Main Functions

Dr.Web for Linux provides you with the following features:

1.Detection and neutralization of malicious programs (for example, viruses, including those that infect mailboxes and boot records, Trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers).

Dr.Web for Linux uses several malware detection methods simultaneously:

signature analysis, which allows detection of known threats

heuristic analysis, which allows detection of threats that are not present in virus databases

The Dr.Web Cloud service, which collects the most recent information on threats from several Dr.Web anti-virus products

Note that the heuristics analyzer may raise false alarms. As an object can be erroneously considered malicious, all threats detected by the heuristics analyzer are treated as suspicious. So, it is recommended not to delete such threats but move them to quarantine and send to Doctor Web Virus Laboratory for analysis. For details on methods used to neutralize computer threats, refer to Fighting computer Threats (Appendix B).

System objects are scanned at user request or automatically, according to the scheduled. The user can launch scanning of all accessible file system objects (including both files and boot records) as well as select custom scan when only specified files, directories, and boot records are scanned. Also it is possible to scan only binary executable files containing code of currently running processes. If a threat is detected in such case, not only the malicious object is neutralized but also the active process is terminated.

2.Monitoring access to data files and attempts to run executables. This feature allows detection and neutralization of malware right at the moment of an infection attempt.

3.Monitoring access to the Internet. This feature allows to control attempts to access Internet servers and, if required, block those websites that are added to black lists. Files downloaded from the Internet are checked "on the fly" for viruses and other threats. To restrict access to unwanted websites, Dr.Web for Linux uses subject black lists (delivered with Dr.Web for Linux and updated automatically) and user black and white lists (configured by the user).

The current product version does not support monitoring of Internet access via secure protocols such as HTTPS.

4.Reliable isolation of infected or suspicious objects. Such objects are moved to a special storage, quarantine, to prevent any harm to the system. When moving to quarantine, objects are renamed according to special rules and, if necessary, they can be restored to their original location only at user request.

5.Automatic update of Dr.Web virus databases and engine to enable Dr.Web for Linux to use the most recent information about known malicious software.

6.Operation in central protection mode (when connected to the central protection server, such as Dr.Web Enterprise Server or as a part of Dr.Web AV-Desk service). This mode allows implementation of a unified security policy on computers within the protected network. It can be a corporate network, a private network (VPN), or a network of a service provider (for example, a provider of Internet service).

Because using the Dr.Web Cloud requires transmitting some data about user activity (such as the list of requested URLs), the Dr.Web Cloud service is only active when it is authorized by the user manually. So, the user can disable the Dr.Web Cloud service at the any moment, whenever it is necessary, in the program settings.