The Defense Robot module adds malware signatures

You are here:
Estimated reading time: 1 min

The Defense Robot module will add malware signatures to the Malware database. The malware signatures are generated from the files that were used to upload malware. To avoid any possible issue caused by the false-positive catches the files matching these signatures will not be quarantined they will be logged only.

The malware signature matches are logged only because the signatures generated like this are in “Valiadting” state. The signatures can be published, this will quarantine these malware catches.

Before deciding whether you want to set the signatures to “Production” state or you wish to discard them we recommend checking the files matching the signatures.

Check the malware signatures.

You can check which malware is matching which signature on the Dashboard under the Infected files menu point by clicking on the Details button and then selecting the Malware Info section.

Then you can check what other files are matching the malware signature with the command below.

bitninjacli --module=MalwareDetection --list-signature-catches  --id=<signatureId>
If you find a signature that matches some malware but also some non malicious files then we recommend deleting the found malware manually and then discarding the malware signature.

Quarantine the malwares

The command below is setting the malware signatures’ state to “Production” from “Validating” so the files matching these signatures will be quarantined.

bitninjacli --module=MalwareDetection --publish-signature  --id=<signatureId>

Discard the malware signatures

You can also discard the malware signatures in case they are matching non-malicious files.

The command below will remove the malware signature with the corresponding signature ID.

bitninjacli --module=MalwareDetection --discard-signature  --id=<signatureId>

Views: 167