Keep the code to delete previously-named malware rules file (#3619)

- just in case the previously-named rules file isn't deleted for some reason Signed-off-by: Mark Huth <[email protected]> (cherry picked from commit b6e75ab)
RedHatInsights · Dec 1, 2022 · 37c3e56 · 37c3e56
1 parent 5bc233a
commit 37c3e56
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/insights/client/apps/malware_detection/__init__.py b/insights/client/apps/malware_detection/__init__.py
@@ -603,7 +603,7 @@ def _get_rules(self):
         # malware-detection client exits.
         # However it can happen that the rules file isn't removed for some reason, so remove any existing
         # rules files before beginning a new scan, otherwise they may show up as matches in the scan results.
-        old_rules_files = glob('/tmp/.tmpsigs*')
+        old_rules_files = glob('/tmp/.tmpmdsigs*') + glob('/tmp/tmp_malware-detection-client_rules.*')
         for old_rules_file in old_rules_files:
             logger.debug("Removing old rules file %s", old_rules_file)
             os.remove(old_rules_file)
@@ -680,7 +680,7 @@ def _get_rules(self):
                     logger.error("Unable to download rules from %s: %s", self.rules_location, str(e))
                     exit(constants.sig_kill_bad)
 
-        self.temp_rules_file = NamedTemporaryFile(prefix='.tmpsigs', mode='wb', delete=True)
+        self.temp_rules_file = NamedTemporaryFile(prefix='.tmpmdsigs', mode='wb', delete=True)
         self.temp_rules_file.write(response.content)
         self.temp_rules_file.flush()
         return self.temp_rules_file.name
@@ -798,8 +798,8 @@ def scan_filesystem(self):
             dir_scan_end = time.time()
             logger.info("Scan time for %s: %d seconds", toplevel_dir, (dir_scan_end - dir_scan_start))
             if dir_scan_end - dir_scan_start >= self.scan_timeout - 2:
-                logger.warning("Scan of %s timed-out and may not have been fully scanned.  "
-                               "Consider increasing the scan_timeout value of %d in %s",
+                logger.warning("Scan of %s timed-out after %d seconds and may not have been fully scanned.  "
+                               "Consider increasing the scan_timeout value in %s",
                                toplevel_dir, self.scan_timeout, MALWARE_CONFIG_FILE)
 
         fs_scan_end = time.time()
@@ -865,8 +865,8 @@ def scan_processes(self):
             pid_scan_end = time.time()
             logger.info("Scan time for process %s: %d seconds", scan_pid, (pid_scan_end - pid_scan_start))
             if pid_scan_end - pid_scan_start >= self.scan_timeout - 2:
-                logger.warning("Scan of process %s timed out and may not have been fully scanned.  "
-                               "Consider increasing the scan_timeout value of %d in %s",
+                logger.warning("Scan of process %s timed-out after %d seconds and may not have been fully scanned.  "
+                               "Consider increasing the scan_timeout value in %s",
                                scan_pid, self.scan_timeout, MALWARE_CONFIG_FILE)
 
         pids_scan_end = time.time()

diff --git a/insights/tests/client/apps/test_malware_detection.py b/insights/tests/client/apps/test_malware_detection.py
@@ -31,7 +31,7 @@
 TEMP_TEST_DIR = "/tmp/malware-detection_test_dir_%s" % RANDOM_STRING
 
 YARA = '/bin/yara'  # Fake yara executable
-RULES_FILE = os.path.join(TEMP_TEST_DIR, '.tmpsigs.yar')
+RULES_FILE = os.path.join(TEMP_TEST_DIR, '.tmpmdsigs.yar')
 TEST_RULE_FILE = os.path.join(TEMP_TEST_DIR, 'test-rule.yar')
 TEST_RULE_SCRIPT = os.path.join(TEMP_TEST_DIR, 'test-rule_process_match.sh')
 CONFIG = yaml.safe_load(DEFAULT_MALWARE_CONFIG)  # Config 'returned' from _load_config