cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ImunifyAV output parsing in malware scanner

Browse Source 
Changes:
- Fixed incorrect scan result retrieval (was getting oldest scan instead of newest)
- Changed tail -1 to tail -n +2 | head -1 (skip header, get most recent scan)
- Fixed field number from 0 to 1 (TOTAL files scanned)
- Extract TOTAL_MALICIOUS from scan result directly (field 12)
- Added number validation to ImunifyAV, ClamAV, and Maldet parsers
- Now correctly reports realistic file counts (e.g., 3997 files in 69s, not millions)

Tested:
✓ ImunifyAV parsing verified with actual output
✓ Syntax check passed

Bug reference: BUG_014 in REFDB_FORMAT.txt
This commit is contained in:
cschantz
2025-11-13 16:52:44 -05:00
parent 0ebfc28e50
commit b383685b1b
2 changed files with 54 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
REFDB_FORMAT.txt
+26 -2
View File
@@ -2,14 +2,14 @@
# SERVER TOOLKIT - CLAUDE AI CONTEXT DATABASE
################################################################################
# OPTIMIZED FOR: Claude Code AI parsing and context loading
# LAST UPDATED: 2025-11-07
# LAST UPDATED: 2025-11-12
# VERSION: 2.1.0
# FORMAT: Structured key-value with hierarchical sections
################################################################################
[META]
version: 2.1.0
updated: 2025-11-07
updated: 2025-11-12
status: production_ready
base_path: /root/server-toolkit
entry_point: launcher.sh
@@ -353,6 +353,21 @@ options:
0: Return to menu (cancel)
[RECENT_COMMITS]
# Latest changes (2025-11-12)
commit: d5eb8c7
date: 2025-11-12
title: Fix ImunifyAV output parsing in malware scanner
files: modules/security/malware-scanner.sh
changes:
- Fixed incorrect scan result retrieval (was getting oldest scan instead of newest)
- Changed tail -1 to tail -n +2 | head -1 (skip header, get most recent scan)
- Extract TOTAL_MALICIOUS from scan result directly (field 12)
- Added number validation to ImunifyAV, ClamAV, and Maldet parsers
- Now correctly reports realistic file counts (e.g., 3997 files in 69s, not millions)
testing: Verified with actual ImunifyAV output - parsing works correctly
bug_ref: BUG_014
# Latest changes (2025-11-10)
commit: 172a115
@@ -417,6 +432,15 @@ push: git push origin main
[BUGS_FIXED_HISTORY]
# Historical bug fixes - DO NOT REINTRODUCE
BUG_014: ImunifyAV scan results parsing incorrect
issue: Used tail -1 to get "last scan" but ImunifyAV lists newest first, so was getting oldest scan
issue: Was reading wrong/stale scan results showing unrealistic file counts
fix: Changed to tail -n +2 | head -1 (skip header, get first data line = newest scan)
fix: Extract TOTAL_MALICIOUS (field 12) directly from scan result instead of separate query
fix: Added validation to ensure parsed values are numbers
location: modules/security/malware-scanner.sh:673-692
tested: 2025-11-12 - Correctly shows 3997 files in 69s (not millions in seconds)
BUG_013: Brace redirection blocks variable assignment
fix: Use exec file descriptor manipulation instead of { } >/dev/null
location: lib/system-detect.sh:439-445