Fix client report generation in standalone scan scripts

Problem:
Client report file was not being created during scans.
The cat command showed: No such file or directory

Root Cause:
When standalone scans are launched, the script is COPIED to /opt/malware-*/.
The generate_client_report() function exists in the main malware-scanner.sh,
but NOT in the standalone copy. When completion code tried to call the
function, it silently failed because function didn't exist.

Solution:
Replaced function call with inline client report generation.

Added check: if function exists, use it; otherwise generate inline.
This ensures client reports work in BOTH contexts:
  1. Interactive menu scans (function exists)
  2. Standalone copied scripts (uses inline version)

The inline version:
- Extracts scan date and paths from summary file
- Analyzes infected_files.txt for false positives
- Categorizes: logs/awstats = false positive, others = real threat
- Generates same format report as function version
- Writes to: /opt/malware-*/results/client_report.txt

Now client reports are ALWAYS generated at scan completion,
regardless of how the scan was launched.

modules/security/malware-scanner.sh

@@ -1399,9 +1399,137 @@ else
     echo "⚠️  Scan Validation: $validation_issues issue(s) found - review logs" >> "$SUMMARY_FILE"
 fi
 
-# Generate client report automatically
+# Generate client report automatically (inline to work in standalone scripts)
 log_message "Generating client-facing security report"
+
+# Check if function exists, if not generate inline
+if declare -f generate_client_report > /dev/null 2>&1; then
     generate_client_report "$SCAN_DIR" > /dev/null 2>&1
+else
+    # Inline client report generation for standalone scripts
+    client_report_file="$RESULTS_DIR/client_report.txt"
+
+    # Extract scan info
+    scan_date=$(grep "Started:" "$SUMMARY_FILE" | head -1 | sed 's/Started: //' || echo "Unknown")
+    scan_paths=$(sed -n '/^Paths:/,/^$/p' "$SUMMARY_FILE" | tail -n +2 | grep -v "^$" | tr '\n' ', ' | sed 's/, $//' || echo "/home")
+
+    # Analyze infected files for false positives
+    real_threats_count=0
+    false_positives_list=""
+    real_threats_list=""
+
+    if [ -f "$RESULTS_DIR/infected_files.txt" ] && [ -s "$RESULTS_DIR/infected_files.txt" ]; then
+        while IFS= read -r file; do
+            if [[ "$file" =~ /logs?/.*\.(log|gz|bz2)$ ]] || \
+               [[ "$file" =~ /awstats/ ]] || \
+               [[ "$file" =~ /tmp/.*\.txt$ ]] || \
+               [[ "$file" =~ \.log\.[0-9]+$ ]]; then
+                false_positives_list="${false_positives_list}  • $file"$'\n'
+            else
+                real_threats_list="${real_threats_list}📁 $file"$'\n'
+                ((real_threats_count++))
+            fi
+        done < "$RESULTS_DIR/infected_files.txt"
+    fi
+
+    # Generate report
+    {
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "SECURITY SCAN REPORT"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+        echo "Scan Date: $scan_date"
+        echo "Scan Coverage: $scan_paths"
+        echo ""
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "OVERALL STATUS"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+
+        if [ "$real_threats_count" -eq 0 ]; then
+            echo "✅ NO ACTIVE MALWARE DETECTED"
+            echo ""
+            echo "Your server is clean. No malicious files were found in"
+            echo "web-accessible directories or user content areas."
+        else
+            echo "⚠️  MALWARE DETECTED - ACTION REQUIRED"
+            echo ""
+            echo "Found $real_threats_count infected file(s) that require immediate attention."
+        fi
+        echo ""
+
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "SCAN DETAILS"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+        echo "We performed a comprehensive security scan using multiple"
+        echo "industry-standard malware detection engines:"
+        echo ""
+        echo "  • ImunifyAV - Advanced threat detection"
+        echo "  • ClamAV - Open-source antivirus engine"
+        echo "  • Linux Maldet - Web malware specialist"
+        echo "  • Rootkit Hunter - System integrity checker"
+        echo ""
+
+        if [ "$real_threats_count" -gt 0 ]; then
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo "INFECTED FILES REQUIRING ATTENTION"
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo ""
+            echo "$real_threats_list"
+            echo "RECOMMENDED ACTIONS:"
+            echo ""
+            echo "1. Review each file to confirm it is malicious"
+            echo "2. Remove or quarantine infected files immediately"
+            echo "3. Change all passwords (hosting, FTP, database, CMS admin)"
+            echo "4. Review file upload functionality in web applications"
+            echo "5. Update all web applications, plugins, and themes"
+            echo "6. Check access logs for unauthorized access patterns"
+            echo ""
+        fi
+
+        if [ -n "$false_positives_list" ]; then
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo "INFORMATIONAL DETECTIONS (No Action Required)"
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo ""
+            echo "The following files triggered alerts but are likely false"
+            echo "positives. These are log files that contain records of"
+            echo "attack attempts against your server (which were blocked):"
+            echo ""
+            echo "$false_positives_list"
+            echo "These files are safe and contain evidence of your server"
+            echo "correctly blocking malicious requests. No action needed."
+            echo ""
+        fi
+
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "ONGOING SECURITY RECOMMENDATIONS"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+        echo "To maintain server security, we recommend:"
+        echo ""
+        echo "  ✓ Run malware scans monthly (or after any security incident)"
+        echo "  ✓ Keep all software updated (WordPress, plugins, PHP, etc.)"
+        echo "  ✓ Use strong, unique passwords for all accounts"
+        echo "  ✓ Enable automatic security updates where possible"
+        echo "  ✓ Review file permissions regularly"
+        echo "  ✓ Monitor server logs for suspicious activity"
+        echo "  ✓ Maintain regular backups (stored off-server)"
+        echo ""
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "TECHNICAL DETAILS"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+        echo "Scan ID: $(basename $SCAN_DIR)"
+        echo "Report Generated: $(date)"
+        echo ""
+        echo "For technical details and full scan logs, please contact"
+        echo "your system administrator."
+        echo ""
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    } > "$client_report_file"
+fi
 
 # Display completion
 clear