Skip to content

Update

cmd: malwatch signatures update

There are two ways to update signatures:

  • Clone from git repo.
  • Manually update (perhaps with automation such as ansible).

Our official signature set is available to the public for free on GitHub at https://www.github.com/defended-net/malwatch-signatures

We intentionally do not include an http based signature update functionality because there is lack of transparency and change control for end users. A malicious rule would harm those if quarantine or exile are default actions! There is no reliable change accountability. If your current malware scanner updates this way, please carefully consider these scenarios.

Important

If realtime monitoring is used, then please restart the malwatch-monitor process. If you use systemd then it can be done as follows:

systemctl restart malwatch-monitor