Options for forcing OS X to update malware definitions
Apple's latest security update has OS X 10.6.7 or later automatically check for new malware definitions on a daily basis. Here is how to force that process to happen on demand.
Apple's latest security update implements new malware definitions for Apple's XProtect feature to notify users if they have downloaded or installed the latest malware scams that target OS X users. In addition to locating and removing these threats, Apple has implemented a method to keep the malware definitions updated on a daily basis so users do not have to keep installing security updates to address these threats. While users can wait a day to have the system update the malware definitions, there are a couple of other options people can do to force an update to the malware definitions.
Terminal commands
Apple's XProtect Updater tool is a command-line utility that generally is invoked and run in the background by the system launcher daemon "launchd." As a result, you can either run the updater program directly or tell launchd to run it, by entering either of the following two commands in the Terminal utility:
sudo /usr/libexec/XProtectUpdater
sudo launchctl start com.apple.xprotectupdaterIf you enjoy shell scripting or creating automator workflows, you can use these commands to have your scripts force the system to check for updates.
Toggle system preferences
The second option is to manually toggle the new "Automatically update safe downloads list" option in the Security system preferences that was implemented with the latest security update. When this option is enabled, the system will turn on automatic checking for definitions updates but will also perform the task once. This is perhaps the simplest option for people who might want to ensure their systems are up to date.
Once the updates are applied, you can check the version of the updates by either listing the file's modification dates or by reading the XProtect file's metadata version information, both of which can be done in the Terminal using the following commands:
defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta LastModification
defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta Version
Again these might be useful to use if you are creating an applescript, shell script, or an automator workflow that will tell you the version number of your current definitions, and then update them and inform you if a new version of the definitions have been installed.
Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.