Signature Updates
cmd: malwatch signatures update
There are two ways to update signatures:
- Clone from
gitrepo. - Manually update (perhaps with automation such as
ansible).
Our official signature set is available to the public for free on GitHub at https://www.github.com/defended-net/malwatch-signatures
We intentionally do not include an http based signature update functionality because there is lack of transparency and change control for end users. A malicious rule would harm those if quarantine or exile are default actions! There is no reliable change accountability. If your current malware scanner updates this way, please carefully consider these scenarios.
Important
If realtime monitoring is used, then please restart the malwatch-monitor process. If you use systemd then it can be done as follows:
systemctl restart malwatch-monitor