diff --git a/insights/client/apps/malware_detection/__init__.py b/insights/client/apps/malware_detection/__init__.py index 9de74860c..27a6d6ee5 100644 --- a/insights/client/apps/malware_detection/__init__.py +++ b/insights/client/apps/malware_detection/__init__.py @@ -603,7 +603,7 @@ def _get_rules(self): # malware-detection client exits. # However it can happen that the rules file isn't removed for some reason, so remove any existing # rules files before beginning a new scan, otherwise they may show up as matches in the scan results. - old_rules_files = glob('/tmp/.tmpsigs*') + old_rules_files = glob('/tmp/.tmpmdsigs*') + glob('/tmp/tmp_malware-detection-client_rules.*') for old_rules_file in old_rules_files: logger.debug("Removing old rules file %s", old_rules_file) os.remove(old_rules_file) @@ -680,7 +680,7 @@ def _get_rules(self): logger.error("Unable to download rules from %s: %s", self.rules_location, str(e)) exit(constants.sig_kill_bad) - self.temp_rules_file = NamedTemporaryFile(prefix='.tmpsigs', mode='wb', delete=True) + self.temp_rules_file = NamedTemporaryFile(prefix='.tmpmdsigs', mode='wb', delete=True) self.temp_rules_file.write(response.content) self.temp_rules_file.flush() return self.temp_rules_file.name @@ -798,8 +798,8 @@ def scan_filesystem(self): dir_scan_end = time.time() logger.info("Scan time for %s: %d seconds", toplevel_dir, (dir_scan_end - dir_scan_start)) if dir_scan_end - dir_scan_start >= self.scan_timeout - 2: - logger.warning("Scan of %s timed-out and may not have been fully scanned. " - "Consider increasing the scan_timeout value of %d in %s", + logger.warning("Scan of %s timed-out after %d seconds and may not have been fully scanned. " + "Consider increasing the scan_timeout value in %s", toplevel_dir, self.scan_timeout, MALWARE_CONFIG_FILE) fs_scan_end = time.time() @@ -865,8 +865,8 @@ def scan_processes(self): pid_scan_end = time.time() logger.info("Scan time for process %s: %d seconds", scan_pid, (pid_scan_end - pid_scan_start)) if pid_scan_end - pid_scan_start >= self.scan_timeout - 2: - logger.warning("Scan of process %s timed out and may not have been fully scanned. " - "Consider increasing the scan_timeout value of %d in %s", + logger.warning("Scan of process %s timed-out after %d seconds and may not have been fully scanned. " + "Consider increasing the scan_timeout value in %s", scan_pid, self.scan_timeout, MALWARE_CONFIG_FILE) pids_scan_end = time.time() diff --git a/insights/tests/client/apps/test_malware_detection.py b/insights/tests/client/apps/test_malware_detection.py index aff5ac325..44bd7dcd8 100644 --- a/insights/tests/client/apps/test_malware_detection.py +++ b/insights/tests/client/apps/test_malware_detection.py @@ -31,7 +31,7 @@ TEMP_TEST_DIR = "/tmp/malware-detection_test_dir_%s" % RANDOM_STRING YARA = '/bin/yara' # Fake yara executable -RULES_FILE = os.path.join(TEMP_TEST_DIR, '.tmpsigs.yar') +RULES_FILE = os.path.join(TEMP_TEST_DIR, '.tmpmdsigs.yar') TEST_RULE_FILE = os.path.join(TEMP_TEST_DIR, 'test-rule.yar') TEST_RULE_SCRIPT = os.path.join(TEMP_TEST_DIR, 'test-rule_process_match.sh') CONFIG = yaml.safe_load(DEFAULT_MALWARE_CONFIG) # Config 'returned' from _load_config