From 6f7ef60b9f5c9c929b7840d7a8042f3585c2f4a9 Mon Sep 17 00:00:00 2001 From: cschantz Date: Tue, 11 Nov 2025 19:07:01 -0500 Subject: [PATCH] Improve standalone malware scanner with screen fallback and results viewer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enhancements: - Auto-install screen when not available (yum/apt-get support) - Nohup fallback option if user prefers no screen installation - Enhanced view_scan_results to show standalone scanner sessions - Display session status (running/completed) for standalone scans - Show summary, infected files, and logs for each session - Track PIDs for nohup-launched scans Screen handling: - Option 1: Auto-install screen (recommended) - Option 2: Use nohup fallback (no dependencies) - Option 3: Cancel operation Results viewer improvements: - Separate toolkit and standalone scan results - List all /opt/malware-* sessions with status - Show summary, infected files, and recent logs - Provide commands to monitor ongoing scans This ensures the standalone scanner works even on minimal systems without screen pre-installed. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- modules/security/malware-scanner.sh | 238 ++++++++++++++++++++++++---- 1 file changed, 209 insertions(+), 29 deletions(-) diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 5981b8c..793fe23 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -732,12 +732,91 @@ STANDALONE_EOF # Check if screen is installed if ! command -v screen &>/dev/null; then echo -e "${YELLOW}Warning: 'screen' not installed${NC}" - echo "Install with: yum install screen OR apt-get install screen" echo "" - echo "Script created at: $session_dir/scan.sh" - echo "Run manually with: bash $session_dir/scan.sh" - read -p "Press Enter to continue..." - return 1 + echo "Screen allows you to detach from the scan session." + echo "" + echo "Options:" + echo " 1. Auto-install screen (recommended)" + echo " 2. Use nohup fallback (run in background without screen)" + echo " 3. Cancel" + echo "" + read -p "Select option: " screen_option + + case "$screen_option" in + 1) + echo "" + echo "Installing screen..." + if command -v yum &>/dev/null; then + yum install -y screen + elif command -v apt-get &>/dev/null; then + apt-get update && apt-get install -y screen + else + echo -e "${RED}Unable to auto-install. Install manually: yum install screen${NC}" + read -p "Press Enter to continue..." + return 1 + fi + + if ! command -v screen &>/dev/null; then + echo -e "${RED}Installation failed${NC}" + read -p "Press Enter to continue..." + return 1 + fi + + echo -e "${GREEN}✓ Screen installed successfully${NC}" + echo "" + ;; + 2) + # Use nohup fallback + echo "" + echo "Launching scan with nohup (background mode)..." + nohup bash "$session_dir/scan.sh" > "$session_dir/logs/nohup.out" 2>&1 & + local scan_pid=$! + + sleep 1 + + if ps -p $scan_pid > /dev/null 2>&1; then + echo "" + echo -e "${GREEN}✓ Standalone scanner started successfully!${NC}" + echo "" + echo "Session ID: $session_id" + echo "Process ID: $scan_pid" + echo "Results directory: $session_dir/results/" + echo "" + echo -e "${CYAN}Monitor the scan:${NC}" + echo " tail -f $session_dir/logs/session.log" + echo "" + echo -e "${CYAN}Check if still running:${NC}" + echo " ps -p $scan_pid" + echo "" + echo -e "${GREEN}You can now safely delete the toolkit.${NC}" + echo -e "${GREEN}The scan will continue running independently.${NC}" + echo "" + + # Store session info in reference database + store_reference "malware_standalone_latest" "$session_id" + store_reference "malware_standalone_${session_id}_dir" "$session_dir" + store_reference "malware_standalone_${session_id}_pid" "$scan_pid" + + read -p "Press Enter to continue..." + return 0 + else + echo -e "${RED}Failed to start scan${NC}" + echo "Run manually: bash $session_dir/scan.sh" + read -p "Press Enter to continue..." + return 1 + fi + ;; + 3) + echo "Cancelled." + read -p "Press Enter to continue..." + return 0 + ;; + *) + echo -e "${RED}Invalid option${NC}" + read -p "Press Enter to continue..." + return 1 + ;; + esac fi # Launch in screen session @@ -1242,38 +1321,139 @@ view_scan_results() { echo "" print_header "Scan Results" - echo "Select scanner to view results:" - local i=1 - for scanner in "${available_scanners[@]}"; do - echo " $i. ${scanner^}" - ((i++)) - done + echo "Select results to view:" + echo " 1. Toolkit scan results" + echo " 2. Standalone scanner results (/opt)" + echo " 0. Back" echo "" - read -p "Scanner: " scanner_choice + read -p "Option: " result_type - if [ "$scanner_choice" -lt 1 ] || [ "$scanner_choice" -gt ${#available_scanners[@]} ]; then - echo -e "${RED}Invalid choice${NC}" - read -p "Press Enter to continue..." - return 1 - fi + case "$result_type" in + 1) + # Toolkit scan results + echo "" + echo "Select scanner to view results:" + local i=1 + for scanner in "${available_scanners[@]}"; do + echo " $i. ${scanner^}" + ((i++)) + done + echo "" - local selected_scanner="${available_scanners[$((scanner_choice-1))]}" + read -p "Scanner: " scanner_choice - echo "" + if [ "$scanner_choice" -lt 1 ] || [ "$scanner_choice" -gt ${#available_scanners[@]} ]; then + echo -e "${RED}Invalid choice${NC}" + read -p "Press Enter to continue..." + return 1 + fi - case "$selected_scanner" in - imunify) - echo "Recent ImunifyAV scans:" - imunify-antivirus malware on-demand list --since $(date --date="7 days ago" '+%s') 2>/dev/null || echo "No scans found" + local selected_scanner="${available_scanners[$((scanner_choice-1))]}" + + echo "" + + case "$selected_scanner" in + imunify) + echo "Recent ImunifyAV scans:" + imunify-antivirus malware on-demand list --since $(date --date="7 days ago" '+%s') 2>/dev/null || echo "No scans found" + ;; + clamav) + echo "Recent ClamAV scans:" + find "$SCRIPT_DIR/logs/malware-scans" -name "clamav_*.log" -mtime -7 2>/dev/null | sort -r | head -5 || echo "No scans found" + ;; + maldet) + echo "Recent Maldet scans:" + maldet -l 2>/dev/null || echo "No scans found" + ;; + esac ;; - clamav) - echo "Recent ClamAV scans:" - find "$SCRIPT_DIR/logs/malware-scans" -name "clamav_*.log" -mtime -7 2>/dev/null | sort -r | head -5 || echo "No scans found" + + 2) + # Standalone scanner results + echo "" + echo "Standalone scanner sessions:" + echo "" + + # Find all malware-* directories in /opt + local standalone_dirs=($(find /opt -maxdepth 1 -type d -name "malware-*" 2>/dev/null | sort -r)) + + if [ ${#standalone_dirs[@]} -eq 0 ]; then + echo "No standalone scanner sessions found in /opt" + echo "" + read -p "Press Enter to continue..." + return 0 + fi + + # List sessions + local i=1 + for dir in "${standalone_dirs[@]}"; do + local session_name=$(basename "$dir") + local scan_date=$(echo "$session_name" | sed 's/malware-//') + + # Check if still running + local status="completed" + if pgrep -f "$dir/scan.sh" > /dev/null 2>&1; then + status="running" + fi + + echo " $i. $session_name [$status]" + ((i++)) + done + echo "" + + read -p "Select session (or 0 to cancel): " session_choice + + if [ "$session_choice" = "0" ]; then + return 0 + fi + + if [ "$session_choice" -lt 1 ] || [ "$session_choice" -gt ${#standalone_dirs[@]} ]; then + echo -e "${RED}Invalid choice${NC}" + read -p "Press Enter to continue..." + return 1 + fi + + local selected_dir="${standalone_dirs[$((session_choice-1))]}" + echo "" + echo "Session: $(basename $selected_dir)" + echo "Location: $selected_dir" + echo "" + + # Show results + if [ -f "$selected_dir/results/summary.txt" ]; then + echo "=== Summary ===" + cat "$selected_dir/results/summary.txt" + echo "" + else + echo "Summary not yet available (scan may still be running)" + echo "" + fi + + # Show infected files if any + if [ -f "$selected_dir/results/infected_files.txt" ] && [ -s "$selected_dir/results/infected_files.txt" ]; then + echo "=== Infected Files ===" + cat "$selected_dir/results/infected_files.txt" + echo "" + fi + + # Show recent log entries + if [ -f "$selected_dir/logs/session.log" ]; then + echo "=== Recent Log Entries ===" + tail -20 "$selected_dir/logs/session.log" + echo "" + fi + + echo "View full logs:" + echo " tail -f $selected_dir/logs/session.log" ;; - maldet) - echo "Recent Maldet scans:" - maldet -l 2>/dev/null || echo "No scans found" + + 0) + return 0 + ;; + + *) + echo -e "${RED}Invalid option${NC}" ;; esac