Dr.Web for Linux Functions

This Manual describes aspects of configuring components of Dr.Web for Linux designed for GNU/Linux. The Manual is intended for a person responsible for anti-virus protection and configuration of networks (hereinafter referred to as "Administrator").

Dr.Web for Linux is designed to protect workstations running on OSes of GNU/Linux family from viruses and other types of malicious software, and to prevent distribution of threats designed for different platforms.

Main features of Dr.Web for Linux:

1.Detection and neutralization of threats. Scans for malicious programs of all possible types (various viruses, including those that infect mail files and boot records, trojans, mail worms, and so on) and unwanted software (adware, joke programs and dialers).

Threat detection methods:

signature analysis—a scan method allowing to detect known threats registered in virus databases;

heuristic analysis—a set of scan methods allowing to detect threats that are not known yet;

using Dr.Web Cloud service, which collects up-to-date information about recent threats and sends it to various products of Doctor Web.

Note that the heuristic analyzer may raise false-positive detections of legitimate software. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you choose to quarantine such files and send them for analysis to the Doctor Web anti-virus laboratory.

Scanning the file system at user request can be performed in two modes: full scan (scanning all file system objects) and custom scan (scanning selected objects—directories or files that satisfy specified criteria). Moreover, the user can start a separate scan of volume boot records and executables that spawned currently active processes. In the latter case, if a malicious executable is detected, it is neutralized and all processes spawned by this file are forced to terminate.

2.Monitoring file access. Data file events and attempts to run executables are monitored. This feature allows to detect and neutralize malware instantly at attempt of infecting the computer.

3.Monitoring access to the internet. Attempts to access internet servers (web, mail and file servers) are monitored to block access to websites from the unwanted categories, and to prevent receiving and sending of email messages with infected files, unwanted links or spam. Scanning email messages and files downloaded from the internet for viruses and other threats is performed “on-the-fly”. To determine unwanted links, Dr.Web for Linux is bundled with an automatically updated database of web resource categories and black and white lists that are manually edited by the user. The Dr.Web Cloud service is also used to check whether a web resource requested by the user is marked malicious by other anti-virus products of Doctor Web.

4.Reliable isolation of infected or suspicious objects in a special storage (quarantine) to prevent any harm to the system. When quarantined, objects are renamed according to custom rules and, if necessary, they can be restored to their original location only on demand of the user.