Usage Examples

Examples for file selection for scanning are listed below and use the result of the find utility operation. The obtained list of files is sent to the drweb-ctl scan command with the --stdin or --stdin0 parameter.

1.Scan listed files returned by the utility find and separated with the NUL ('\0') character:

$ find -print0 | drweb-ctl scan --stdin0

2.Scan all files in all directories, starting from the root directory, on one partition of the file system:

$ find / -xdev -type f | drweb-ctl scan --stdin

3.Scan all files in all directories, starting from the root directory, with the exception of the /var/log/messages and /var/log/syslog files:

$ find / -type f ! -path /var/log/messages ! -path /var/log/syslog | drweb-ctl scan --stdin

4.Scan all files of the root user in all directories, starting from the root directory:

$ find / -type f -user root | drweb-ctl scan --stdin

5.Scan files of the root and admin users in all directories, starting from the root directory:

$ find / -type f $ -user root -o -user admin $ | drweb-ctl scan --stdin

6.Scan files of users with UID in the range 1000–1005 in all directories, starting from the root directory:

$ find / -type f -uid +999 -uid -1006 | drweb-ctl scan --stdin

7.Scan files in all directories, starting from the root directory, with a nesting level not more than five:

$ find / -maxdepth 5 -type f | drweb-ctl scan --stdin

8.Scan files in a root directory ignoring files in subdirectories:

$ find / -maxdepth 1 -type f | drweb-ctl scan --stdin

9.Scan files in all directories, starting from the root directory, with following all symbolic links:

$ find -L / -type f | drweb-ctl scan --stdin

10.Scan files in all directories, starting from the root directory, without following symbolic links:

$ find -P / -type f | drweb-ctl scan --stdin

11.Scan files created not later than May 1, 2017 in all directories, starting with the root directory:

$ find / -type f -newermt 2017-05-01 | drweb-ctl scan --stdin

1.3. Scanning of Additional Objects

1.Scanning of objects located in the directory /tmp on the remote host 192.168.0.1 by connecting to it via SSH as a user user with the password passw:

$ drweb-ctl remotescan 192.168.0.1 /tmp --Login user --Password passw

2.Scanning of a mail message saved in the file email.eml, using the default set of rules:

$ drweb-ctl checkmail email.eml

2. Configuration Management

1.Display information on a current Dr.Web for UNIX Mail Servers package, including information about running components:

$ drweb-ctl appinfo

2.Output all parameters from the [Root] section of the active configuration:

$ drweb-ctl cfshow Root

3.Set 'No' as the value of the Start parameter in the [LinuxSpider] section of the active configuration (this will disable the SpIDer Guard file system monitor):

# drweb-ctl cfset LinuxSpider.Start No

Note that superuser privileges are required to perform this action. To elevate the privileges, you can use the sudo command, as shown in the following example:

$ sudo drweb-ctl cfset LinuxSpider.Start No

4.Force update of anti-virus components of Dr.Web for UNIX Mail Servers:

$ drweb-ctl update

5.Restart the component configuration of Dr.Web for UNIX Mail Servers:

# drweb-ctl reload

Note that superuser privileges are required to perform this action. To elevate the privileges, you can use the sudo command, as shown in the following example:

$ sudo drweb-ctl reload

6.Connect Dr.Web for UNIX Mail Servers to the centralized protection server operating on host 192.168.0.1 if the server certificate is located in the file /home/user/cscert.pem:

$ drweb-ctl esconnect 192.168.0.1 --Certificate /home/user/cscert.pem

7.Connect Dr.Web for UNIX Mail Servers to the centralized protection server using the settings.cfg configuration file:

$ drweb-ctl esconnect --cfg <path to the settings.cfg file>

8.Disconnecting Dr.Web for UNIX Mail Servers from the centralized protection server:

# drweb-ctl esdisconnect

Note that superuser privileges are required to perform this action. To elevate the privileges, you can use the sudo command, as shown in the following example:

$ sudo drweb-ctl esdisconnect

9.View the last log records made by the drweb-update and drweb-configd components in the Dr.Web for UNIX Mail Servers log:

# drweb-ctl log -c Update,ConfigD

3. Threats Management

1.Display information on detected threats:

$ drweb-ctl threats

2.Move all files containing threats which were not neutralized to quarantine:

$ drweb-ctl threats --Quarantine All

3.Display list of files moved to quarantine:

$ drweb-ctl quarantine

4.Restore all files from quarantine:

$ drweb-ctl quarantine --Restore All

5.Generate a password for a protected archive in the mail message with the identifier 12345, under condition that, for this email message, HMAC method of password generation has been used, and up-to-date secret word is indicated in the settings of Dr.Web MailD:

$ drweb-ctl idpass 12345

4. An Example of Operation in the Autonomous Copy Mode

1.Scan files and process quarantine in the autonomous copy mode:

$ drweb-ctl scan /home/user -a --OnKnownVirus=Quarantine
$ drweb-ctl quarantine -a --Delete All

The first command will scan files in the /home/user directory in the autonomous copy mode. Files containing known viruses will be moved to quarantine. The second command will process quarantine content (in the autonomous copy mode as well) and remove all the objects.