By default, the Dr.Web Server configuration file drwcsd.conf is located in the etc subfolder of the Dr.Web Server installation folder. Using a command line parameter, you can start Dr.Web Server and specify a custom location and name of its configuration file (for more information, see Appendix G3. Dr.Web Server).
To manually edit the Dr.Web Server configuration file, proceed as follows:
1.Stop the Dr.Web Server (see Administrator Manual, Dr.Web Server).
2.Disable Self-Protection (if you installed Dr.Web Agent on the computer where Dr.Web Server is also installed and enabled Self-Protection, you can disable it in the Dr.Web Agent menu).
3.Edit the Dr.Web Server configuration file.
4.Start Dr.Web Server (see Administrator Manual, Dr.Web Server).
Dr.Web Server configuration file format
The configuration file of Dr.Web Server is in XML format.
Description of the Dr.Web Server configuration file parameters:
•<version value="" />
Current version of the configuration file.
•<name value="" />
Name of Dr.Web Server or the cluster of Dr.Web Servers to be looked up by Dr.Web Agents, Dr.Web Agent installers, and the Control Center. Leave the value blank ("" is used by default) to use the name of the computer where Dr.Web Server is installed.
•<id value="" />
Unique Dr.Web Server identifier. Prior to version 10, it was included in the Dr.Web Server license key. It is now specified in the Dr.Web Server configuration file.
Cryptographic salt. A string of random data that is added to the administrator password. The combined value is hashed by a hash function and stored as a single hash in the database to protect the password from brute force cracking. The salt is generated by default after installing or upgrading Dr.Web Server from previous versions.
In addition to the static salt, a dynamic salt is generated for each password. The PBKDF2 password-based key generation standard is used as the HMAC authentication code when calculating the salted password fingerprint. Thus, the password is combined with the salt and hashed multiple times. By default, the use of static salt is disabled, dynamic salt is always used.
|
If the salt is present, it is not possible to view or change the administrator password using the provided database management utility (drwidbsh3). |
|
If you are using a cluster of Dr.Web Servers, manually set the same salt value on all Dr.Web Servers in the cluster. |
•<location city="" country="" department="" floor="" latitude="" longitude="" organization="" province="" room="" street="" />
Geographic location of Dr.Web Server.
Attribute description:
Attribute |
Description |
|---|---|
city |
City |
country |
Country |
department |
Department name |
floor |
Floor |
latitude |
Latitude |
longitude |
Longitude |
organization |
Organization name |
province |
Province name |
room |
Room number |
street |
Street name |
•<threads count="" />
Number of threads for processing data from Dr.Web Server clients (Dr.Web Agents and their installers, neighboring Dr.Web Servers, Dr.Web proxy servers). The minimum value is 5. The default value is 5.
This parameter affects the performance of Dr.Web Server. Changing the default value when using the embedded database is not recommended. When using an external database, a larger parameter value may be required (see Dr.Web Server Load and Recommended Configuration Parameters). If Dr.Web Server is used in an anti-virus network with a large number of client connections, it is recommended that you contact the Doctor Web technical support team before changing the value.
•<newbie approve-to-group="" mode="" />
Access mode for new stations.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
approve-to-group |
– |
Group to be set as the primary group by default for new stations in the Allow access automatically mode (mode='open'). |
Empty value, which means the Everyone group is assigned as the primary group. |
mode |
•open—allow access automatically, •closed—always deny access, •approval—approve access manually. |
New station approval policy. |
– |
For more information, see the Administrator Manual, New stations approval policy.
•<emplace-auto enabled="" />
This mode is used to create station accounts in the Control Center when installing Dr.Web Agents using a group installation package if the number of already created accounts is insufficient.
Attribute |
Allowed values |
Default |
|---|---|---|
enabled |
•yes—automatically create missing station accounts, •no—installation is possible only for the number of accounts already created in the group whose installation package is being launched. |
yes |
•<unauthorized-to-newbie enabled="" />
Action policy for unauthorized stations. Allowed values for enabled:
▫yes—stations that failed to be authorized (for instance, if the database is corrupted) will be automatically reset to newbies,
▫no (default)—normal mode of operation.
•<maximum-authorization-queue size="" />
Maximum number of stations in the Dr.Web Server authorization queue. Contact the Doctor Web technical support team before changing the default value.
•<reverse-resolve enabled="" />
Replace IP addresses with DNS names in the Dr.Web Server log file. Allowed values for enabled:
▫yes—show DNS names,
▫no (Default)—show IP addresses.
•<replace-netbios-names enabled="" host="" />
Replace NetBIOS names of computers with DNS names.
Attribute description:
Attribute |
Allowed values |
Description |
|---|---|---|
enabled |
•yes—replace, •no—do not replace. The <agent-host-names /> parameter will be used instead. |
NetBIOS name replacement mode. |
host |
•yes—display partially qualified DNS names (before the trailing dot in FQDN), •no—display fully qualified DNS names (FQDN). |
Displayed name format after replacement. |
•<agent-host-names mode="" />
Mode for displaying computer names in the anti-virus network when accessing Dr.Web Server. Allowed values for mode:
▫netbios—display NetBIOS names (used by default if the attribute is empty or the parameter is not present),
▫fqdn—display fully qualified DNS names (FQDN),
▫host—display partially qualified DNS names (before the trailing dot in FQDN).
•<dns>
DNS settings.
▫<timeout value="" />
Time-out in seconds for resolving DNS direct/reverse queries. Leave the value blank to not limit the wait time until the end of the resolution.
▫<retry value="" />
Maximum number of DNS retries when DNS query resolution fails.
▫<cache enabled="" negative-ttl="" positive-ttl="" />
Time for storing responses from the DNS server in the cache.
Attribute description:
Attribute |
Allowed values |
Description |
|---|---|---|
enabled |
•yes—store responses in the cache, •no—do not store responses in the cache. |
Storing responses in the cache. |
negative-ttl |
– |
Cache storage time (TTL) for negative responses from the DNS server in minutes. |
positive-ttl |
– |
Cache storage time (TTL) for positive responses from the DNS server in minutes. |
▫<servers>
List of DNS servers that replaces the default system list. Contains one or several <server address="" /> child elements, where the address parameter specifies the IP address of the server.
▫<domains>
List of DNS domains that replaces the default system list. Contains one or several <domain name="" /> child elements, where the name parameter specifies the domain name.
•<cache>
Caching settings.
The <cache> element contains the following child elements:
▫<interval value="" />
Full cache purge interval in seconds.
▫<quarantine ttl="" />
Deletion interval in seconds for files quarantined by Dr.Web Server. The default value is 604800 (one week).
▫<download ttl="" />
Deletion interval in seconds for personal installation packages. The default value is 604800 (one week).
▫<repository ttl="" />
Deletion interval in seconds for files in the Dr.Web Server repository.
▫<file ttl="" />
File cache purge interval in seconds. The default value is 604800 (one week).
•<replace-station-description enabled="" />
Synchronize station descriptions on Dr.Web Server with the Computer description field on the System properties page on stations. Allowed values for enabled:
▫yes—replace the description on Dr.Web Server with the description on the station,
▫no (default)—ignore the description on station.
•<time-discrepancy value="" />
Allowable difference between the system time on Dr.Web Server and Dr.Web Agents in minutes. If the difference is larger than the specified value, it will be noted in the status of the station on Dr.Web Server. A 3 minute difference is allowed by default. The empty value or 0 means that this check is disabled.
•<encryption mode="" />
Traffic encryption mode. Allowed values for mode:
▫yes—use encryption,
▫no—do not use encryption,
▫possible—encryption is possible.
The default is yes.
For more information, see the Administrator Manual, Traffic Encryption and Compression.
•<compression level="" mode="" />
Traffic compression mode.
Attribute description:
Attribute |
Allowed values |
Description |
|---|---|---|
level |
Integer from 1 to 9. |
Compression level. |
mode |
•yes—use compression, •no—do not use compression, •possible—compression is possible. |
Compression mode. |
For more information, see the Administrator Manual, Traffic Encryption and Compression.
•<track-agent-jobs enabled="" />
Allow monitoring and storing the results of task execution on workstations in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<track-agent-status enabled="" />
Allow monitoring of changes in the status of stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<track-virus-bases enabled="" />
Allow monitoring of changes in the status (composition, modification) of virus databases on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no. The parameter is ignored if <track-agent-status enabled="no" />.
•<track-agent-modules enabled="" />
Allow monitoring of module versions on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<track-agent-components enabled="" />
Allow monitoring of the list of components installed on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<track-agent-userlogon enabled="" />
Allow monitoring of user sessions on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<track-agent-environment enabled="" />
Allow monitoring of hardware and software configurations on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-run-information enabled="" />
Allow monitoring of information on started and stopped anti-virus components on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-infection enabled="" />
Allow monitoring of threat detection on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-scan-errors enabled="" />
Allow monitoring of scan errors on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-scan-statistics enabled="" />
Allow monitoring of scan statistics on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-installation enabled="" />
Allow monitoring of Dr.Web Agent installations on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-blocked-devices enabled="" />
Allow monitoring of devices blocked by the Office Control component and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-appcontrol-activity enabled="" />
Allow monitoring of process activity on stations detected by Application Control (to populate the Application catalog) and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<keep-appcontrol-block enabled="" />
Allow monitoring of blocked processes on stations by Application Control and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<quarantine enabled="" />
Allow monitoring of information on the Quarantine status on stations and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<update-bandwidth queue-size="" value="" />
Maximum network traffic bandwidth in KB/sec for delivering updates from Dr.Web Server to Dr.Web Agents.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
queue-size |
•positive integer, •unlimited. |
Maximum allowed number of update distribution sessions running at the same time on Dr.Web Server. When the limit is reached, Dr.Web Agent requests are placed into the waiting queue. The waiting queue size is unlimited. |
unlimited |
value |
•maximum speed in KB/sec, •unlimited. |
Maximum total bandwidth for transferring updates. |
unlimited |
•<install-bandwidth queue-size="" value="" />
Maximum network traffic bandwidth in KB/sec for transferring data when Dr.Web Agents are being installed on stations.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
queue-size |
•positive integer, •unlimited. |
Maximum allowed number of Dr.Web Agent installation sessions launched simultaneously from Dr.Web Server. When the limit is reached, Dr.Web Agent requests are placed into the waiting queue. The waiting queue size is unlimited. |
unlimited |
value |
•maximum speed in KB/sec, •unlimited. |
Maximum total bandwidth for transferring data during Dr.Web Agent installation. |
unlimited |
•<geolocation enabled="" startup-sync="" />
Enable synchronization of station geolocation data between Dr.Web Servers.
Attribute description:
Attribute |
Allowed values |
Description |
|---|---|---|
enabled |
•yes—allow synchronization, •no—disable synchronization. |
Synchronization mode. |
startup-sync |
Positive integer. |
Number of stations without any geographical coordinates, whose data is requested when establishing a connection between Dr.Web Servers. |
•<audit enabled="" />
Allow monitoring of administrator actions in Dr.Web Security Control Center and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<audit-internals enabled="" />
Allow monitoring of internal operations on Dr.Web Server and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<audit-xml-api enabled="" />
Allow monitoring of operations via Web API on Dr.Web Server and storing the information in the Dr.Web Server database. Allowed values for enabled: yes or no.
•<proxy auth-list="" enabled="" host="" password="" user="" />
Parameters of connections to Dr.Web Server via an HTTP proxy server.
Attribute description:
Attribute |
Allowed values |
Description |
|---|---|---|
auth-list |
•none—do not use authentication, •any—any supported method, •safe—any secure supported method, •if more than one of the following methods are set, they must be separated by a space: ▫basic ▫digest ▫digestie ▫ntlmwb ▫ntlm ▫negotiate |
Proxy server authentication type. The default is any. |
enabled |
•yes—use proxy server, •no—do not use proxy server. |
Connecting to Dr.Web Server via HTTP proxy server. |
host |
– |
Proxy server address. |
password |
– |
Password of the proxy server user if the proxy server requires authentication. |
user |
– |
Name of the proxy server user if the proxy server requires authentication. |
|
When specifying the list of allowed authentication methods for the proxy server, you can use the only tag (add it to the end of the list with a space) to change the algorithm of selecting the authentication method. For more information, see https://curl.se/libcurl/c/CURLOPT_HTTPAUTH.html. |
•<statistics enabled="" id="" interval="" />
Parameters for sending statistics on virus events to Doctor Web (the data will be used to populate the https://stat.drweb.com/ section).
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—send statistics, •no—do not send statistics. |
Sending statistics to Doctor Web. |
– |
id |
– |
MD5 of the Dr.Web Agent license key. |
– |
interval |
Positive integer. |
Interval of sending statistics in minutes. |
30 |
•<cluster>
Parameters of a Dr.Web Server cluster for exchanging data in a multiserver anti-virus network configuration.
Contains one or several <on multicast-group="" port="" interface="" /> child elements.
Attribute description:
Attribute |
Description |
|---|---|
multicast-group |
IP address of the multicast group that Dr.Web Servers use to exchange information. |
port |
Port number of the network interface used by the transport protocol to transfer data to the multicast group. |
interface |
IP address of the network interface used by the transport protocol to transfer data to the multicast group. |
•<multicast-updates enabled="" />
Allows to configure the delivery of group updates to workstations using the multicast protocol. Allowed values for enabled: yes or no.
<multicast-updates> contains multiple child elements and attributes:
Child element |
Attribute |
Description |
Default |
|---|---|---|---|
port <port value="" /> |
value |
Port number of the Dr.Web Server network interface used by the multicast transport protocol to deliver updates. This port is used by all multicast groups. For multicast updates, specify any unused port different from the one specified in the Dr.Web Server transport protocol settings. |
2197 |
ttl <ttl value="" /> |
value |
Time-to-live of a transferred UDP datagram. This value is used by all multicast groups. |
8 |
group <group address="" /> |
address |
IP address of the multicast group through which stations will receive group updates. |
233.192.86.0 for IPv4 FF0E::176 for IPv6 |
on <on interface="" ttl="" /> |
interface |
IP address of the Dr.Web Server network interface used by the multicast transport protocol to transmit updates. |
– |
ttl |
Time-to-live of a UDP datagram transferred via a specified network interface. Has a higher priority than the general <ttl value="" /> child element. |
8 |
|
transfer <transfer datagram-size="" assembly-timeout="" updates-interval="" chunks-interval="" resend-interval="" silence-interval="" accumulate-interval="" announce-send-times="" /> |
datagram-size |
UDP datagram size (bytes)—size of UDP datagrams used by the multicast protocol in bytes. The allowed range is 512–8192. To avoid fragmentation, it is recommended that you set a value less than the MTU (Maximum Transmission Unit) of the network. |
1400 |
assembly-timeout |
File transmission time (ms.)—during the specified time a single update file is transmitted, after which Dr.Web Server starts sending the next file. Any files that could not be transferred during the multicast update phase will be transferred during the standard TCP update session. |
180000 |
|
updates-interval |
Multicast update duration (ms.)—duration of the update process via the multicast protocol. Any files that could not be transferred during the multicast update phase will be transferred during the standard TCP update session. |
600000 |
|
chunks-interval |
Packet transmission interval (ms.)—interval for sending packets to the multicast group. A small interval value can cause significant packet loss and overload the network. It is not recommended to change this parameter. |
14 |
|
resend-interval |
Interval between retransmission requests (ms.)—Dr.Web Agents send requests for retransmission of lost packets with this interval. Dr.Web Server accumulates these requests and sends out any lost packets afterwards. |
1000 |
|
silence-interval |
“Silence” interval on the line (ms.)—whenever file transmission is over before the allotted time and no requests for retransmission of lost packages are received from Dr.Web Agents during the specified “wait” time interval, Dr.Web Server assumes that all Dr.Web Agents successfully received update files and initiates transfer of the next file. |
10000 |
|
accumulate-interval |
Retransmission request accumulation interval (ms.)—during the specified time interval, Dr.Web Server accumulates requests for retransmission of lost packets from Dr.Web Agents. Dr.Web Agents request lost packets. Dr.Web Server accumulates these requests throughout the specified time and sends out any lost packets afterwards. |
2000 |
|
announce-send-times |
Number of file transmission announcements—the number of times Dr.Web Server announces a file transfer to a multicast group before the update transfer starts. When it is announced, a UDP datagram with file metadata is sent to the multicast group. Increasing the number of announcements can improve transmission reliability, but at the same time it may reduce the amount of data that can be transmitted in the time allotted for an update using the multicast protocol. |
3 |
Optionally, the <multicast-updates> element can also contain the <acl> child element, which is used to create ACL lists. This allows you to limit the number of TCP addresses of workstations that will be able to receive group updates via multicast protocol from this Dr.Web Server. The <acl> child element is not present initially, which means no restrictions are applied by default.
<acl> as part of <multicast-updates> includes the following child elements:
▫<priority mode="" />
Sets the list priority. Allowed values for mode: allow or deny. When <priority mode="deny" /> is set, the <deny> list has a higher priority than the <allow> list. Addresses not included in either of the lists or included in both of them are denied. Only addresses included in the <allow> list and not included in the <deny> list are allowed.
▫<allow>
List of TCP addresses that are allowed to receive updates over the multicast protocol. The <allow> element contains one or several <ip address="" /> child elements to specify the allowed addresses in the IPv4 format and <ip6 address="" /> to specify the allowed addresses in the IPv6 format. The address attribute defines network addresses in the following format: <IP address>/[<prefix>].
▫<deny>
List of TCP addresses that are not allowed to receive updates over the multicast protocol. The <deny> element contains one or several <ip address="" /> child elements to specify the denied addresses in the IPv4 format and <ip6 address="" /> to specify denied addresses in the IPv6 format. The address attribute defines network addresses in the following format: <IP address>/[<prefix>].
•<database connections="" speedup="" />
Database definition.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
connections |
Positive integer. |
Maximum number of connections of the database to Dr.Web Server. Do not change the default value when using the embedded database. When using an external database, a larger parameter value may be required (see Dr.Web Server Load and Recommended Configuration Parameters). If Dr.Web Server is used in an anti-virus network with a large number of client connections, it is recommended that you contact the Doctor Web technical support team before changing the value. |
2 |
speedup |
yes | no |
Automatically perform the delayed purging of the database after its initialization, upgrade, and import (see the Administrator Manual, Database). |
yes |
The <database> element contains one of the following child elements:
|
The <database> element can contain only one child element defining a specific database.
It is recommended that you contact the Doctor Web technical support team before changing database attributes that may be present in the configuration file template but lack their descriptions. |
▫<sqlite dbfile="" cache="" cachesize="" readuncommitted="" precompiledcache="" synchronous="" checkintegrity="" autorepair="" mmapsize="" wal="" wal-max-pages="" wal-max-seconds="" />
Defines configuration of the embedded SQLite3 database.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dbfile |
– |
Database file name. |
database.sqlite |
cache |
SHARED | PRIVATE |
Caching mode. |
SHARED |
cachesize |
Positive integer. |
Database cache size (in 1.5 KB pages). |
2048 |
readuncommitted |
on | off |
Transition to the READ UNCOMMITTED transaction isolation level (access data that has been changed or deleted but not committed by another transaction). |
off |
precompiledcache |
Positive integer. |
Cache size for precompiled SQL statements (in bytes). |
1048576 |
synchronous |
•TRUE or FULL—synchronous •FALSE or NORMAL—regular •OFF—asynchronous |
Data write mode. |
FULL |
checkintegrity |
quick | full | no |
Verify the integrity of the database image at Dr.Web Server startup. |
quick |
autorepair |
yes | no |
Automatically restore a corrupted database image at Dr.Web Server startup. |
no |
mmapsize |
Positive integer. |
Maximum number of bytes of the database file that is allowed to be mapped into the process address space at a time. |
•for Unix-like OSs—10485760 •for Windows OS—0 |
wal |
yes | no |
Use Write-Ahead Logging. |
yes |
wal-max-pages |
– |
Maximum number of “dirty” pages after which the pages are written to disk. |
1000 |
wal-max-seconds |
– |
Maximum time to delay writing pages to disk (in seconds). |
30 |
▫<pgsql dbname="drwcs" host="localhost" port="5432" options="" requiressl="" user="" password="" temp_tablespaces="" default_transaction_isolation="" debugproto ="yes" />
Defines configuration of the external PostgreSQL database.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dbname |
– |
Database file name. |
– |
host |
– |
PostgreSQL server host or path to a Unix domain socket. |
– |
port |
– |
PostgreSQL server port number or the extension of a Unix domain socket file. |
– |
options |
– |
Command line parameters to send to the database server. For more details, see chapter 18 at https://www.postgresql.org/docs/9.1/libpq-connect.html |
– |
requiressl |
•1 | 0 (via the Control Center) •y | n •yes | no •on | off |
Allow SSL connections only. |
•0 •y •yes •on |
user |
– |
Database user name. |
– |
password |
– |
Database user password. |
– |
temp_tablespaces |
– |
Namespace for temporary tables. |
– |
default_transaction_isolation |
•read uncommitted •read committed •repeatable read •serializable |
Transaction isolation level. |
read committed |
debugproto |
•yes | no •on | off |
Enable debug logging of the DBMS operation. |
•yes •on |
▫<oracle connectionstring="" user="" password="" client="" prefetch-rows="0" prefetch-mem="0" />
Defines configuration of the external Oracle database.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
connectionstring |
– |
String with the Oracle SQL Connect URL or Oracle Net key-value pairs. |
– |
user |
– |
Registration name of the database user. |
– |
password |
– |
Database user password. |
– |
client |
– |
Path to the Oracle Instant Client for accessing the Oracle DB. Dr.Web Server is supplied with Oracle Instant Client version 11. If Oracle Servers of a later version are used or if the Oracle driver contains errors, you can download a corresponding driver from the Oracle website and set the path to the driver in this field. |
– |
prefetch-rows |
0–65535 |
Number of rows to be prefetched when executing a query to the database. |
0—use the value = 1 (database default) |
prefetch-mem |
0–65535 |
Memory allocated for rows to be prefetched when executing a query to the database. |
0—unlimited |
▫<odbc dsn="drwcs" user="" pass="" limit="" transaction="DEFAULT" />
Defines configuration of the connection to an external database via ODBC.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dsn |
– |
ODBC data source name. |
drwcs |
user |
– |
Registration name of the database user. |
drwcs |
pass |
– |
Database user password. |
drwcs |
limit |
Positive integer. |
Reconnect to the DBMS after the specified number of transactions. |
0—do not reconnect |
transaction |
•SERIALIZABLE—serializable •READ_UNCOMMITTED—read uncommitted data •READ_COMMITTED—read committed data •REPEATABLE_READ—repeatable read •DEFAULT—equal to ""—depends on the DBMS. |
Transaction isolation level. Some DBMS support READ_COMMITTED only. |
DEFAULT |
▫<mysql dbname="drwcs" host="localhost" port="3306" user="" password="" ssl="no" precompiledcache="" debug="no" />
Defines configuration of the external MySQL/MariaDB database.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
dbname |
– |
Database name. |
drwcs |
host |
Either of the two. |
Database server address for TCP/IP connections. |
localhost |
Path to the UNIX socket file when using UDS. If not set, Dr.Web Server tries to locate the file in one of the standard mysqld directories. |
/var/run/mysqld/ |
||
port |
Either of the two. |
Port number to connect to the database via TCP/IP. |
3306 |
UNIX socket file name when using UDS. |
mysqld.sock |
||
user |
– |
Registration name of the database user. |
"" |
password |
– |
Database user password. |
"" |
ssl |
yes | any other string |
Allow SSL connections only. |
no |
precompiledcache |
Positive integer. |
Cache size for precompiled SQL statements (in bytes). |
1048576 |
debug |
•yes | no •on | off |
Enable debug logging of the DBMS operation. |
•no •off |
•<acl>
Access Control List. Allows to configure restrictions for network addresses from which Dr.Web Agents, network installers and other (neighboring) Dr.Web Servers will be able to access Dr.Web Server.
The <acl> element contains the following child elements for configuring restrictions for the corresponding connection types:
▫<install>—the list of restrictions on IP addresses from which Dr.Web Agent installers can connect to this Dr.Web Server.
▫<agent>—the list of restrictions on IP addresses from which Dr.Web Agents can connect to this Dr.Web Server.
▫<links>—the list of restrictions on IP addresses from which neighboring Dr.Web Servers can connect to this Dr.Web Server.
▫<discovery>—the list of restrictions on IP addresses from which broadcast queries can be received by the Dr.Web Server Detection Service.
All child elements contain the same structure of nested elements that defines the following restrictions:
▫<priority mode="" />
List priority. Allowed values for mode: allow or deny. When <priority mode="deny" /> is set, the <deny> list has a higher priority than the <allow> list. Addresses not included in either of the lists or included in both of them are denied. Only addresses included in the <allow> list and not included in the <deny> list are allowed.
▫<allow>
List of TCP addresses from which access is allowed. The <allow> element contains one or several <ip address="" /> child elements to specify the allowed addresses in the IPv4 format and <ip6 address="" /> to specify the allowed addresses in the IPv6 format. The address attribute defines network addresses in the following format: <IP address>/[<prefix>].
▫<deny>
List of TCP addresses from which access is denied. The <deny> element contains one or several <ip address="" /> child elements to specify the denied addresses in the IPv4 format and <ip6 address="" /> to specify denied addresses in the IPv6 format. The address attribute defines network addresses in the following format: <IP address>/[<prefix>].
•<scripts profile="" stack="" trace="" />
Configuration of script profiling parameters.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
profile |
•yes, •no. |
Log information about Dr.Web Server script profiling. This parameter is used by technical support specialists and developers. Changing this parameter unless necessary is not recommended. |
no |
stack |
Log information on Dr.Web Server script execution from a call stack. This parameter is used by technical support specialists and developers. Changing this parameter unless necessary is not recommended. |
||
trace |
Log information on Dr.Web Server script execution tracing. This parameter is used by technical support specialists and developers. Changing this parameter unless necessary is not recommended. |
•<lua-module-path>
Lua interpreter paths.
|
The path order is important. |
The <lua-module-path> element contains the following child elements:
▫<cpath root="" />—path to the folder containing binary modules. Allowed values for root: home (default), var, bin, lib.
▫<path value="" />—path to the folder containing scripts. If it is not a child of the <jobs> or <hooks> elements, then it is used by both. Paths specified in the value attribute are relative to paths in the root attribute of the <cpath> element.
▫<jobs>—paths to tasks in the Dr.Web Server schedule.
The <jobs> element contains one or several <path value="" /> child elements to specify the path to the scrips folder.
▫<hooks>—paths for the user hooks of Dr.Web Server.
The <hooks> element contains one or several <path value="" /> child elements to specify the path to the scrips folder.
•<transports>
Configuration of transport protocol parameters used by Dr.Web Server to connect to clients. Contains one or several <transport discovery="" ip="" name="" multicast="" multicast-group="" port="" /> child elements.
Attribute description:
Attribute |
Description |
Obligatory |
Allowed values |
Default |
|---|---|---|---|---|
discovery |
Defines whether the Dr.Web Server detection service is used or not. |
no, specified together with the ip attribute only. |
yes, no |
no |
ip | unix |
Defines the family of used protocols (IP or Unix socket) and specifies the interface address. |
yes |
– |
0.0.0.0 | – |
name |
Specifies the Dr.Web Server name for the Dr.Web Server detection service. |
no |
– |
drwcs |
multicast |
Defines whether Dr.Web Server is in a multicast group or not. |
no, specified together with the ip attribute only. |
yes, no |
no |
multicast-group |
Specifies the address of the multicast group into which Dr.Web Server is included. |
no, specified together with the ip attribute only. |
– |
•231.0.0.1 •[ff18::231.0.0.1] |
port |
Port to listen. |
no, specified together with the ip attribute only. |
– |
2193 |
•<protocols>
List of disabled protocols. Contains one or several <protocol enabled="" name="" /> child elements.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—protocol is enabled, •no—protocol is disabled. |
Protocol usage mode. |
no |
name |
•AGENT—protocol that allows interaction of Dr.Web Server with Dr.Web Agents. •MSNAPSHV—protocol that allows interaction of Dr.Web Server with the Microsoft NAP Validator system health check component. •INSTALL—protocol that allows interaction of Dr.Web Server with Dr.Web Agent installers. •CLUSTER—protocol for interaction between Dr.Web Servers in a cluster system. •SERVER—protocol that allows interaction of Dr.Web Server with other Dr.Web Servers. |
Protocol name. |
– |
•<plugins>
List of disabled extensions. Contains one or several <plugin enabled="" name="" /> child elements.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—extension is enabled, •no—extension is disabled. |
Extension usage mode. |
no |
name |
•WEBMIN—Dr.Web Security Control Center extension for managing Dr.Web Server and the anti-virus network via the Control Center. •FrontDoor—Dr.Web Server FrontDoor extension that allows connecting a remote diagnostics utility to Dr.Web Server. |
Extension name. |
– |
•<license>
Licensing settings.
The <license> element contains the following child elements:
▫<limit-notify min-count="" min-percent="" />
Options for notifications on a low number of available licenses in the license key.
Attribute description:
Attribute |
Description |
Default |
|---|---|---|
min-count |
Maximum number of remaining licenses at which the Limitation on a number of licenses in the license key notification will be sent. |
3 |
min-percent |
Maximum percentage of remaining licenses at which the Limitation on a number of licenses in the license key notification will be sent. |
5 |
▫<license-report report-period="" active-stations-period="" />
Options for the report on license usage.
Attribute description:
Attribute |
Description |
Default |
|---|---|---|
report-period |
Frequency with which Dr.Web Server generates reports on license usage. If a report on license usage is created by a child Dr.Web Server, then this report is immediately sent to the main Dr.Web Server. Created reports are additionally sent each time Dr.Web Server is connected (including after a restart), as well as when the number of issued licenses on the main Dr.Web Server changes. |
1440 |
active-stations-period |
Period for counting the number of active stations to create a report on license usage. If set to 0, all stations will be included in the report regardless of their activity status. |
0 |
▫<exchange>
Settings of license propagation between Dr.Web Servers.
The <exchange> element contains the following child elements:
▪<expiration-interval value="" />
▪<prolong-preact value="" />
▪<check-interval value="" />
Elements:
Element |
Description |
Default values, min |
|---|---|---|
expiration-interval |
Validity period of donated licenses—period of time for which licenses are issued from the key on this Dr.Web Server. The setting is used if the Dr.Web Server donates licenses to neighboring Dr.Web Servers. |
1440 |
prolong-preact |
Period for accepted license renewal—period of time before the expiration of the automatic license renewal period, when this Dr.Web Server starts requesting preliminary automatic renewal of accepted licenses The setting is used if Dr.Web Server accepts licenses from neighboring Dr.Web Servers. |
60 |
check-interval |
License synchronization period—time interval for synchronizing information about donated licenses between Dr.Web Servers. |
1440 |
•<auth-flood count="" only-failed="" period="" />
Authentication settings. If the specified number of attempts is exceeded, authentication will be impossible for a certain period of time.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
count |
– |
Number of authentication attempts. |
5 |
only-failed |
•yes—count only unsuccessful authentication attempts, •no—count both unsuccessful and successful authentication attempts. |
Count only unsuccessful attempts. |
yes |
period |
– |
Time period during which authentication will be impossible. |
60 seconds |
•<email from="" debug="" />
Parameters for sending emails from the Control Center, for example, as administrator notifications or when mailing installation packages to stations.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
from |
– |
Email address that will be set as the email sender. |
drwcs@localhost |
debug |
•yes—use debug mode, •no—do not use debug mode. |
Use debug mode to get a detailed log of the SMTP session. |
no |
The <email> element contains the following child elements:
▫<smtp server="" user="" pass="" port="" start_tls="" auth_plain="" auth_login="" auth_cram_md5="" auth_digest_md5="" auth_ntlm="" conn_timeout="" />
Configuration of SMTP server parameters for sending emails.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
server |
– |
Address of the SMTP server that is used to send email. |
127.0.0.1 |
user |
– |
Name of the SMTP server user if the SMTP server requires authentication. |
– |
pass |
– |
Password of the SMTP server user if the SMTP server requires authentication. |
– |
port |
Positive integer. |
Port of the SMTP server that is used to send email. |
25 |
start_tls |
•yes—use this authentication type, •no—do not use this authentication type. |
Encrypt data transfer. Switching to secure connection is performed by using the STARTTLS command. Port 25 is used for the connection by default. |
yes |
auth_plain |
Use plain text authentication on the mail server. |
no |
|
auth_login |
Use LOGIN authentication on the mail server. |
no |
|
auth_cram_md5 |
Use CRAM-MD5 authentication on the mail server. |
no |
|
auth_digest_md5 |
Use DIGEST-MD5 authentication on the mail server. |
no |
|
auth_ntlm |
Use AUTH-NTLM authentication on the mail server. |
no |
|
conn_timeout |
Positive integer. |
Connection time-out for the SMTP server. |
180 |
▫<ssl enabled="" verify_cert="" ca_certs="" />
Configuration of SSL traffic encryption parameters for sending emails.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
•yes—use SSL, •no—do not use SSL. |
Use of SSL encryption. |
no |
verify_cert |
•yes—check the SSL certificate, •no—do not check the SSL certificate. |
Validate the SSL certificate of the mail server. |
no |
ca_certs |
– |
Path to the root SSL certificate of Dr.Web Server. |
– |
•<track-epidemic enabled="" aggregation-period="" check-period="" threshold="" most-active="" />
Configuration of parameters for tracking malware outbreaks on the network.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of multiple station infection events and allows to send summary notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending a notification about an outbreak during which single notifications about infected stations will not be sent. |
300 |
check-period |
Time period in seconds during which a specified number of messages on infected stations must be received to send a notification about an outbreak. |
3600 |
|
threshold |
Number of messages on infections that must be received within a specified time period for Dr.Web Server to send a summary notification about an outbreak for all infection cases (the Epidemic in the network notification) to the administrator. |
100 |
|
most-active |
Number of the most frequently occurring threats that must be included in the epidemic report. |
5 |
•<track-hips-storm enabled="" aggregation-period="" check-period="" threshold="" most-active="" />
Configuration of parameters for tracking multiple events of the Preventive protection component.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of multiple events of Preventive protection and allows to send summary notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time interval in seconds after sending a summary report on Preventive protection events during which no single event notifications are sent. |
300 |
check-period |
Time period in seconds during which a specified number of Preventive protection events must occur for a summary report to be sent. |
3600 |
|
threshold |
The number of Preventive protection events that must be received in a specified time period, so that Dr.Web Server may send a single summary report on these events (the Summary report of Preventive protection notification) to the administrator. |
100 |
|
most-active |
Number of the most active processes that have performed a suspicious action to be included in the Preventive protection report |
5 |
•<track-appctl-storm enabled="" aggregation-period="" check-period="" threshold="" most-active="" />
Configuration of parameters for tracking multiple events of the Application Control component.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of multiple events of Application Control and allows to send summary notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending a summary report on processes blocked by Application Control during which notifications about blocked processes will not be sent. |
300 |
check-period |
Time period in seconds during which a specified number of processes must be blocked for a summary report to be sent |
3600 |
|
threshold |
Number of processes blocked by Application Control in a specified period of time so that Dr.Web Server can send a single summary report on these events to the administrator (the Large number of blocks by the Application Control detected notification). |
100 |
|
most-active |
Number of the most frequently triggered Application Control profiles to be included in multiple blocked processes notification |
5 |
•<track-disconnect enabled="" aggregation-period="" check-period="" single-alert-threshold="" summary-alert-threshold="" min-session-duration="" />
Configuration of parameters for tracking multiple abnormally terminated connections to clients.
Attribute description:
Attribute |
Allowed values |
Description |
Default |
|---|---|---|---|
enabled |
yes | no |
Enables monitoring of abnormally terminated connections to clients and sending corresponding notifications to the administrator. |
yes |
aggregation-period |
Positive integer. |
Time period in seconds after sending a notification about multiple terminated connections during which notifications about single terminated connections are not sent. |
300 |
check-period |
Time period in seconds during which a specified number of connections to clients must be terminated for the corresponding notification to be sent. |
3600 |
|
single-alert-threshold |
Minimum number of connections to a single address that must be terminated during the count period for a single abnormally terminated connection notification to be sent (the Connection terminated abnormally notification). |
10 |
|
summary-alert-threshold |
Minimum number of connections that must be terminated during the count period for a summary notification about multiple abnormally terminated connections to be sent (the Large number of abnormally terminated connections detected notification). |
1000 |
|
min-session-duration |
If the duration of a terminated connection to a client is less than the specified value, then, when a specified number of connections is reached, a notification about single terminated connections (the Connection terminated abnormally notification) will be sent regardless of the count period. The connection must not be terminated later by longer connections, and the notification about multiple abnormally terminated connections must not be sent (the Large number of abnormally terminated connections detected notification). |
300 |
•<default-lang value="" />
Default language used by Dr.Web Server components and systems if the language settings could not be obtained from the Dr.Web Server database. In particular, it is used by Dr.Web Security Control Center and the administrator notification system when the database is corrupted and the language settings cannot be obtained.
•<security-through-obscurity="" />
Configuration of security parameters that enhance security by hiding or deliberately misrepresenting some data.
The <security-through-obscurity> element contains the following child elements:
▫<server-header enabled="" />
▫<lower-case-uri enabled="" />
▫<hacker-misleading enabled="" />
Attribute description:
Attribute |
Allowed values for enabled |
Description |
Default value for enabled |
|---|---|---|---|
server-header |
yes | no |
Allows to hide the string with server details (Dr.Web Server version, OS version, loaded libraries), which makes it more difficult to exploit known vulnerabilities. Corresponds to the Return detailed header flag in the web server configuration. |
no |
lower-case-uri |
yes | no |
Converts all URIs in HTTP requests to lowercase. Corresponds to the Convert URI to lowercase flag in the web server configuration. |
no |
hacker-misleading |
yes | no |
When enabled, returns fake passwd, hosts, etc. in response to requests for files such as /etc/passwd, /etc/hosts, etc. (thus negating the Path/Directory Traversal vulnerability). There is no corresponding option in the current web server configuration. |
yes |