Chapter 3. Dr.Web for UNIX File Servers

This Manual describes management aspects of Dr.Web for UNIX File Servers anti-virus software designed for GNU/Linux and FreeBSD. The manual is designed for a person responsible for anti-virus protection and security ("Administrator" hereinafter).

Dr.Web for UNIX File Servers is an anti-virus solution designed to protect file servers running under UNIX OSes (GNU/Linux and FreeBSD) from viruses and other types of malicious software, and to prevent distribution of the threats designed for all popular operating systems including mobile platforms.

Dr.Web for UNIX File Servers provides you with the following features:

1.Detection and neutralization of threats. Searches for malicious programs (for example, viruses, including those that infect mail files and boot records, Trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers).

Threat detection methods:

Signature analysis, which allows detection of known threats

Heuristic analysis, which allows detection of threats that are not present in virus databases

Dr.Web Cloud service that collects up-to-date information about recent threats and sends it to Dr.Web products.

Note that the heuristic analyzer may raise false positive detections. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you choose to quarantine such files and send them for analysis to Doctor Web anti-virus laboratory.

Scanning at user’s request can be performed in two modes: full scan (scan of all file system objects) and custom scan (scan of selected objects: directories or files that satisfy specified criteria). Moreover, the user can start a separate scan of volume boot records and executables that ran processes that are currently active. In the latter case, if a malicious executable is detected, it is neutralized and all processes run by this file are forced to terminate.

2.Monitoring access to files of

File system in the OS. Monitors file events and attempts to run executables. This feature allows to detect and neutralize malware at an attempt to infect the server’s file system.

Samba shared directories. Read and write operations of local and remote users of the file server are monitored. This feature allows to detect and neutralize malware at an attempt to save a malicious program to the file storage, which prevents its distribution over the network.

NSS (Novell Storage Services) volumes. Monitors write operations of the NSS file storage users. This feature allows to detect and neutralize malware at an attempt to save the malicious program to NSS storage, which prevents its distribution over the network.

info

Note that the function of file system monitoring is available only for the operating systems of the GNU/Linux family, and the function of Novell Storage Service volumes monitoring is available only for the Novell Open Enterprise Server SP2 based on the SUSE Linux Enterprise Server 10 SP3 or above. For other supported operating systems, the corresponding monitoring components are not included in the distribution.