Anti-virus

 Top  Previous  Next

On this page you can specify parameters that Dr.Web for UNIX Internet gateways uses for checking of Internet connections through the protected station.

Actions

Defines the list of file checking events and reactions of Dr.Web ICAPD on them. The term file means here any data transferred from client to server (for example, the HTTP POST request) or data received as a server answer (for example, stream of data returned on the HTTP GET request).

Dr.Web ICAPD can react to the following events:

Incurable— the Cure action failed for the detected threat

Suspicious—scanned file marked as suspicious

Infected—scanned file contains a known virus

Adware—scanned file contains an adware

Dialers—scanned file contains a dialer

Joke programs—scanned file contains a joke program

Riskware—scanned file contains a riskware

Hacktools—scanned file contains a hacktool

Action applied to unchecked archives—scanned file is an archive that cannot be checked (for example, protected by a password, with too big size after unpacking, etc.)

Action upon Dr.Web Daemon error—Dr.Web Daemon failed during checking a file

Skipped files—file skipped by Dr.Web Daemon because it cannot be check (password protected of corrupter archive, symbolic link, file of non-standard format and etc.)

Action upon license error—file cannot be checked due to license error on the station (for example, license expired).

For these events, the following actions are allowed:

Report—instead of the requested object, return to the user an HTML page containing notification about detected threat.

Move to quarantine—move malicious file to Quarantine and return to the user an HTML page containing notification about moving detected threat to Quarantine.

Truncate—return to the user the requested file with truncated contents.

Ignore—return to the user the requested file.

Cure—cure the detected threat and return to the user the cured file (if curing is impossible, apply action specified in the Incurable field).

info

The mentioned above actions are applied not to all of the mentioned events. For example, the Cure action can be applied only to event Infected.

Quarantine

Defines parameters of Quarantine which stores isolated malicious files on the protected station.

Quarantine directory—path to the Quarantine directory containing isolated files on the station.

Quarantined file permissions—access permissions mask for files moved to Quarantine. The mask is set in standard for UNIX three-number form.

Advanced

Defines advanced scan options.

Dr.Web Daemon addresses—list of local sockets on station used by Dr.Web ICAPD for connection with Dr.Web Daemon component for files check. At least one socket must be specified to check files. Addresses in the list are separated by commas.

Examples: inet:3000@localhost, local:%var_dir/.daemon, pid:/usr/local/drweb/run/drwebd.pid

If you use Dr.Web Daemon running on a remote (for protected station) machine, the Use local scan check box must be cleared. When a socket address or path to PID file of Dr.Web Daemon that performs the local scan is specified first in the list, local scanning will be forced to terminate if connection to this address cannot be established. If this list is empty, Dr.Web ICAPD operates without connection to Dr.Web Daemon and check on viruses is not performed.

Heuristic analysis—defines whether the heuristic analyzer is used for detecting unknown threats. Objects detected by the heuristic analyzer are treated by suspicious.

Use local scan—enables or disables the local scan mode. If the checkbox is set, Dr.Web Daemon scans files in the local mode; that is, only paths to the files are transmitted to the component. Otherwise, it receives the content of files for scanning. So, the local schedule can be used only if Dr.Web Daemon and Dr.Web ICAPD are operating on the same host.