diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index cdef99f..31eb7d6 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -348,14 +348,24 @@ install_maldet_only() {
 
         if [ -n "$local_archive" ]; then
             echo ""
-            echo "Using pre-downloaded archive..."
-            temp_file="/tmp/maldetect-offline.tar.gz"
-            if cp "$local_archive" "$temp_file" 2>/dev/null && [ -f "$temp_file" ] && [ -s "$temp_file" ]; then
-                download_success=true
-                best_source="offline-archive"
-                echo -e "${GREEN}✓ Archive ready for extraction${NC}"
+            echo "Using pre-downloaded archive: $local_archive"
+            # Use archive directly without copying
+            temp_file="$local_archive"
+
+            # Validate the archive
+            if [ -f "$temp_file" ] && [ -s "$temp_file" ]; then
+                # Quick check: can we read it as tar?
+                if tar -tzf "$temp_file" >/dev/null 2>&1; then
+                    download_success=true
+                    best_source="offline-archive"
+                    echo -e "${GREEN}✓ Archive validated and ready for extraction${NC}"
+                else
+                    echo -e "${RED}✗ Archive is corrupted or not a valid tar file${NC}"
+                    download_success=false
+                    temp_file=""
+                fi
             else
-                echo -e "${RED}✗ Failed to copy or validate archive${NC}"
+                echo -e "${RED}✗ Archive file is missing or empty${NC}"
                 download_success=false
                 temp_file=""
             fi