The drwcsd.conf Dr.Web Server configuration file resides by default in the etc subfolder of the Dr.Web Server installation folder. If Dr.Web Server is run with a command line parameter, a non-standard location and name of the configuration file can be set (for more read Appendix H3. Dr.Web Server).
To manage Dr.Web Server configuration file manually, do the following:
1.Stop Dr.Web Server (see Administrator Manual, p. Start and Stop Dr.Web Server).
2.Disable self-protection (in case of installed Agent with the active self-protection—in the Agent context menu).
3.Manage the Dr.Web Server configuration file.
4.Start Dr.Web Server (see Administrator Manual, p. Start and Stop Dr.Web Server).
Dr.Web Server Configuration File Format
Dr.Web Server configuration file is in XML format.
Description of Dr.Web Server configuration file parameters:
•<version value="" />
Current version of the configuration file.
•<name value="" />
Name of Dr.Web Server or a cluster of Dr.Web Servers, which is used when it is searched by Agent, Agent installers and Control Center. Leave the value blank ("" is used by default), to use the name of a computer where Dr.Web Server software is installed.
•<id value="" />
The Dr.Web Server unique identifier. In the previous versions was placed in the Dr.Web Server license key. Starting from version 10, it is stored in the Dr.Web Server configuration file.
A cryptographic salt. A string of random data that is added to administrator password. The combined value is hashed by a hash function and stored as a single hash in the database to protect the password from brute force cracking. The salt is generated by default after installation or upgrade of Dr.Web Server from previous versions. An empty value prescribes not to use the password encryption (not recommended).
|
Viewing or changing the administrator password using the provided database management utility (drwidbsh3) is impossible when the salt is present. |
|
When using a Dr.Web Server cluster, make sure to manually set the same salt value on every Dr.Web Server included in the cluster. |
•<location city="" country="" department="" floor="" latitude="" longitude="" organization="" province="" room="" street="" />
The Dr.Web Server geographic location.
Attributes description:
Attribute |
Description |
|---|---|
city |
City |
country |
Country |
department |
Department name |
floor |
Floor |
latitude |
Latitude |
longitude |
Longitude |
organization |
Organization name |
province |
Province name |
room |
Room number |
street |
Street name |
•<threads count="" />
The threads number processing data from the Agents. Minimal value is 5. Default is 5. This parameter affects the Dr.Web Server performance. Change the default setting on advice of the technical support only.
•<newbie approve-to-group="" default-rate="" mode="" />
Access mode for new stations.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
approve-to-group |
- |
The group which is set as a primary by default for new stations for the Allow access automatically mode (mode='open'). |
Empty value, which means assign the Everyone group as a primary. |
mode |
•open—allow access automatically, •closed—always deny access, •approval—approve access manually. |
New stations approval policy. |
- |
For more details see Administrator Manual, p. New Stations Approval Policy.
•<emplace-auto enabled="" />
Mode of creating station accounts in the Control Center when installing Agents via the group installation package, if accounts already created are not enough.
Attribute |
Allowed values |
Default |
|---|---|---|
enabled |
•yes—automatically create missing station accounts, •no—installation is possible only according to already created accounts in the group, installation package for stations of which is launched. |
yes |
•<unauthorized-to-newbie enabled="" />
Policy of actions on unauthorized stations. Allowed values of enabled:
▫yes—stations authorization of which is failed (e.g., if the database is corrupted), will be automatically reset to newbies,
▫no (default)—normal operation mode.
•<maximum-authorization-queue size="" />
Maximal number of stations in the queue for authorization on Dr.Web Server. Change the default setting on advice of the technical support only.
•<reverse-resolve enabled="" />
Replace IP address with DNS names in Dr.Web Server log file. Allowed values of enabled:
▫yes—show DNS names.
▫no (Default)—show IP addresses.
•<replace-netbios-names enabled="" host="" />
Replace NetBIOS names of computers with DNS names.
Description of attributes:
Attribute |
Allowed values |
Description |
|---|---|---|
enabled |
•yes—replace, •no—do not replace. The <agent-host-names /> parameter will be used instead. |
NetBIOS name replacement mode. |
host |
•yes—display partially qualified DNS names (before the dot in FQDN), •no—display fully qualified DNS names (FQDN). |
Displayed name format after replacement. |
•<agent-host-names mode="" />
Displaying mode for computer names in anti-virus network when accessing Dr.Web Server. Allowed values of mode:
▫netbios—display NetBIOS names (used by default if the attribute is empty or the parameter is missing completely),
▫fqdn—display fully qualified DNS names (FQDN),
▫host—display partially qualified DNS names (before the dot in FQDN).
•<dns>
DNS settings.
<timeout value="" />
Timeout in seconds for resolving DNS direct/reverse queries. Leave the value blank to disable restriction on wait time until the end of the resolution
<retry value="" />
Maximum number of repeated DNS queries on fail while resolving the DNS query.
<cache enabled="" negative-ttl="" positive-ttl="" />
Time for storing responses from DNS server in the cache.
Attributes description:
Attribute |
Allowed values |
Description |
|---|---|---|
enabled |
•yes—store responses in the cache, •no—do not store responses in the cache. |
Mode of storing responses in the cache. |
negative-ttl |
- |
Storage time in the cache (TTL) of negative responses from the DNS server in minutes. |
positive-ttl |
- |
Storage time in the cache (TTL) of positive responses from the DNS server in minutes. |
<servers>
List of DNS servers, which replaces default system list. Contains one or several <server address="" /> child elements, the address parameter of which defines IP address of the server.
<domains>
List of DNS domains, which replaces default system list. Contains one or several <domain name="" /> child elements, the name parameter of which defines the domain name.
•<cache>
Caching settings.
The <cache> element contains the following child elements:
▫<interval value="" />
Period of full cache flush in seconds.
▫<quarantine ttl="" />
Cleanup interval of the Dr.Web Server quarantined files in seconds. Default is 604800 (one week).
▫<download ttl="" />
Cleanup interval of personal installation packages. Default is 604800 (one week).
▫<repository ttl="" />
Cleanup interval of files in the Dr.Web Server repository in seconds.
▫<file ttl="" />
Cleanup interval of file cache in seconds. Default is 604800 (one week).
•<replace-station-description enabled="" />
Synchronize stations descriptions on Dr.Web Server with the Computer description field at the System properties page on the station. Allowed values of enabled:
▫yes—replace description on Dr.Web Server with description on the station.
▫no (default)—ignore description on station.
•<time-discrepancy value="" />
Allowed difference between system time at Dr.Web Server and Dr.Web Agents in minutes. If the difference is larger than specified value, it will be noted in the status of the station at Dr.Web Server. 3 minutes are allowed by default. The empty value or the 0 value means that checking is disabled.
•<encryption mode="" />
Traffic encryption mode. Allowed values of mode:
▫yes—use encryption,
▫no—do not use encryption,
▫possible—encryption is allowed.
Default is yes.
For more details see Administrator Manual, p. Traffic Encryption and Compression.
•<compression level="" mode="" />
Traffic compression mode.
Attributes description:
Attribute |
Allowed values |
Description |
|---|---|---|
level |
Integer from 1 to 9. |
Compression level. |
mode |
•yes—use compression, •no—do not use compression, •possible—compression is allowed. |
Compression mode. |
For more details see Administrator Manual, p. Traffic Encryption and Compression.
•<track-agent-jobs enabled="" />
Allow monitoring ans storing into the Dr.Web Server database the results of tasks execution on workstations. Allowed values of enabled: yes or no.
•<track-agent-status enabled="" />
Allow monitoring of changes in the station states ans storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<track-virus-bases enabled="" />
Allow monitoring of changes in the state (compound, changes) of virus bases on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no. Parameter is ignored for <track-agent-status enabled="no" />.
•<track-agent-modules enabled="" />
Allow monitoring of modules versions on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<track-agent-components enabled="" />
Allow monitoring of the list of installed components on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<track-agent-userlogon enabled="" />
Allow monitoring of user sessions on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<track-agent-environment enabled="" />
Allow monitoring of compound of hardware and software on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-run-information enabled="" />
Allow monitoring of information on start and stop of anti-virus components operating on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-infection enabled="" />
Allow monitoring of threat detection on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-scan-errors enabled="" />
Allow monitoring of scan errors on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-scan-statistics enabled="" />
Allow monitoring of scan statistics on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-installation enabled="" />
Allow monitoring of information on Agent installations on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-blocked-devices enabled="" />
Allow monitoring of information on devices blocked by the Office Control component and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-appcontrol-activity enabled="" />
Allow monitoring of processes activity at stations detected by Application Control (for filling Applications catalog) and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<keep-appcontrol-block enabled="" />
Allow monitoring the blocking of the processes at stations by Application Control and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<quarantine enabled="" />
Allow monitoring of information on the Quarantine state on stations and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<update-bandwidth queue-size="" value="" />
Maximal network traffic bandwidth in KB/sec. for transmitting updates from Dr.Web Server to Agents.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
queue-size |
•positive integer, •unlimited. |
Maximum allowable number of updates distribution sessions running at the same time from Dr.Web Server. When the limit is reached, the Agent requests are placed into the waiting queue. The waiting queue size is unlimited. |
unlimited |
value |
•maximal speed in KB/sec, •unlimited. |
Maximal summary speed for updates transmission. |
unlimited |
•<install-bandwidth queue-size="" value="" />
Maximal network traffic bandwidth in KB/sec. for transmitting data during Dr.Web Agent installation on stations.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
queue-size |
•positive integer, •unlimited. |
Maximum allowable number of the Agent installation sessions running at the same time from Dr.Web Server. When the limit is reached, the Agent requests are placed into the waiting queue. The waiting queue size is unlimited. |
unlimited |
value |
•maximal speed in KB/sec, •unlimited. |
Maximal summary speed for transmitting data during Agent installations. |
unlimited |
•<geolocation enabled="" startup-sync="" />
Enable synchronization of stations geolocation between Dr.Web Servers.
Attributes description:
Attribute |
Allowed values |
Description |
|---|---|---|
enabled |
•yes—allow synchronization, •no—disable synchronization. |
Synchronization mode. |
startup-sync |
Positive integer. |
Number of stations without geographical coordinates, information on which is requested when establishing a connection between Dr.Web Servers. |
•<audit enabled="" />
Allow monitoring of administrator operations in Dr.Web Security Control Center and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<audit-internals enabled="" />
Allow monitoring of internal operations in Dr.Web Server and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<audit-xml-api enabled="" />
Allow monitoring of operations via Web API in Dr.Web Server and storing the information into the Dr.Web Server database. Allowed values of enabled: yes or no.
•<proxy auth-list="" enabled="" host="" password="" user="" />
Parameters of connections to Dr.Web Server via HTTP proxy server.
Attributes description:
Attribute |
Allowed values |
Description |
|---|---|---|
auth-list |
•none—do not use authorization, •any—any supported method, •safe—any safe supported method, •the following methods, if several, set all necessary methods separated by a space: ▫basic ▫digest ▫digestie ▫ntlmwb ▫ntlm ▫negotiate |
Proxy server authorization type. Default is 'any'. |
enabled |
•yes—use proxy server, •no—do not use proxy server. |
Mode of connections to Dr.Web Server via HTTP proxy server. |
host |
- |
Proxy server address. |
password |
- |
Password of proxy server user if proxy server requires authorization. |
user |
- |
Name of proxy server user if proxy server requires authorization. |
|
When setting the list of allowed authorization methods for a proxy server, you can use the only mark (add it to the end of the list with a space) to change the algorithm of authorization method selecting. For more details, see https://curl.se/libcurl/c/CURLOPT_HTTPAUTH.html. |
•<statistics enabled="" id="" interval="" />
Parameters of sending of the statistics on virus events to the Doctor Web company to the https://stat.drweb.com/ section.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—send statistics, •no—do not send statistics. |
Mode of statistics sending to the Doctor Web company. |
- |
id |
- |
MD5 of the Agent license key. |
- |
interval |
Positive integer. |
Interval of statistics sending in minutes. |
30 |
•<cluster>
Parameters of Dr.Web Servers cluster for data exchange in multiserver anti-virus network configuration.
Contains one or several <on multicast-group="" port="" interface="" /> child elements.
Attributes description:
Attribute |
Description |
|---|---|
multicast-group |
IP address of multicast group through which Dr.Web Servers will be exchanging information. |
port |
Port number of network interface to which transport protocol is bound to transmit the information into multicast group. |
interface |
IP address of network interface to which transport protocol is bound to transmit the information into multicast group. |
•<multicast-updates enabled="" />
Allows to configure update transmission to workstations via multicast protocol. Allowed values of enabled: yes or no.
<multicast-updates> contains multiple child elements and attributes:
Child element |
Attribute |
Description |
Default |
|---|---|---|---|
port <port value="" /> |
value |
The Dr.Web Server's network interface port number that is used by transport multicast protocol to transmit the updates. This port is used by all multicast groups. For multicast updates, you must specify any unused port that will be different from the one specified in the Dr.Web Server's transport protocol settings. |
2197 |
ttl <ttl value="" /> |
value |
Time-to-live of transferred UDP-datagram. This value will be used by all multicast groups. |
8 |
group <group address="" /> |
address |
IP address of a multicast group the stations will receive multicast updates from. |
233.192.86.0 for IPv4 FF0E::176 for IPv6 |
on <on interface="" ttl="" /> |
interface |
IP address of Dr.Web Server network interface that transport multicast protocol is bound to for updates transmission. |
– |
ttl |
Time-to-live of a UDP-datagram transferred through specified network interface. Has a higher priority than the general <ttl value="" /> child element. |
8 |
|
transfer <transfer datagram-size="" assembly-timeout="" updates-interval="" chunks-interval="" resend-interval="" silence-interval="" accumulate-interval="" announce-send-times="" /> |
datagram-size |
UDP datagram size (bytes)—size of UDP datagrams in bytes. Allowed range is 512–8192. To avoid fragmentation, it is recommended that you set a value less than MTU (Maximum Transmission Unit) of the network. |
1400 |
assembly-timeout |
File transmission time (ms.)—during the specified time, single update file is transmitted, after that Dr.Web Server starts sending the next file. All files, which failed to transmit as a part of multicast protocol update, will be transmitted as a part of standard update process over the TCP protocol. |
180000 |
|
updates-interval |
Duration of multicast updates (ms.)—duration of update process via multicast protocol. All files that failed to transmit at the stage of updating via multicast protocol will be transmitted as a part of the standard update via TCP protocol. |
600000 |
|
chunks-interval |
Package transmission interval (ms.)—interval of package transmission to a multicast group. The low interval value may cause significant losses during package transfer and overload the network. It is not recommended to change this parameter. |
14 |
|
resend-interval |
Interval between requests for retransmission (ms.)—at this interval Agents send out requests for retransmission of lost packages. Dr.Web Server accumulates these requests and sends out any lost blocks afterwards. |
1000 |
|
silence-interval |
“Silence” interval on the line (ms.)—whenever a file transmission is over before the allowed time has expired and if during a specified “silence” interval no requests for retransmission of lost packages are received from Agents, Dr.Web Server assumes that all Agents successfully received update files and initiates transmission of the next file. |
10000 |
|
accumulate-interval |
Retransmission request accumulation interval (ms.)—during the specified interval, Dr.Web Server accumulates requests from Agents for retransmission of lost packages. Agents request for lost packages. Dr.Web Server accumulates these requests throughout the specified time and sends out any lost blocks afterwards. |
2000 |
|
announce-send-times |
Number of file transmission announcements—A number of times Dr.Web Server announces a file transmission to a multicast group before the update transmission starts. The announcement means a UDP-datagram with file metadata, which is sent to a multicast group. Increasing the number of announcements can potentially improve transmission reliability, but at the same time can lead to decreased amount of data that can be transmitted over the multicast protocol for the time allowed. |
3 |
Optionally, <multicast-updates> can also contain the <acl> child element, which is used to create ACL lists. This allows restricting a scope of workstation TCP addresses that are authorized to receive multicast updates over multicast protocol from the current Dr.Web Server. <acl> is not present initially, which means no restrictions are applied by default.
<acl> includes the following child elements:
▫<priority mode="" />
Sets the list priority. Allowed values of mode: allow or deny. For the <priority mode="deny" /> value, the <deny> list has a higher priority than the <allow> list. Addresses not included in any of the lists or included into both of them are denied. Allowed are only the addresses included in the <allow> list and not included in the <deny> list.
▫<allow>
A list of TCP addresses, which are allowed to receive updates over the multicast protocol. The <allow> element contains one or several <ip address="" /> child elements to specify allowed addresses in the IPv4 format and <ip6 address="" /> to specify allowed addresses in the IPv6 format. The address attribute defines network addresses in the following format: <IP address>/[<prefix>].
▫<deny>
The list of TCP addresses, which are not allowed to receive updates over the multicast protocol. The <deny> element contains one or several <ip address="" /> child elements to specify denied addresses in the IPv4 format and <ip6 address="" /> to specify denied addresses in the IPv6 format. The address attribute defines network addresses in the following format: <IP address>/[<prefix>].
•<database connections="" />
Database definition.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
connections |
Positive integer. |
Maximal number of connections of Dr.Web Server with database. It is recommended to change default value only after consultation with the technical support. |
2 |
speedup |
yes | no |
Automatically perform the delayed purging of the database after its initialization, upgrade and import (see Administrator Manual, p. Database). |
yes |
The <database /> element contains on of the following child elements:
|
The <database /> element can contain only one child element defining specific database.
Database attributes that may present in the configuration file template but not described are not recommended to change without the consent of the technical support service of Doctor Web company. |
•<sqlite dbfile="" cache="" cachesize="" readuncommitted="" precompiledcache="" synchronous="" openmutex="" checkintegrity="" autorepair="" mmapsize="" wal="" wal-max-pages="" wal-max-seconds="" />
Defines SQLite3 embedded database.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dbfile |
|
Database name. |
database.sqlite |
cache |
SHARED | PRIVATE |
Caching mode. |
SHARED |
cachesize |
Positive integer. |
Database cache size (in 1.5Kb pages). |
2048 |
precompiledcache |
Positive integer. |
Cache size of precompiled sql operators (in bytes). |
1048576 |
synchronous |
•TRUE or FULL—synchronous •FALSE or NORMAL—regular •OFF—asynchronous |
Data write mode. |
FULL |
checkintegrity |
quick | full | no |
Verify integrity of database image at Dr.Web Server startup. |
quick |
autorepair |
yes | no |
Automatically restore corrupted database image at Dr.Web Server startup. |
no |
mmapsize |
Positive integer. |
Maximum number of bytes of the database file that is allowed to be mapped into the process address space at one time. |
•for UNIX—10485760 •for Windows—0 |
wal |
yes | no |
Use Write-Ahead Logging. |
yes |
wal-max-pages |
|
Maximal number of “dirty” pages on reaching of which pages will been written on the disk. |
1000 |
wal-max-seconds |
|
Maximal time to delay writing the pages on the disk (in seconds). |
30 |
•<pgsql dbname="drwcs" host="localhost" port="5432" options="" requiressl="" user="" password="" temp_tablespaces="" default_transaction_isolation="" debugproto ="yes" />
Defines PostgreSQL external database.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dbname |
|
Database file name. |
|
host |
|
PostgreSQL server host or path to UNIX domain socket. |
|
port |
|
PostgreSQL server port or extension of UNIX domain socket file. |
|
options |
|
Command line parameters to send to a database server. For more details, see chapter 18 at https://www.postgresql.org/docs/9.1/libpq-connect.html |
|
requiressl |
•1 | 0 (via Control Center) •y | n •yes | no •on | off |
Allow SSL connections only. |
•0 •y •yes •on |
user |
|
Database user name. |
|
password |
|
Database user password. |
|
temp_tablespaces |
|
Namespace for temporary tables. |
|
default_transaction_isolation |
•read uncommitted •read committed •repeatable read •serializable |
Transaction isolation level. |
read committed |
•<oracle connectionstring="" user="" password="" client="" prefetch-rows="0" prefetch-mem="0" />
Defines Oracle external database.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
connectionstring |
|
String with Oracle SQL Connect URL or Oracle Net keyword-value pairs. |
|
user |
|
Registration name of database user. |
|
password |
|
Database user password. |
|
client |
|
Path to the Oracle Instant Client for the access to the Oracle DB. Dr.Web Server is supplied with the Oracle Instant Client of 11 version. But, for later Oracle Servers or if the Oracle driver contains errors, you can download corresponding driver from the Oracle site and set the path to the driver in this field. |
|
prefetch-rows |
0-65535 |
Number of rows to be prefetched when executing a query to the database. |
0—use the value = 1 (database default) |
prefetch-mem |
0-65535 |
Memory allocated for rows to be prefetched when executing a query to the database. |
0—unlimited |
•<odbc dsn="drwcs" user="" pass="" transaction="DEFAULT" />
Defines connection to an external database via ODBC.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dsn |
|
ODBC data source name. |
drwcs |
user |
|
Registration name of database user. |
drwcs |
pass |
|
Database user password. |
drwcs |
limit |
Positive integer. |
Reconnect to the DBMS after specified number of transaction. |
0—do not reconnect |
transaction |
•SERIALIZABLE—serializable •READ_UNCOMMITTED—read uncommitted data •READ_COMMITTED—read committed data •REPEATABLE_READ—repeatable read •DEFAULT—equal ""—depends on DBMS. |
Transaction isolation level. Some DBMS support READ_COMMITTED only. |
DEFAULT |
•<mysql dbname="drwcs" host="localhost" port="3306" user="" password="" ssl="no" debug="no" />
Defines MySQL/MariaDB external database.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dbname |
|
Database name. |
drwcs |
host |
Either of the two. |
Database server address for TCP/IP connections. |
localhost |
Path to UNIX socket file when using UDS. If not set, Dr.Web Server tries to locate the file in one of standard mysqld directories. |
/var/run/mysqld/ |
||
port |
Either of the two. |
Port number to connect to the database via TCP/IP. |
3306 |
UNIX socket file name when using UDS. |
mysqld.sock |
||
user |
|
Registration name of database user. |
"" |
password |
|
Database user password. |
"" |
ssl |
yes | any other string |
Allow SSL connections only. |
no |
precompiledcache |
Positive integer. |
Cache size of precompiled sql operators (in bytes). |
1048576 |
•<acl>
Access control lists. Allows to configure restrictions for network addresses from which Agents, network installers and other (neighboring) Dr.Web Servers will be able to access Dr.Web Server.
The <acl> element contains the following child elements into which limitations for corresponding connection types are configured:
▫<install>—the list of limitations on IP addresses from which Dr.Web Agents installers can connect to this Dr.Web Server.
▫<agent>—the list of limitations on IP addresses from which Dr.Web Agents can connect to this Dr.Web Server.
▫<links>—the list of limitations on IP addresses from which neighbor Dr.Web Servers can connect to this Dr.Web Server.
▫<discovery>—the list of limitations on IP addresses from which broadcast queries can be received by the Dr.Web Server Detection Service.
All child elements contain the same structure of nested elements that defines the following limitations:
▫<priority mode="" />
Lists priority. Allowed values of mode: allow or deny. For the <priority mode="deny" /> value, the <deny> list has a higher priority than the <allow> list. Addresses not included in any of the lists or included into both of them are denied. Allowed only addresses that are included in the <allow> list and not included in the <deny> list.
▫<allow>
The list of TCP addresses from which the access is allowed. The <allow /> element contains one or several <ip address="" /> child elements to specify allowed addresses in the IPv4 format and <ip6 address="" /> to specify allowed addresses in the IPv6 format. The attribute address defines network addresses in the following format: <IP address>/[<prefix>].
▫<deny>
The list of TCP addresses from which the access is denied. The <deny /> element contains one or several <ip address="" /> child elements to specify denied addresses in the IPv4 format and <ip6 address="" /> to specify denied addresses in the IPv6 format. The attribute address defines network addresses in the following format: <IP address>/[<prefix>].
•<scripts profile="" stack="" trace="" />
Scripts profiling parameters configuration.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
profile |
•yes, •no. |
Log information on the Dr.Web Server scripts execution profiling. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. |
no |
stack |
Log information on Dr.Web Server scripts execution from a call stack. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. |
||
trace |
Log information on Dr.Web Server scripts execution tracing. This parameter is used by technical support and developers. It is not recommended to change this parameter without need. |
•<lua-module-path>
Lua interpreter paths.
|
The paths order is important. |
The <lua-module-path> element contains the following child elements:
▫<cpath root="" />—path to the binary modules folder. Allowed values of root: home (default), var, bin, lib.
▫<path value="" />—path to the scripts folder. If it is not a child of the <jobs> or <hooks> elements, then it is used by both. Paths specified in the value attribute, are relative from paths in the root attribute of the <cpath> element.
▫<jobs>—paths for tasks from the Dr.Web Server schedule.
The <jobs> element contains one or several <path value="" /> child elements to specify the path to the scrips folder.
▫<hooks>—paths for the user hooks of Dr.Web Server.
The <hooks> element contains one or several <path value="" /> child elements to specify the path to the scrips folder.
•<transports>
Configuration of transport protocols parameters used by Dr.Web Server to connect with clients. Contains one or several <transport discovery="" ip="" name="" multicast="" multicast-group="" port="" /> child elements.
Attributes description:
Attribute |
Description |
Obligatory |
Allowed values |
Default |
|---|---|---|---|---|
discovery |
Defines whether the Dr.Web Server detection service is used or not. |
no, specified with the ip attribute only. |
yes, no |
no |
•ip •unix |
Defines the family of used protocols and specifies the interface address. |
yes |
- |
•0.0.0.0 •- |
name |
Specifies the Dr.Web Server name for the Dr.Web Server detection service. |
no |
- |
drwcs |
multicast |
Defines whether Dr.Web Server included into a multicast group or not. |
no, specified with the ip attribute only. |
yes, no |
no |
multicast-group |
Specifies the address of the multicast group into which Dr.Web Server is included. |
no, specified with the ip attribute only. |
- |
•231.0.0.1 •[ff18::231.0.0.1] |
port |
Port to listen. |
no, specified with the ip attribute only. |
- |
2193 |
•<protocols>
The list of disabled protocols. Contains one or several <protocol enabled="" name="" /> child elements.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—protocol is enabled, •no—protocol is disabled. |
Protocol usage mode. |
no |
name |
•AGENT—protocol that allows interaction of Dr.Web Server with Dr.Web Agents. •MSNAPSHV—protocol that allows interaction of Dr.Web Server with the Microsoft NAP Validator component of system health validating. •INSTALL—protocol that allows interaction of Dr.Web Server with Dr.Web Agent installers. •CLUSTER—protocol for interaction between Dr.Web Servers in the cluster system. •SERVER—protocol that allows interaction of Dr.Web Server with other Dr.Web Servers. |
Protocol name. |
- |
•<plugins>
The list of disabled extensions. Contains one or several <plugin enabled="" name="" /> child elements.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—extension is enabled, •no—extension is disabled. |
Extension usage mode. |
no |
name |
•WEBMIN—Dr.Web Security Control Center extension for managing Dr.Web Server and anti-virus network via the Control Center. •FrontDoor—Dr.Web Server FrontDoor extension that allows connections of Dr.Web Server remote diagnostics utility. |
Extension name. |
- |
•<license>
Licensing settings.
The <license> element contains the following child elements:
▫<limit-notify min-count="" min-percent="" />
Options for notification on limitation on a number of licenses in the license key.
Attributes description:
Attribute |
Description |
Default |
|---|---|---|
min-count |
Maximal number of remaining licenses for which the Limitation on a number of licenses in the license key notification will be sent. |
3 |
min-percent |
Maximal percentage of remaining licenses for which the Limitation on a number of licenses in the license key notification will be sent. |
5 |
▫<license-report report-period="" active-stations-period="" />
Options for the report on license usage.
Attributes description:
Attribute |
Description |
Default |
|---|---|---|
report-period |
Period of reports creation by Dr.Web Server on license keys it uses. If a report on license usage is created by a child Dr.Web Server, then after it is created, this report is sent to the main Dr.Web Server. Created reports are additionally sent at each connection (including restart) of Dr.Web Server, and also at changing the number of donated licenses at the main Dr.Web Server. |
1440 |
active-stations-period |
Period for counting the number of active stations for creating the report on licenses usage. The 0 value prescribes to count all stations in the report not depending on their activity status. |
0 |
▫<exchange>
Settings of licenses propagation between Dr.Web Servers.
The <exchange> element contains the following child elements:
▪<expiration-interval value="" />
▪<prolong-preact value="" />
▪<check-interval value="" />
Elements description:
Element |
Description |
The value attribute default values, min. |
|---|---|---|
expiration-interval |
Validity period of donated licenses—time period on which licenses are donated from the key on this Dr.Web Server. The setting is used if the Server donates licenses to neighbor Dr.Web Servers. |
1440 |
prolong-preact |
Period for accepted licenses renewal—period till the license expiration, starting from which this Dr.Web Server initiates renewal of the license which is accepted from the neighbor Dr.Web Server. The setting is used if Dr.Web Server accepts licenses from neighbor Dr.Web Servers. |
60 |
check-interval |
License synchronization period—interval for synchronising information about donating licenses between Dr.Web Servers. |
1440 |
•<email from="" debug="" />
Parameters of sending emails from the Control Center, e.g., as administrative notifications or when mailing installation packages of the stations.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
from |
- |
Email address which will be set as a sender of emails. |
drwcs@localhost |
debug |
•yes—use debug mode, •no—do not use debug mode. |
Use debug mode to get SMTP session detailed log. |
no |
The <email> element contains the following child elements:
▫<smtp server="" user="" pass="" port="" start_tls="" auth_plain="" auth_login="" auth_cram_md5="" auth_digest_md5="" auth_ntlm="" conn_timeout="" />
SMTP server parameters configuration to send emails.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
server |
- |
SMTP server address which is used to send emails. |
127.0.0.1 |
user |
- |
Name of SMTP server user, if the SMTP server requires authorization. |
- |
pass |
- |
password of SMTP server user, if the SMTP server requires authorization. |
- |
port |
Positive integer. |
SMTP server port which is used to send emails. |
25 |
start_tls |
•yes—use this authentication type, •no—do not use this authentication type. |
Encrypt data transfer. At this, switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection. |
yes |
auth_plain |
Use plain text authentication on a mail server. |
no |
|
auth_login |
Use LOGIN authentication on a mail server. |
no |
|
auth_cram_md5 |
Use CRAM-MD5 authentication on a mail server. |
no |
|
auth_digest_md5 |
Use DIGEST-MD5 authentication on a mail server. |
no |
|
auth_ntlm |
Use AUTH-NTLM authentication on a mail server. |
no |
|
conn_timeout |
Positive integer. |
Connection timeout for SMTP server. |
180 |
▫<ssl enabled="" verify_cert="" ca_certs="" />
SSL traffic encryption parameters configuration for sending emails.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—use SSL, •no—do not use SSL. |
SSL encryption usage mode. |
no |
verify_cert |
•yes—check SSL sertificate, •no—do not check SSL sertificate. |
Validate the SSL certificate of a mail server. |
no |
ca_certs |
- |
The path to the root SSL certificate of Dr.Web Server. |
- |
•<track-epidemic enabled="" aggregation-period="" check-period="" threshold="" most-active="" />
Configuration of parameters for tracking virus epidemic in the network.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of multiple events of infecting stations and be able to send summary notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending the notification about epidemic, during which single notifications about infected stations will not be sent. |
300 |
check-period |
Time period in seconds, during which specified number of messages on infected stations must be received, to send the corresponding notification about epidemic. |
3600 |
|
threshold |
The number of messages on infections that must be received in specified time period, so that Dr.Web Server may send to the administrator a single notification on epidemic on all cases of infection (the Epidemic in the network notification). |
100 |
|
most-active |
Number of the most frequently occurring threats which must be included in the epidemic report. |
5 |
•<track-hips-storm enabled="" aggregation-period="" check-period="" threshold="" most-active="" />
Configuration of parameters for tracking multiple events of Preventive protection component.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of multiple events of Preventive protection and be able to send summary notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending a summary report on Preventive protection events, during which notifications about single events will not be sent. |
300 |
check-period |
Time period in seconds, during which specified number of Preventive protection events must be occurred to send a summary report. |
3600 |
|
threshold |
The number of the Preventive protection events that must be received in specified time period, so that Dr.Web Server may send to the administrator a single summary report on these events (the Summary report of Preventive protection notification). |
100 |
|
most-active |
Number of the most frequently occurring processes that have performed a suspicious action, which must be included in the Preventive protection report. |
5 |
•<track-appctl-storm enabled="" aggregation-period="" check-period="" threshold="" most-active="" />
Configuration of parameters for tracking multiple events of Application Control component.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of multiple events of Application Control and be able to send summary notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending a summary report on processes blocked by Application Control, during which notifications about single blockings will not be sent. |
300 |
check-period |
Time period in seconds, during which specified number of processes must be blocked to send a summary report. |
3600 |
|
threshold |
The number of events on processes blocked by Application Control that must be received in specified time period, so that Dr.Web Server may send to the administrator a single summary report on these events (the Large number of blocks by the Application Control detected notification). |
100 |
|
most-active |
Number of the most common profiles according to which the block was made, and which must be included in the notification on multiple blockings. |
5 |
•<track-disconnect enabled="" aggregation-period="" check-period="" single-alert-threshold="" summary-alert-threshold="" min-session-duration="" />
Configuration of parameters for tracking multiple abnormally terminated connections with clients.
Attributes description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of abnormally terminated connections with clients and be able to send corresponding notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending the notification on multiple connections termination, during which notifications about single terminated connections will not be sent. |
300 |
check-period |
Time period in seconds, during which specified number of connections with clients must be terminated, to send the corresponding notification. |
3600 |
|
single-alert-threshold |
Minimum number of connections with a single address that must be terminated during the counting period, to send the notification about single abnormally terminated connection (the Connection terminated abnormally notification). |
10 |
|
summary-alert-threshold |
Minimum number of connections that must be terminated during the counting period, to send the common notification about multiple abnormally terminated connections (the Large number of abnormally terminated connections detected notification). |
1000 |
|
min-session-duration |
If duration of terminated connection with a client is less than specified value, then specified number of connections is reached, notification about single terminated connections (the Connection terminated abnormally notification) will be sent not depending on the counting period. At this, the connection must not be terminated further by the longer connections, and the notification about multiple abnormally terminated connections must not be sent (the Large number of abnormally terminated connections detected notification). |
300 |
•<default-lang value="" />
Default language which is used by components and systems of Dr.Web Servers if failed to get language settings from the Dr.Web Server database. Particularly used by Dr.Web Security Control Center and administrator notification system if the database has been corrupted and the language settings cannot be obtained.