Operating Principles

The component is designed to check both the content of files in the local file system and the streams of data transmitted by an external application via a socket. Such checks are performed by the component at the request of an external application. Moreover, the component can check the content of those files for which an external application passed an open file descriptor via a socket.

File scans based on a passed file descriptor can be performed only if the descriptor was passed via a local UNIX socket.

If an external application has provided a path to a file in the local file system, the component sends the scanning task to the Dr.Web File Checker file checker component; otherwise, the component transmits data, received via the socket, to the Dr.Web Network Checker.

By default, the component is not automatically launched upon the startup of Dr.Web for UNIX Mail Servers. To enable starting of the component, it is necessary to set the Yes value for the Start parameter and to define at least one connection point for client applications. After that, the component starts waiting for external application requests to scan files or data streams. In the component settings, you can configure several connection points for external applications and adjust different scanning settings for each of the points, if required.

The external applications could be represented as mail servers (such as Postfix and Exim), if they are equipped with the integration module with clamd. For details, see section Integration with External Applications.

Detected threats cannot be neutralized by Dr.Web for UNIX Mail Servers; the external application receives only the results of the scanning. Thus, any detected threats should be neutralized by the external application.