diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index a485dc2..3474c20 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -1059,35 +1059,46 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do echo "⚠️ WARNING: Signature update failed, using existing signatures" fi - # Create temp path list - TEMP_PATHLIST="/tmp/maldet_paths_$$.txt" - printf '%s\n' "${SCAN_PATHS[@]}" > "$TEMP_PATHLIST" - log_message "Maldet: Starting scan with live progress" echo "" echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}" echo " ⏳ Scanner: Maldet/LMD (Linux-specific malware detection...)" echo "" - # Run with --progress for real-time percentage updates - # Use -a flag to scan all files (not just recent modifications) - # Timeout after 2 hours - timeout 7200 maldet -b -a -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do - # Parse progress lines: "files: 1234 (45%)" - if [[ "$line" =~ files:\ ([0-9]+)\ \(([0-9]+)%\) ]]; then - files_so_far="${BASH_REMATCH[1]}" - percent="${BASH_REMATCH[2]}" - printf "\r Progress: %3d%% (%s files scanned) " "$percent" "$files_so_far" + # Scan each path individually with -a (scan-all) flag + # Note: -a flag scans all files regardless of modification time + # Cannot combine -a with -f (file-list), so we loop through paths + MALDET_EXIT=0 + TOTAL_MALDET_FILES=0 + TOTAL_MALDET_HITS=0 + + for path in "${SCAN_PATHS[@]}"; do + if [ ! -d "$path" ]; then + log_message "Maldet: Skipping non-existent path: $path" + continue fi + + log_message "Maldet: Scanning $path with -a (all files)" + + # Run with -a (scan-all) for comprehensive scanning + # Timeout after 2 hours per path + timeout 7200 maldet -b -a "$path" &>> "$LOG_DIR/maldet.log" + local exit_code=$? + + if [ $exit_code -ne 0 ]; then + MALDET_EXIT=$exit_code + fi + + # Give scan a moment to complete + sleep 2 done - MALDET_EXIT=$? + echo "" # New line after progress if [ "$MALDET_EXIT" -eq 124 ]; then log_message "ERROR: Maldet scan timed out after 2 hours" echo " ⏱️ Scan timed out (exceeded 2 hour limit)" echo "Maldet scan timed out" >> "$SUMMARY_FILE" - rm -f "$TEMP_PATHLIST" SCAN_END=$(date +%s) DURATION=$((SCAN_END - SCAN_START)) echo "" @@ -1096,16 +1107,16 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do log_message "ERROR: Maldet scan failed with exit code $MALDET_EXIT" echo " ✗ Scan failed (exit code: $MALDET_EXIT) - check logs" echo "Maldet scan failed (exit code: $MALDET_EXIT)" >> "$SUMMARY_FILE" - rm -f "$TEMP_PATHLIST" SCAN_END=$(date +%s) DURATION=$((SCAN_END - SCAN_START)) echo "" continue fi - # Extract scan results - FILES_SCANNED=$(grep "files scanned" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}') - MALDET_HITS=$(grep "malware hits" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}') + # Extract scan results from event log (more reliable than parsing output) + # Maldet logs to /usr/local/maldetect/logs/event_log + FILES_SCANNED=$(grep "scan completed" /usr/local/maldetect/logs/event_log | tail -1 | grep -oP 'files \K[0-9]+' || echo 0) + MALDET_HITS=$(grep "scan completed" /usr/local/maldetect/logs/event_log | tail -1 | grep -oP 'malware hits \K[0-9]+' || echo 0) # Validate numbers if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then @@ -1115,8 +1126,6 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do MALDET_HITS=0 fi - rm -f "$TEMP_PATHLIST" - SCAN_END=$(date +%s) DURATION=$((SCAN_END - SCAN_START)) echo " ✓ Scanned $FILES_SCANNED files"