HIGH PRIORITY FIX: Resolve find validation and temp file issues

HIGH BUG FIXES:
- [H4] Find operation without result validation (lines 171, 173)
  Problem: find command results not validated before use
  Fix: Check that find returned a result before assigning to variable

- [H6] Hardcoded /tmp paths without fallback (line 530, 541)
  Problem: Installation logs written to /tmp which might be read-only
  Fix: Use fallback directory system (/tmp → /var/tmp → /root)
  Impact: Installations now work on systems with restricted /tmp

VERIFICATION:
- Syntax check: PASS (bash -n)
- All fallbacks properly implemented
- Temp files safely handled across different system configurations

modules/security/malware-scanner.sh

@@ -168,9 +168,13 @@ is_clamav_installed() {
     elif [ -f "/usr/local/cpanel/3rdparty/bin/clamscan" ]; then
         clamscan_path="/usr/local/cpanel/3rdparty/bin/clamscan"
     elif command -v rpm &>/dev/null && rpm -qa 2>/dev/null | grep -q "cpanel-clamav" || true; then
-        clamscan_path=$(find /usr -name clamscan -type f 2>/dev/null | head -1)
+        # Find clamscan in system, validate result before using
+        local found_clamscan=$(find /usr -name clamscan -type f 2>/dev/null | head -1)
+        [ -n "$found_clamscan" ] && clamscan_path="$found_clamscan"
     elif command -v dpkg &>/dev/null && dpkg -l 2>/dev/null | grep -q "^ii.*clamav" || true; then
-        clamscan_path=$(find /usr -name clamscan -type f 2>/dev/null | head -1)
+        # Find clamscan in system, validate result before using
+        local found_clamscan=$(find /usr -name clamscan -type f 2>/dev/null | head -1)
+        [ -n "$found_clamscan" ] && clamscan_path="$found_clamscan"
     fi
 
     # Verify clamscan exists, is executable, and can run
@@ -523,7 +527,12 @@ install_maldet_only() {
             install_dir=$(find . -maxdepth 1 -type d \( -name "*malware*" -o -name "*maldet*" \) 2>/dev/null | head -1)
 
             if [ -n "$install_dir" ] && [ -f "$install_dir/install.sh" ]; then
-                if cd "$install_dir" 2>/dev/null && bash install.sh > /tmp/maldet-install.log 2>&1; then
+                # Use fallback directory for install log (not all systems have writable /tmp)
+                local install_log="/tmp/maldet-install-$$.log"
+                [ -w "/tmp" ] || install_log="/var/tmp/maldet-install-$$.log"
+                [ -w "${install_log%/*}" ] || install_log="$HOME/maldet-install-$$.log"
+
+                if cd "$install_dir" 2>/dev/null && bash install.sh > "$install_log" 2>&1; then
                     echo -e "  ${GREEN}✓ Maldet installed successfully${NC}"
 
                     # Update signatures in background
@@ -534,7 +543,7 @@ install_maldet_only() {
                         echo "  (signatures updating in background)"
                     fi
                 else
-                    echo -e "  ${RED}✗ Installation failed. Check /tmp/maldet-install.log${NC}"
+                    echo -e "  ${RED}✗ Installation failed. Check $install_log${NC}"
                 fi
             else
                 echo -e "  ${RED}✗ Could not find install.sh in extracted directory${NC}"