Anti-virus |
On this page you can specify parameters that Dr.Web for UNIX Internet gateways uses for checking of Internet connections through the protected station. Actions Defines the list of file checking events and reactions of Dr.Web ICAPD on them. The term file means here any data transferred from client to server (for example, the HTTP POST request) or data received as a server answer (for example, stream of data returned on the HTTP GET request). Dr.Web ICAPD can react to the following events: •— the action failed for the detected threat •—scanned file marked as suspicious •—scanned file contains a known virus •—scanned file contains an adware •—scanned file contains a dialer •—scanned file contains a joke program •—scanned file contains a riskware •—scanned file contains a hacktool •—scanned file is an archive that cannot be checked (for example, protected by a password, with too big size after unpacking, etc.) •—Dr.Web Daemon failed during checking a file •—file skipped by Dr.Web Daemon because it cannot be check (password protected of corrupter archive, symbolic link, file of non-standard format and etc.) •—file cannot be checked due to license error on the station (for example, license expired). For these events, the following actions are allowed: • of the requested object, return to the user an HTML page containing notification about detected threat. •—move malicious file to Quarantine and return to the user an HTML page containing notification about moving detected threat to Quarantine. •—return to the user the requested file with truncated contents. •—return to the user the requested file. •—cure the detected threat and return to the user the cured file (if curing is impossible, apply action specified in the field).
Quarantine Defines parameters of Quarantine which stores isolated malicious files on the protected station. •—path to the Quarantine directory containing isolated files on the station. •—access permissions mask for files moved to Quarantine. The mask is set in standard for UNIX three-number form. Advanced Defines advanced scan options. •—list of local sockets on station used by Dr.Web ICAPD for connection with Dr.Web Daemon component for files check. At least one socket must be specified to check files. Addresses in the list are separated by commas. Examples: inet:3000@localhost, local:%var_dir/.daemon, pid:/usr/local/drweb/run/drwebd.pid If you use Dr.Web Daemon running on a remote (for protected station) machine, the check box must be cleared. When a socket address or path to PID file of Dr.Web Daemon that performs the local scan is specified first in the list, local scanning will be forced to terminate if connection to this address cannot be established. If this list is empty, Dr.Web ICAPD operates without connection to Dr.Web Daemon and check on viruses is not performed. •—defines whether the heuristic analyzer is used for detecting unknown threats. Objects detected by the heuristic analyzer are treated by suspicious. •—enables or disables the local scan mode. If the checkbox is set, Dr.Web Daemon scans files in the local mode; that is, only paths to the files are transmitted to the component. Otherwise, it receives the content of files for scanning. So, the local schedule can be used only if Dr.Web Daemon and Dr.Web ICAPD are operating on the same host. |