Issue: ImunifyAV's built-in exclusions prevent comprehensive scanning
When scanning full server ("/"), ImunifyAV only scanned 0.045% of files
in /usr/local (20 out of 44,135 files) and 0% of /opt (0 out of 7,989).
Problem Analysis:
ImunifyAV has 131 global ignore patterns that skip:
- Vendor directories (node_modules, composer, etc.)
- Cache directories (wp-content/cache, var/cache, etc.)
- Template compilation directories
- System library paths
- Development/build artifacts
These exclusions apply GLOBALLY, not just when scanning from "/".
Even when explicitly told to scan /usr/local or /opt, ImunifyAV
still applies all ignore patterns, resulting in near-zero coverage
of system directories.
Evidence from Test Scan:
Directory Actual Files ImunifyAV Scanned Coverage
/usr/local 44,135 20 0.045%
/opt 7,989 0 0%
/var/www 1 0 0%
/var/lib 1 0 0%
/home 2,087 3,871 185% (good!)
ImunifyAV is designed for web hosting security (user content),
NOT comprehensive system malware scanning.
Solution:
Skip ImunifyAV entirely when scanning "/" (option 1: full server scan)
Use ImunifyAV ONLY for user-focused scans where it excels:
- Option 2: All user accounts (/home or /var/www/vhosts)
- Option 3: Specific user account
- Option 4: Specific domain
- Option 5: Custom path (usually user paths)
Benefits:
1. Faster scans - don't waste time on paths ImunifyAV ignores
2. Honest coverage - users know what's actually being scanned
3. ClamAV + Maldet provide TRUE comprehensive system coverage
4. ImunifyAV still used where it works best (user content)
Changes:
1. Added skip logic at start of ImunifyAV case (line 808)
- Detects if SCAN_PATHS = ["/"]
- Shows informative message explaining why it's skipped
- Logs skip reason to session.log
- Adds skip notice to summary report
- Uses 'continue' to skip to next scanner
2. Removed path expansion logic (no longer needed)
- Deleted 8-path expansion for "/"
- Now uses SCAN_PATHS as-is for user-focused scans
3. Updated menu to show which scanners are used:
- Option 1: "Scan entire server (ClamAV, Maldet, RKHunter)"
- Options 2-5: "All scanners" (includes ImunifyAV)
Scanner Usage by Menu Option:
1. Full server: ClamAV ✓ Maldet ✓ RKHunter ✓ ImunifyAV ✗
2. All users: ClamAV ✓ Maldet ✓ RKHunter ✓ ImunifyAV ✓
3. Specific user: ClamAV ✓ Maldet ✓ RKHunter ✓ ImunifyAV ✓
4. Specific domain: ClamAV ✓ Maldet ✓ RKHunter ✓ ImunifyAV ✓
5. Custom path: ClamAV ✓ Maldet ✓ RKHunter ✓ ImunifyAV ✓
User Requirement:
"okay lets just make sure that imunify is included in users only scans.
And make sure in the malware scanner menu that Imunify can only be
used in user specific scans"
Status: ✅ Implemented - ImunifyAV now only used for user scans
cschantz
3407514920