drweb-ctl Commands

Commands to manage Dr.Web for Kerio Connect can be divided into the following groups:

commands to manage configuration,

commands to manage detected threats and the quarantine,

commands to manage updates,

information commands.

Commands to manage configuration

The following commands to manage configuration are available:

Command

Description

cfset <section>.<parameter> <value>

Function: Change the active value of the specified parameter in the current configuration.

Note that the equals sign is not allowed.

Arguments:

<section> is a name of the configuration file section with a configurable parameter. The argument is mandatory.

<parameter> is a name of the configurable parameter. The argument is mandatory.

<value> is a value that should be assigned to the configurable parameter. The argument is mandatory.

The following format is always used to specify parameter values: <section>.<parameter> <value>.

Options:

-a [--Add]—do not substitute the current parameter value but add the specified value to the list (allowed only for parameters that can have several values specified as a list). You should also use this option to add new groups of parameters with a tag.

-e [--Erase]—do not substitute the current parameter value but remove the specified value from its list (allowed only for parameters that can have several values, specified as a list).

-r [--Reset]—reset the parameter value to the default one. At that, <value> is not required in the command and it is ignored if specified.

The options are not mandatory. If they are not specified, the current parameter value (or the value list) is substituted with the specified value.

cfshow [<section>[.<parameter>]]

Function: Display parameters of the current Dr.Web for Kerio Connect configuration.

The following format is used to display default parameters: <section>.<parameter> = <value>. Sections and parameters of non-installed components are not displayed.

Arguments:

<section> is a name of the configuration file section which parameters are to be displayed. The argument is optional. If not specified, parameters of all configuration file sections are displayed.

<parameter> is a name of the displayed parameter. The argument is optional. If not specified, all parameters of the section are displayed. Otherwise, only this parameter is displayed. If a parameter is specified without the section name, all parameters with this name from all of the configuration file sections are displayed.

Options:

--Uncut—display all configuration parameters (not only those that are used by the currently installed set of components). Otherwise, only parameters used by the installed components are displayed.

--Changed—display only those parameters which values differ from the default ones.

--Ini—display parameter values in the ini file format (one file per line): at first, the section name is specified in square brackets, then, the section parameters listed as the <parameter> = <value> pairs.

--Value—display only value of the specified parameter (the <parameter> argument is mandatory in this case).

reload

Function: Restart the Dr.Web for Kerio Connect service components. At that, logs are opened again, the configuration file is reread, and the attempt to restart abnormally terminated components is performed.

Arguments: None.

Options: None.

Commands to manage detected threats and the quarantine

The following commands for managing threats and the quarantine are available:

Command

Description

threats [<action> <object>]

Function: Apply the specified action to detected threats, selected by their identifiers. Type of the action is specified by the command option.

If the action is not specified, display information on the detected but not neutralized threats. For each threat, the following information is displayed:

identifier assigned to the threat (an ordinal number);

full path to the infected file;

information about the threat (threat name and threat type according to the classification used by the Doctor Web company);

information about the file: size, the file owner, the time of the last modification;

history of operations applied to the threat: detection, actions applied, and so on.

Arguments: None.

Options:

--Directory <directory list>—display only threats detected in the files from the specified directory list.

-f [--Follow]—wait for new messages about threats and display the messages once they are received (CTRL+C interrupts the waiting).

--Format "<format string>"—display information on threats in the specified format.

warning_green

Each listed option will be ignored if it is specified together with on of the action options.

Action options

--Cure <threat list>—try to cure the listed threats.

--Delete <threat list>—delete the listed threats.

--Ignore <threat list>—ignore the listed threats.

--Quarantine <threat list>—move the listed threats to the quarantine.

The <threat list> parameter contains threat identifiers separated with commas.

If it is required to apply the command to all detected threats, specify All instead of <threat list>. For example, to move all detected threats to the quarantine, use the command

$ drweb-ctl threats --Quarantine All

quarantine [<action> <object>]

Function: Apply an action to the specified quarantined object.

If an action is not specified, information on quarantined objects and their identifiers together with brief information on the original files moved to quarantine is displayed. The optional --Format option determines the format of the displayed information on isolated objects. If the --Format option is not specified, the following information is displayed for each isolated file:

identifier assigned to the quarantined object;

original path to the file moved to the quarantine;

date when the file was moved to the quarantine;

information about the file: size, the file owner, the time of the last modification;

information about the threat (threat name and threat type according to the classification used by the Doctor Web company).

Arguments: None.

Options:

-a [--Autonomous]—start a separate scanner copy to perform the specified action with the quarantine and shut down the scanner copy after the action is performed. This option can be applied along with any options mentioned below.

--Format "<format string>"—display information on the quarantined objects in the specified format.

-f [--Follow]—wait for new messages about threats and display the messages once they are received (CTRL+C interrupts the waiting).

warning_green

If the --Format or -f [--Follow] option is applied along with any action options mentioned below, it is ignored.

--Delete <object>—delete the specified object from the quarantine.

warning_green

Note that objects are deleted from the quarantine permanently—this action is irreversible.

--Cure <object>—try to cure the specified object in the quarantine.

warning_green

If the object is successfully cured, it will remain in the quarantine. To restore the cured object from the quarantine, use the --Restore option.

--Restore <object>—restore the specified object from the quarantine to the original location.

warning_green

You can restore the file from the quarantine even if it is infected.

--TargetPath <path>—restore an object from the quarantine to the specified directory

as a file with the original name if the <path> parameter contains only a directory;

as a file with a new name if the <path> parameter contains not only a directory, but also a name under which the file is restored.

warning_green

Note that this option can be used only with the --Restore option.

As the <object> parameter, the quarantine object identifier is used. To apply this command to all quarantined objects, specify All instead of <object>. For example, to restore all objects from the quarantine, use the command

$ drweb-ctl quarantine --Restore All

warning_green

If the additional option --TargetPath is specified for the --Restore All variant, the option must set a path to a directory, not a path to a file.

Formatted output for the threats and quarantine commands

The output format is defined by the format string, specified as an argument of the optional option --Format. The format string must be specified in quotes. The format string can include common symbols (displayed “as is”) as well as special markers that are changed for certain information during output.

The following markers are available:

common for the threats and quarantine commands:

Marker

Description

%{n}

New string

%{t}

Tabulation

%{threat_name}

The name of a detected threat (virus) according to the classification used by the Doctor Web company

%{threat_type}

Threat type («known virus», and so on) according to the classification used by the Doctor Web company

%{size}

Original file size

%{origin}

The full name of the original file with the path to its location

%{path}

Synonym for %{origin}

%{ctime}

Date/time when the original file was modified in the following format: %Y-%b-%d %H:% M:%S (for example, 2018-Jul-20 15:58:01)

%{timestamp}

Similar to %{ctime}, but in the UNIX timestamp format

%{owner}

Username of the original file owner

%{rowner}

The remote user, an owner of the original file. If the marker cannot be applied or the value is unknown, it is replaced with the “?” symbol.

specific for the threats command:

Marker

Description

%{hid}

The identifier of a threat record in the history of events related to a threat

%{tid}

The threat identifier

%{htime}

Date/time of the event related to a threat

%{app}

The identifier of the component which processed a threat

%{event}

The latest event related to a threat:

FOUND—a threat was detected;

Cure—a threat was cured;

Quarantine—a file with a threat was moved to quarantine;

Delete—a file with a threat was deleted;

Ignore—a threat was ignored;

RECAPTURED—a threat was detected again by another component.

%{err}

Error message text. If there is no error, the marker is replaced with an empty string.

specific for the quarantine command:

Marker

Description

%{qid}

The identifier of a quarantined object

%{qtime}

Date/time of moving an object to the quarantine

%{curetime}

Date/time of an attempt to cure the quarantined object. If the marker cannot be applied or the value is unknown, it is replaced with the “?” symbol.

%{cureres}

The result of curing a quarantined object

cured—a threat is cured;

not cured—a threat was not cured or there was no attempt to cure it.

Commands to manage updates

The is one command to manage updates

Command

Description

update

Function: Instruct Dr.Web Updater to download and install updates of virus databases and scan engine from Doctor Web update servers or terminate a running update process.

Arguments: None.

Options:

--Stop—terminate the running updating process.

Information commands

The following information commands are available:

Command

Description

appinfo

Function: Display information on active Dr.Web for Kerio Connect modules.

The following information is displayed for every module:

internal name;

GNU/Linux process identifier (PID);

state (running, stopped, and so on);

error code, if the component operation has been terminated because of an error;

additional information (optionally).

For the configuration daemon (drweb-configd), the following additional information is displayed:

the list of installed components (Installed);

the list of components that must be launched by the configuration daemon (Should run).

Arguments: None.

Options:

-f [--Follow]—wait for new messages on module status change and display the messages once they are received (CTRL+C interrupts the waiting).

baseinfo

Function: Display information on the current version of the scan engine and of virus databases status.

The following information is displayed:

scan engine version,

date and time when the current virus databases were issued,

number of available virus records,

time of the last successful update of the virus databases and the scan engine,

time of the next scheduled automatic update.

Arguments: None.

Options:

-l [--List]—display the full list of downloaded files of virus databases and the virus records number in each file.

license

Function: Display information about the current license, or get a demo license or a key file for the license that has already been registered (for example, that has been registered on the Doctor Web website).

If no option is specified, the following information is displayed in the standalone mode:

license number,

license expiration date and time.

If you are using a license provided to you by the central protection server (for the use of the product in the central protection mode or in the mobile mode), the following information will be displayed:

Arguments: None.

Options:

--GetDemo—request a demo key file that is valid for one month, and receive this key, if the conditions for the provision of a demo period have not been breached.

--GetRegistered <serial number>—get a license key file for the specified serial number, if the conditions for the provision of a new key file have not been breached (for example, when the program does not function in the central protection mode while the license is managed by the central protection server).

warning_green

If the serial number is not the one provided for the demo period, you must first register it on the Doctor Web website.

To register a serial number or request a demo period, the Internet connection is required.

For more information about the licensing of Doctor Web products, refer to the Licensing section.