screwy/incorrect behavior in PHP script

[gamblor01]

I have some PHP code that is supposed to invoke a bash script and it doesn't seem to be working. The basic idea is that it is pulling down an HTML file, scanning it with clamscan, and then reporting whether or not an infection is found in the source code. Not perfect but it doesn't have to be. The shell script is as follows:

Code:

#!/bin/bash

in=/tmp/foo.html
outfile=/tmp/clamscan.txt
cd ~/bin
addr=$(java ParseURL "$*")

w3m -dump_source ${addr} | clamscan - > ${outfile} 2>&1
infected=$(grep "Infected files" ${outfile} | tr -s ' ' | cut -d ' ' -f 3)
exploit=$(grep "FOUND" ${outfile})

if [ -n "$exploit" ]; then
  echo "infected"
elif [ -n "$infected" ]; then
  if [ $infected -gt 1 ]; then
    echo "infected"
  else
    echo "clean"
  fi
else
  echo "clean"
fi

rm -rf $in
rm -rf $outfile

Just FYI, the Java class will parse a string and pull out only the URL from it based on some regular expressions. So if I pass in the string "hello my name is www.ebay.com and I like to sell stuff" the Java program would return only the string "www.ebay.com".

What is silly is that I can run the above shell script manually and it will output the correct answer:

Code:

$ ./friend-scan is testing http://www.xxx.xxx/exp2.html
infected

However, if I call the exact same command from my PHP code it prints "clean". Here is the PHP code (and at this particular point, the variable $msg is the string "is testing http://www.xxx.xxx/exp2.html"):

Code:

      // run clam-scan on the target HTML file
      $command = "/home/bdmayes/bin/friend-scan $msg";
      echo "Calling $command <br>";
      $myOutput=shell_exec($command);
      echo "<pre>$myOutput</pre>";

and here is the output from the resulting HTML page:

Code:

Calling /home/bdmayes/bin/friend-scan is testing http://www.xxx.xxx/exp2.html

clean

I have done some testing by adding the following code to my shell script:

Code:

testFile=/tmp/addr.txt
echo "$*" >> $testFile
echo "$infected" >> $testFile
echo "$exploit" >> $testFile
echo "" >> $testFile

and what I found is that when my PHP code calls the friend-scan script, the variable $exploit seems to be null. Also, it finds zero infections:

Code:

$ cat /tmp/addr.txt 
is testing http://www.xxx.xxx/exp2.html
0

If I run this exact same script manually it finds an infection!

Code:

$ cat /tmp/addr2.txt 
is testing http://www.xxx.xxx/exp2.html
1
stdin: Exploit.CVE-2006-3730 FOUND

How is this possible? Anybody have an idea what is going on here? (bwkaz -- I'm looking in your direction )