DIR/imunify.log"
                     START_EXIT=$?
 
-                    if [ $START_EXIT -ne 0 ]; then
+                    if [ "${START_EXIT:-1}" -ne 0 ]; then
                         log_message "ERROR: ImunifyAV scan failed to start for $path (exit code: $START_EXIT)"
                         echo "  ✗ Scan failed to start for $path (check logs)"
                         continue