Release: malwatch 1.5.1

13 June 2026 Roscoe Skeens


Security

  • sec: update stdlib crypto to 0.50.0

Refactors

  • refactor: add exile act new fsys handling compatibility
  • refactor: add scan worker condemn optimisation
  • refactor: cli scan rename
  • refactor: harden directadmin integration
  • refactor: harden fsys
  • refactor: improve db uid and gid handling
  • refactor: improve scan walk cancellation
  • refactor: monitor dead code cleanup
  • refactor: optimally load clean act sigs
  • refactor: optimise json alerts
  • refactor: remove clean act dead code
  • refactor: safer monitor scan result handling
  • refactor: safer regex during boot
  • refactor: safer sig swap
  • refactor: safer ticker stop
  • refactor: scan state private mutex
  • refactor: simplify scan job iteration

Tests

  • test: add exec test lint
  • test: add restore env check
  • test: fix mock cpanel filename typo
  • test: fix scan err pkg typo
  • test: improve exit code cases
  • test: bypass http test lint
  • test: bypass s3 test lint

CI

  • ci: add mimalloc build dockerfile
  • ci: harden and extend gh workflows for added sec and race checks

Build

  • build: harden dockerfile

Docs

  • docs: bump download release

Version 1.5.1 just got published. This release focuses on adding optimisations and extending concurrency safety as well as adding even more test coverage.

Automation workflows are now nearly doubled to include race condition detection and code security best practice checks.

A new "condemn" concept is introduced. An inflight file scan which reaches a detection threshold is immediately halted due to many detections.

Build componentry such as the docker file as well as various packages across the project have been hardened, in particular file system handling.

Further information is available at the GitHub release or project page.