Signature-based scanning

Last updated on May 04th, 2022 by Joel Farrugia. Filed under

« Back to Glossary Index

What is signature-based scanning?

Signature-based scanning is a type of scanning that uses signatures to detect patterns. While signature-based scanning is used by many different kinds of scanners, one notable use is in antivirus and malware scanners.

Signature scanning today is very different from that of yesteryear. Advances in AI have given signature-based scanning a boost that allows for a more efficient detection mechanism that does not require a 100% match between signature and patterns.

How does signature-based scanning work?

Signature-based scanning is one type of scanning, with the other being heuristic scanning. What makes signature-based scanning different is that it needs to have a signature in its database. Traditionally, these signatures were a sequence of bytes common to a specific pattern. The pattern, in turn, would belong to whatever the scanner is looking for, such as malware or number of malware.

Using the malware example, it is possible to detect multiple malware using one signature because some malware share code. If the byte sequence defined in the signature is present in the shared code, then the anti malware would be able to detect all malware that shares the same code.

Modern malware are more advanced, and detecting signatures in the form of a byte sequence is not enough. As such, modern signature-based anti malware scanners use more sophisticated forms of signatures to detect malware.

The signature library needs to be updated constantly to ensure there are signatures for existing and new malware. Signature updates are released by the manufacturer and are downloaded and installed by the anti malware software itself.

The benefits of signature-based scanning

Signature-based scanning, when coupled with newer technologies such as AI, is employed in a variety of scenarios. In WordPress environments, malware scanning and WAFs are two use cases that make use of signature-based scanning.

Black box scanners, which scan web applications such as WordPress for vulnerabilities and server misconfigurations, can also make use of signature-based scanning – however here you will also find solutions that make use of heuristic scanning technologies.

« Back to Glossary Index

Our other plugins