cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Maldet scanning 0 files - incorrect flag syntax

Browse Source 
Problem:
Maldet completed in 1s scanning 0 files with error:
  "must use absolute path, provided relative path '-f'"

Root Cause:
Line 1075 used: maldet -b -a -f "$TEMP_PATHLIST"
The -a (scan-all PATH) flag cannot be combined with -f (file-list)
Maldet interpreted "-f" as a relative path instead of a flag

Solution:
Replaced file-list approach with per-path loop:
- Loop through each path in SCAN_PATHS array
- Call: maldet -b -a "$path" for each path individually
- Skip non-existent directories with validation
- Track exit codes across all scans

Additional Changes:
- Removed TEMP_PATHLIST creation and 3 cleanup calls
- Changed result extraction to use event log (more reliable):
  grep "scan completed" /usr/local/maldetect/logs/event_log
- Added validation for non-existent paths
- Preserved 2-hour timeout per path

Impact:
Maldet will now actually scan files instead of failing silently.
The -a flag ensures ALL files are scanned regardless of
modification time (fixes default 1-day age filter).
This commit is contained in:
cschantz
2025-12-23 15:34:03 -05:00
parent 448f1ed1d5
commit de46a77728
1 changed files with 30 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+30 -21
View File
@@ -1059,35 +1059,46 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
echo "⚠️ WARNING: Signature update failed, using existing signatures" echo "⚠️ WARNING: Signature update failed, using existing signatures"
fi fi
# Create temp path list
TEMP_PATHLIST="/tmp/maldet_paths_$$.txt"
printf '%s\n' "${SCAN_PATHS[@]}" > "$TEMP_PATHLIST"
log_message "Maldet: Starting scan with live progress" log_message "Maldet: Starting scan with live progress"
echo "" echo ""
echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}" echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}"
echo " ⏳ Scanner: Maldet/LMD (Linux-specific malware detection...)" echo " ⏳ Scanner: Maldet/LMD (Linux-specific malware detection...)"
echo "" echo ""
# Run with --progress for real-time percentage updates # Scan each path individually with -a (scan-all) flag
# Use -a flag to scan all files (not just recent modifications) # Note: -a flag scans all files regardless of modification time
# Timeout after 2 hours # Cannot combine -a with -f (file-list), so we loop through paths
timeout 7200 maldet -b -a -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do MALDET_EXIT=0
# Parse progress lines: "files: 1234 (45%)" TOTAL_MALDET_FILES=0
if [[ "$line" =~ files:\ ([0-9]+)\ \(([0-9]+)%\) ]]; then TOTAL_MALDET_HITS=0
files_so_far="${BASH_REMATCH[1]}"
percent="${BASH_REMATCH[2]}" for path in "${SCAN_PATHS[@]}"; do
printf "\r Progress: %3d%% (%s files scanned) " "$percent" "$files_so_far" if [ ! -d "$path" ]; then
log_message "Maldet: Skipping non-existent path: $path"
continue
fi fi
log_message "Maldet: Scanning $path with -a (all files)"
# Run with -a (scan-all) for comprehensive scanning
# Timeout after 2 hours per path
timeout 7200 maldet -b -a "$path" &>> "$LOG_DIR/maldet.log"
local exit_code=$?
if [ $exit_code -ne 0 ]; then
MALDET_EXIT=$exit_code
fi
# Give scan a moment to complete
sleep 2
done done
MALDET_EXIT=$?
echo "" # New line after progress echo "" # New line after progress
if [ "$MALDET_EXIT" -eq 124 ]; then if [ "$MALDET_EXIT" -eq 124 ]; then
log_message "ERROR: Maldet scan timed out after 2 hours" log_message "ERROR: Maldet scan timed out after 2 hours"
echo " ⏱️ Scan timed out (exceeded 2 hour limit)" echo " ⏱️ Scan timed out (exceeded 2 hour limit)"
echo "Maldet scan timed out" >> "$SUMMARY_FILE" echo "Maldet scan timed out" >> "$SUMMARY_FILE"
rm -f "$TEMP_PATHLIST"
SCAN_END=$(date +%s) SCAN_END=$(date +%s)
DURATION=$((SCAN_END - SCAN_START)) DURATION=$((SCAN_END - SCAN_START))
echo "" echo ""
@@ -1096,16 +1107,16 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
log_message "ERROR: Maldet scan failed with exit code $MALDET_EXIT" log_message "ERROR: Maldet scan failed with exit code $MALDET_EXIT"
echo " ✗ Scan failed (exit code: $MALDET_EXIT) - check logs" echo " ✗ Scan failed (exit code: $MALDET_EXIT) - check logs"
echo "Maldet scan failed (exit code: $MALDET_EXIT)" >> "$SUMMARY_FILE" echo "Maldet scan failed (exit code: $MALDET_EXIT)" >> "$SUMMARY_FILE"
rm -f "$TEMP_PATHLIST"
SCAN_END=$(date +%s) SCAN_END=$(date +%s)
DURATION=$((SCAN_END - SCAN_START)) DURATION=$((SCAN_END - SCAN_START))
echo "" echo ""
continue continue
fi fi
# Extract scan results # Extract scan results from event log (more reliable than parsing output)
FILES_SCANNED=$(grep "files scanned" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}') # Maldet logs to /usr/local/maldetect/logs/event_log
MALDET_HITS=$(grep "malware hits" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}') FILES_SCANNED=$(grep "scan completed" /usr/local/maldetect/logs/event_log | tail -1 | grep -oP 'files \K[0-9]+' || echo 0)
MALDET_HITS=$(grep "scan completed" /usr/local/maldetect/logs/event_log | tail -1 | grep -oP 'malware hits \K[0-9]+' || echo 0)
# Validate numbers # Validate numbers
if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then
@@ -1115,8 +1126,6 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
MALDET_HITS=0 MALDET_HITS=0
fi fi
rm -f "$TEMP_PATHLIST"
SCAN_END=$(date +%s) SCAN_END=$(date +%s)
DURATION=$((SCAN_END - SCAN_START)) DURATION=$((SCAN_END - SCAN_START))
echo " ✓ Scanned $FILES_SCANNED files" echo " ✓ Scanned $FILES_SCANNED files"