From b0646f21f22ceae80fb8301fc4e15443881a4026 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Sat, 21 Mar 2026 01:25:29 -0400
Subject: [PATCH] CRITICAL FIX: Handle grep failures with set -eo pipefail in
 scanner installation

FIXED:
- Added '|| true' to all grep commands that filter installation output
- ClamAV installation: Fixed grep exit code issue on yum/apt-get output
- Maldet installation: Fixed signature update grep failure handling
- ImunifyAV installation: Fixed deployment script grep and update grep failures
- Changed signature update checks from pipe-to-grep-or-retry to proper if-statement

BEHAVIOR CHANGE:
- Installation continues even if output patterns don't match expected strings
- Signature updates now use if-statement with grep -q instead of bare pipes
- Better status reporting: shows 'unclear' instead of error when status unknown

ROOT CAUSE:
With 'set -eo pipefail' enabled, grep commands that return 1 (no match) cause
the entire pipeline to fail. This was causing the installation to exit with code 1
even though the software was actually installing successfully.
---
 modules/security/malware-scanner.sh | 31 +++++++++++++++++++----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 2fbe335..0d8d306 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -220,13 +220,13 @@ install_all_scanners() {
             if rpm -qa | grep -q "cpanel-clamav"; then
                 echo -e "${GREEN}✓ ClamAV already installed (cPanel)${NC}"
             else
-                /scripts/update_local_rpm_versions --edit target_settings.clamav installed 2>/dev/null
-                /scripts/check_cpanel_rpms --fix --targets=clamav 2>&1 | grep -E "Installing|Updating|up to date"
+                /scripts/update_local_rpm_versions --edit target_settings.clamav installed 2>/dev/null || true
+                /scripts/check_cpanel_rpms --fix --targets=clamav 2>&1 | grep -E "Installing|Updating|up to date" || true
             fi
         elif command -v yum &>/dev/null; then
-            yum install -y clamav clamav-update 2>&1 | grep -E "Installing|Updating|already installed"
+            yum install -y clamav clamav-update 2>&1 | grep -E "Installing|Updating|already installed" || true
         elif command -v apt-get &>/dev/null; then
-            apt-get update && apt-get install -y clamav clamav-daemon
+            apt-get update && apt-get install -y clamav clamav-daemon || true
         fi
 
         if is_clamav_installed; then
@@ -238,8 +238,11 @@ install_all_scanners() {
             # Update virus signatures immediately
             if [ -n "$freshclam_bin" ]; then
                 echo "  → Updating virus signatures (this may take a moment)..."
-                $freshclam_bin 2>&1 | grep -E "updated|Downloaded|up-to-date" || $freshclam_bin &>/dev/null
-                echo -e "  ${GREEN}✓${NC} Signatures updated"
+                if "$freshclam_bin" 2>&1 | grep -qE "updated|Downloaded|up-to-date"; then
+                    echo -e "  ${GREEN}✓${NC} Signatures updated"
+                else
+                    echo -e "  ${YELLOW}⚠${NC} Signature update status unclear (may still be current)"
+                fi
             fi
         else
             echo -e "${RED}✗ ClamAV installation failed${NC}"
@@ -310,8 +313,11 @@ install_all_scanners() {
 
                 # Update malware signatures immediately
                 echo "  → Updating malware signatures..."
-                maldet -u 2>&1 | grep -E "update completed|signatures" || maldet -u &>/dev/null
-                echo -e "  ${GREEN}✓${NC} Signatures updated"
+                if maldet -u 2>&1 | grep -qE "update completed|signatures"; then
+                    echo -e "  ${GREEN}✓${NC} Signatures updated"
+                else
+                    echo -e "  ${YELLOW}⚠${NC} Signature update status unclear (continuing with current definitions)"
+                fi
             else
                 echo -e "${RED}✗ Maldet installation failed${NC}"
 
@@ -365,7 +371,7 @@ install_all_scanners() {
 
         if [ -f imav-deploy.sh ]; then
             # Run deployment script with progress indicators
-            bash imav-deploy.sh 2>&1 | grep -E "Installing|Installed|Complete|Error|Failed" || bash imav-deploy.sh
+            bash imav-deploy.sh 2>&1 | grep -E "Installing|Installed|Complete|Error|Failed" || true
             rm -f imav-deploy.sh
 
             # Enable cPanel UI plugin if installed
@@ -387,8 +393,11 @@ install_all_scanners() {
             # Update malware signatures immediately
             if [ -n "$imunify_bin" ]; then
                 echo "  → Updating malware signatures..."
-                $imunify_bin update 2>&1 | grep -E "updated|Success|completed" || $imunify_bin update &>/dev/null
-                echo -e "  ${GREEN}✓${NC} Signatures updated"
+                if "$imunify_bin" update 2>&1 | grep -qE "updated|Success|completed"; then
+                    echo -e "  ${GREEN}✓${NC} Signatures updated"
+                else
+                    echo -e "  ${YELLOW}⚠${NC} Signature update status unclear (continuing with current definitions)"
+                fi
             fi
         else
             echo -e "${RED}✗ ImunifyAV installation failed${NC}"