Fix Maldet scanning 0 files - incorrect flag syntax

Problem: Maldet completed in 1s scanning 0 files with error: "must use absolute path, provided relative path '-f'" Root Cause: Line 1075 used: maldet -b -a -f "$TEMP_PATHLIST" The -a (scan-all PATH) flag cannot be combined with -f (file-list) Maldet interpreted "-f" as a relative path instead of a flag Solution: Replaced file-list approach with per-path loop: - Loop through each path in SCAN_PATHS array - Call: maldet -b -a "$path" for each path individually - Skip non-existent directories with validation - Track exit codes across all scans Additional Changes: - Removed TEMP_PATHLIST creation and 3 cleanup calls - Changed result extraction to use event log (more reliable): grep "scan completed" /usr/local/maldetect/logs/event_log - Added validation for non-existent paths - Preserved 2-hour timeout per path Impact: Maldet will now actually scan files instead of failing silently. The -a flag ensures ALL files are scanned regardless of modification time (fixes default 1-day age filter).
2025-12-23 15:34:03 -05:00
parent 448f1ed1d5
commit de46a77728
1 changed files with 30 additions and 21 deletions
@@ -1059,35 +1059,46 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
                echo "⚠️  WARNING: Signature update failed, using existing signatures"
            fi

-            # Create temp path list
-            TEMP_PATHLIST="/tmp/maldet_paths_$$.txt"
-            printf '%s\n' "${SCAN_PATHS[@]}" > "$TEMP_PATHLIST"
-
            log_message "Maldet: Starting scan with live progress"
            echo ""
            echo "  📁 Scanning path(s): ${SCAN_PATHS[*]}"
            echo "  ⏳ Scanner: Maldet/LMD (Linux-specific malware detection...)"
            echo ""

-            # Run with --progress for real-time percentage updates
-            # Use -a flag to scan all files (not just recent modifications)
-            # Timeout after 2 hours
-            timeout 7200 maldet -b -a -f "$TEMP_PATHLIST" 2>&1 | tee -a "$LOG_DIR/maldet.log" | while IFS= read -r line; do
-                # Parse progress lines: "files: 1234 (45%)"
-                if [[ "$line" =~ files:\ ([0-9]+)\ \(([0-9]+)%\) ]]; then
-                    files_so_far="${BASH_REMATCH[1]}"
-                    percent="${BASH_REMATCH[2]}"
-                    printf "\r  Progress: %3d%% (%s files scanned)  " "$percent" "$files_so_far"
+            # Scan each path individually with -a (scan-all) flag
+            # Note: -a flag scans all files regardless of modification time
+            # Cannot combine -a with -f (file-list), so we loop through paths
+            MALDET_EXIT=0
+            TOTAL_MALDET_FILES=0
+            TOTAL_MALDET_HITS=0
+
+            for path in "${SCAN_PATHS[@]}"; do
+                if [ ! -d "$path" ]; then
+                    log_message "Maldet: Skipping non-existent path: $path"
+                    continue
                fi
+
+                log_message "Maldet: Scanning $path with -a (all files)"
+
+                # Run with -a (scan-all) for comprehensive scanning
+                # Timeout after 2 hours per path
+                timeout 7200 maldet -b -a "$path" &>> "$LOG_DIR/maldet.log"
+                local exit_code=$?
+
+                if [ $exit_code -ne 0 ]; then
+                    MALDET_EXIT=$exit_code
+                fi
+
+                # Give scan a moment to complete
+                sleep 2
            done
-            MALDET_EXIT=$?
+
            echo "" # New line after progress

            if [ "$MALDET_EXIT" -eq 124 ]; then
                log_message "ERROR: Maldet scan timed out after 2 hours"
                echo "  ⏱️  Scan timed out (exceeded 2 hour limit)"
                echo "Maldet scan timed out" >> "$SUMMARY_FILE"
-                rm -f "$TEMP_PATHLIST"
                SCAN_END=$(date +%s)
                DURATION=$((SCAN_END - SCAN_START))
                echo ""
@@ -1096,16 +1107,16 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
                log_message "ERROR: Maldet scan failed with exit code $MALDET_EXIT"
                echo "  ✗ Scan failed (exit code: $MALDET_EXIT) - check logs"
                echo "Maldet scan failed (exit code: $MALDET_EXIT)" >> "$SUMMARY_FILE"
-                rm -f "$TEMP_PATHLIST"
                SCAN_END=$(date +%s)
                DURATION=$((SCAN_END - SCAN_START))
                echo ""
                continue
            fi

-            # Extract scan results
-            FILES_SCANNED=$(grep "files scanned" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}')
-            MALDET_HITS=$(grep "malware hits" "$LOG_DIR/maldet.log" | tail -1 | awk '{print $1}')
+            # Extract scan results from event log (more reliable than parsing output)
+            # Maldet logs to /usr/local/maldetect/logs/event_log
+            FILES_SCANNED=$(grep "scan completed" /usr/local/maldetect/logs/event_log | tail -1 | grep -oP 'files \K[0-9]+' || echo 0)
+            MALDET_HITS=$(grep "scan completed" /usr/local/maldetect/logs/event_log | tail -1 | grep -oP 'malware hits \K[0-9]+' || echo 0)

            # Validate numbers
            if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then
@@ -1115,8 +1126,6 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
                MALDET_HITS=0
            fi

-            rm -f "$TEMP_PATHLIST"
-
            SCAN_END=$(date +%s)
            DURATION=$((SCAN_END - SCAN_START))
            echo "  ✓ Scanned $FILES_SCANNED files"