Malware Detection

You can scan your container images for the presence of malware or any malicious files.

Malware detection ensures that malicious container images are not deployed into the production environment. This prevents potential breaches, data theft, or unauthorized access that could result from running malicious containers.

To enable malware detection, you need to use the --perform-malware-detection parameter while installing the sensor.

For efficient malware scanning, it is recommended to allocate 1 CPU core for the sensor. For instance:

- When using the InstallSensor.sh script, by default 20% of the host's CPUs are utilized by the sensor container. If the host has 8 CPU cores, the total CPU limit applied to the sensor container would be 0.2 * 8 = 1.6 CPU cores.

- When using dockerrun, by default all CPUs of the host are fully utilized for the sensor container.

- In Kubernetes, to allocate 1 CPU core for the sensor container, regardless of the number of cores available on the host system, set the CPU limit value to 1.

Example:

resources:

    limits:

         cpu: "1"

 

Note: Malware detection is supported only on:

- Sensors: Registry sensor (x86_64 architecture only)

- OS: Linux

- Runtimes: Docker, Containerd, and CRI-O

For more information about malware detection, see Container Security Online Help > Malware Scans.

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.