Dr.Web for UNIX Internet Gateways functions

Dr.Web for UNIX Internet Gateways Functions

This Manual describes aspects of configuring components of Dr.Web for UNIX Internet Gateways designed for GNU/Linuxand FreeBSD. The Manual is intended for a person responsible for anti-virus protection and configuration of networks (hereinafter referred to as "Administrator").

Dr.Web for UNIX Internet Gateways is designed to protect servers running on OSes of GNU/Linux family and FreeBSD from viruses and other types of malicious software, and to prevent distribution of threats designed for different platforms.

Main features of Dr.Web for UNIX Internet Gateways:

1.Detection and neutralization of threats. Scans for malicious programs of all possible types (various viruses, including those that infect mail files and boot records, trojans, mail worms, and so on) and unwanted software (adware, joke programs and dialers).

Threat detection methods:

•signature analysis—a scan method allowing to detect known threats registered in virus databases;

•heuristic analysis—a set of scan methods allowing to detect threats that are not known yet;

•using Dr.Web Cloud service, which collects up-to-date information about recent threats and sends it to various products of Doctor Web.

Note that the heuristic analyzer may raise false-positive detections of legitimate software. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you choose to quarantine such files and send them for analysis to the Doctor Web anti-virus laboratory.

Scanning the file system at user request can be performed in two modes: full scan (scanning all file system objects) and custom scan (scanning selected objects—directories or files that satisfy specified criteria). Moreover, the user can start a separate scan of volume boot records and executables that spawned currently active processes. In the latter case, if a malicious executable is detected, it is neutralized and all processes spawned by this file are forced to terminate.

2.Analyzing data transmitted to the internet. Not only user requests are monitored (i.e. attempts to connect to a web server and upload a file to it), but also data sent by web servers in response to user requests. To analyze requests and return data, the program connects via the ICAP protocol as an external filter to a proxy server processing HTTP connections of local network users. Moreover, using the SpIDer Gate component, it is possible to utilize barrier functions that prevent receiving and sending infected files by a public web server of the organization (this option is available only for GNU/Linux). To restrict access to unwanted websites, the product uses an automatically updated database of web resources separated into categories, which is bundled with Dr.Web for UNIX Internet Gateways, and white and black lists created by the system administrator manually. The product also makes a request to the Dr.Web Cloud service to check whether an internet resource is marked as malicious by other Dr.Web products.