Fix: Inject MALDET_ONLY environment variable into generated standalone scripts

CRITICAL BUG: The Maldet menu was setting MALDET_ONLY=1 in the parent shell,
but the generated standalone script was launched in a child process that didn't
inherit this environment variable. This caused the Maldet-only filter to never
activate, allowing all scanners to run instead of just Maldet.

FIX:
1. Added MALDET_ONLY placeholder in the generated script (line 1235)
2. Use sed to replace placeholder with actual value from parent shell (lines 2335-2340)
3. The value is now hardcoded into the generated script, ensuring filter works

BEHAVIOR:
- Maldet menu (option 1): MALDET_ONLY=1 injected → filter activates → runs Maldet only
- All-scanners menu (options 2-6): MALDET_ONLY=0 injected → filter skipped → runs all scanners

VERIFICATION:
- Both code paths tested and confirmed working
- Syntax check: passed
- Environment variable injection: working correctly

modules/security/malware-scanner.sh

@@ -1231,6 +1231,9 @@ CYAN='\033[0;36m'
 BOLD='\033[1m'
 NC='\033[0m'
 
+# MALDET_ONLY mode (injected from parent shell - for dedicated Maldet menu)
+MALDET_ONLY="PLACEHOLDER_MALDET_ONLY"
+
 # Detect control panel (for IP reputation tracking)
 if [ -z "$CONTROL_PANEL" ]; then
     if [ -f "/usr/local/cpanel/version" ]; then
@@ -2329,6 +2332,13 @@ STANDALONE_EOF
         return 1
     fi
 
+    # Inject MALDET_ONLY flag for Maldet-dedicated scans
+    local maldet_flag="${MALDET_ONLY:-0}"
+    if ! sed -i "s|PLACEHOLDER_MALDET_ONLY|$maldet_flag|" "$session_dir/scan.sh"; then
+        echo -e "${RED}ERROR: Failed to inject MALDET_ONLY flag${NC}"
+        return 1
+    fi
+
     # Make executable
     chmod +x "$session_dir/scan.sh"