Skip to content 

              __            __      __
  __ _  ___ _/ /    _____ _/ /_____/ /
 /    \/ _ `/ / |/|/ / _ `/ __/ __/ _ \
/_/_/_/\_,_/_/|__,__/\_,_/\__/\__/_//_/
                           defended.net

Malwatch is a fast and lightweight malware scanner written in go that is ideal for Linux based web server environments. Minimal resource usage and performance are some of its key design objectives. Signatures are written as yara.

Malwatch is capable of scaling to any requirements, it is currently used with some of the internet's largest deployments.

The web hosting industry is in need for a modern open source solution that is done properly. A scan using malwatch demands less resource usage than an average PHP FPM child process, making it possible for any provider to offer protection which their customers expect and deserve. The common perception that good malware detection requires execessive resource usage is no longer valid.

There is tremendous value if malwatch is elected to replace your fleet's existing commercial solution. Please consider sponsoring to help us maintain this and other projects.

How is this different?

  • Leading performance with resource usage profile delivered in ~22 MiB memory alongside low cpu footprint even under full load.
  • Concurrency can be limited by number of cores and thread count.
  • The queue design impemented for realtime scans ensures that the volume of ongoing filesystem activity does not influence resource usage.
  • Realtime scans are also not affected by open file counts, even for systems with very busy filesystem activity.
  • Huge file sizes does not affect stability due to configurable fixed size chunk reads.

Besides performance, what other features does malwatch provide?

  • Comprehensive malware signature set is included.
  • Simple yet powerful API to integrate with your backend and platform. Ideal to improve threat intelligence.
  • Flexible alerting capability with built in support for PagerDuty, E - Mail and generic JSON. Use our API to easily add your own!
  • Granular control over the outcome of malware with the help of actions. We include alert, quarantine, clean and exile but custom actions can be made as well.
  • Intuitive and completely transparent signature management. Commit changes to a git repo for secure delivery.
  • Structured logging entirely in the form of JSON.
  • ACID compliant database for detection record keeping.