|
This component is included only in the distributions for GNU/Linux OSes. |
The component for monitoring network traffic and URLs SpIDer Gate is designed to scan data downloaded from the network to a local computer or passed to the network from a local host for threats and to prevent connections to network hosts covered by the unwanted categories of web resources and by the black lists defined by the administrator.
Types of protocols for scanning can be indicated in the component settings. The component contains an analyzer of a protocol type used to send data via a monitored connection. If it is determined that the protocol is a mail one, data scan and threat search are performed by the Dr.Web MailD email message component.
To check whether a URL belongs to any of the categories (to scan connections that utilize the HTTP/HTTPS protocol), the component not only uses the database of web resource categories, which is updated regularly from the Doctor Web update servers, but also refers to the Dr.Web Cloud service. Doctor Web keeps track of the following web resources categories:
•InfectionSource—websites containing malware (“infection sources”).
•NotRecommended—fraudulent websites (that use “social engineering”) visiting which is not recommended.
•AdultContent—websites that contain pornographic or erotic materials, dating sites, and so on.
•Violence—websites that encourage violence or contain materials about various fatal accidents, and so on.
•Weapons—websites dedicated to weapons and explosives or providing information on their manufacturing, and so on.
•Gambling—websites that provide access to online games of chance, casinos, auctions, including sites for placing bets, and so on.
•Drugs—websites that promote use, production or distribution of drugs, and so on.
•ObsceneLanguage—websites that contain the obscene language (in titles, articles, and so on).
•Chats—websites that offer a real-time exchange of text messages.
•Terrorism—websites that contain aggressive and propaganda materials or description of terrorist attacks, and so on.
•FreeEmail—websites that offer the possibility of free registration of an email box.
•SocialNetworks—social networking services: general, professional, corporate, interest-based; thematic dating websites.
•DueToCopyrightNotice—websites links to which are provided by the copyright holders of some copyrighted work (movies, music, and so on).
•OnlineGames—websites that provide access to games using a permanent internet connection.
•Anonymizers—websites allowing the user to hide personal information and providing access to blocked websites.
•CryptocurrencyMiningPool—websites that provide access to services for cryptocurrency mining.
•Jobs—job search websites.
The system administrator can specify unwanted categories of hosts. Additionally, the user can configure their own black lists of hosts access to which will be blocked, and white lists of hosts access to which will be allowed even if they belong to the unwanted categories. If there is no information about URLs in the local black lists and the database of web resources categories, the component can send requests to the Dr.Web Cloud service to check whether these URLs are malicious. This information is received from other Dr.Web products on a real-time basis.
|
One and the same website can belong simultaneously to several categories. Access to such website is blocked if it belongs to any of the unwanted categories.
Even if a website is included in the white list, the data downloaded from the website or sent to it is scanned for threats.
In case of high intensity of the scanning of files transferred via the HTTP protocol, issues with scanning can arise after available file descriptors are depleted by the Dr.Web Network Checker component. In this case, it is necessary to increase the limit on the number of file descriptors available to Dr.Web for UNIX Mail Servers. |
Details: