Three critical fixes to improve malware scanner usability:
1. Entire Server Scan Scope (line 1132):
- Changed from scanning only cPanel docroots to scanning entire filesystem
- scan_paths=("/") instead of scan_paths=("${sanitized_docroot[@]}")
- Updated display message: "Scan scope: Entire server from /"
- Fixes issue where "Entire server" option only scanned user directories
2. Screen Session Persistence (line 917):
- Added 'exec bash' at end of scan script to keep screen session alive
- User now has time to review summary and answer cleanup prompt
- Screen won't auto-close when script finishes
- Provides option to open interactive shell or detach (Ctrl+A then D)
- Fixes premature session termination issue
3. Selective Cleanup (lines 883-899):
- Changed cleanup to only delete scan.sh script
- Logs and results are always preserved at /opt/malware-*/
- New prompt: "Delete scan script? (Logs and results will be preserved)"
- Only removes scan.sh when user answers "yes"
- User can manually delete entire directory if needed: rm -rf $SCAN_DIR
- Moved RKHunter cleanup before user prompt (lines 870-880)
Benefits:
- Full server scanning actually scans from / root
- User can review results before screen closes
- Scan scripts are cleaned up for security
- Logs/results preserved for later review
- No accidental data loss
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
cschantz
9d6cdf6cdb