Dr.Web Ctl

In this section

General Information

Remote host scanning

General Information

You can manage operation of Dr.Web for UNIX Mail Servers from the command line of the operating system. For that, you can use the special Dr.Web Ctl utility (drweb-ctl). You can use it to perform the following operations:

Start scanning file system objects including boot records.

Launch of scanning of files on remote network hosts (see note below).

Start updating anti-virus components (virus databases, the scan engine, and so on depending on the distribution).

View and change parameters of the Dr.Web for UNIX Mail Servers configuration.

View the status of the Dr.Web for UNIX Mail Servers components and statistics on detected threats.

Connect to the centralized protection server or disconnect from it.

View quarantine and manage quarantined objects (via the Dr.Web File Checker component).

Connect to the centralized protection server or disconnect from it.

User commands to control Dr.Web for UNIX Mail Servers will only take effect if the Dr.Web ConfigD configuration daemon is running (by default, it is automatically run on system startup).

Note that some control commands require superuser privileges.

To elevate privileges, use the su command (change the current user) or the sudo command (run the specified command as another user).

The drweb-ctl tool supports auto-completion of commands for managing Dr.Web for UNIX Mail Servers operation if this option is enabled your command shell. If the command shell does not allow auto-completion, you can configure this option. For that purpose, refer to the instruction manual for the used OS distribution.

When shutting down, the tool returns the exit code according to convention for the POSIX compliant systems: 0 (zero)—if an operation is successfully completed, non-zero—if otherwise.

Note that the tool only returns a non-null exit code in the case of internal error (for example, the tool could not connect to a component, the requested operation could not be executed, and so on). If the tool detects and possibly neutralizes a threat, it returns the null exit code, because the requested operation (such as scan, and so on) is successfully completed. If you need to define the list of the detected threats and applied actions, analyze the messages displayed on the console.

Codes of all errors are listed in the Appendix F. Known Errors section.

Remote host scanning

Dr.Web for UNIX Mail Servers allows you to scan files located on remote network hosts for threats. Such hosts can be not only fully-featured computing machines, such as workstations and servers, but also routers, set-top boxes, and other smart devices of the Internet of Things. To perform the remote scanning, the remote host has to provide a remote terminal access via SSH (Secure Shell) or Telnet. To access the device, you need to know an IP address and a domain name of the remote host, as well as the credentials of the user that can remotely access the system via SSH or Telnet. This user must have access rights to the scanned files (at least the reading rights).

This function can be used only for detection of malicious and suspicious files on a remote host. Elimination of threats (i.e. isolation in the quarantine, removal, and cure of malicious objects) using remote scanning is impossible. To eliminate the detected threats on the remote host, use administration tools provided directly by this host. For example, for routers and other smart devices, update the firmware; for computing machines, establish a connection (in a remote terminal mode, as one of the options) and perform the respective operations in the file system (remove or move files, etc.), or run the anti-virus software installed on them.

Remote scanning is only performed via the command-line tool drweb-ctl (using the command remotescan).

 

 

Details:

Command-Line Call Format

Usage Examples

Configuration Parameters