SpIDer Gate

The component for monitoring network traffic and URLs SpIDer Gate is designed to check data (downloaded from the network to the local computer and to the network from the local host) for threats and to prevent connections with the network hosts, included to the unwanted categories of web resources and to the black lists defined by the administrator.

In the component settings there is an opportunity to indicate types of protocols for scanning. The component contains an analyzer of a protocol type used to send data via a checked connection. If it is determined that the protocol is a mail one, the analysis and search for threats use the Dr.Web MailD email message component for scanning.

To check whether an URL belongs to any of the categories (used for scanning of connections that utilize the HTTP/HTTPS protocol), the component not only uses the database of web resource categories, which is updated regularly from the Doctor Web update servers, but also refers to the Dr.Web Cloud service. Doctor Web keeps track of the following web resources categories:

•InfectionSource—websites containing malicious software (“infection sources”).

•NotRecommended—fraudulent websites (that use “social engineering”) visiting which is not recommended.

•AdultContent—websites that contain pornographic or erotic materials, dating sites, and so on.

•Violence—websites that encourage violence or contain materials about various fatal accidents, and so on.

•Weapons—websites that describe weapons and explosives or provide information on their manufacturing.

•Gambling—websites that provide access to online games of chance, casinos, auctions, including sites for placing bets, and so on.

•Drugs—websites that promote use, production or distribution of drugs, and so on.

•ObsceneLanguage—websites that contain the obscene language (in titles, articles, and so on).

•Terrorism—websites that contain aggressive and propaganda materials or terroristic attacks descriptions, and so on.

•FreeEmail—websites that offer the possibility of free registration of an email.

•SocialNetworks—different social networking services: general, professional, corporate, interest-based; thematic dating sites.

•DueToCopyrightNotice—websites, links to which are defined by the copyright holders of some copyrighted work (movies, music, and so on).

•OnlineGames—websites that provide access to games using the permanent internet connection.

•Anonymizers—websites that allow the user to hide personal information and providing the access to the blocked web resources.

•CryptocurrencyMiningPool—websites that provide an access to common services for cryptocurrencies mining.

System administrator can specify the hosts accessing which is unwanted, based on the categories to which the hosts belong. Additionally, a user can configure one’s own black lists to block the access to the necessary hosts, and white lists, to allow the access. The access to the hosts of white lists will be allowed, even if the hosts belong to the unwanted categories. If there is no information about URLs in the local black lists and database of web resources categories, the component can refer to Dr.Web Cloud service to check for the information whether these URLs are malicious, which is received from other Dr.Web products on a real-time basis.

One and the same website can belong simultaneously to several categories. Access to such website is blocked even if it belongs to any of the unwanted categories.

Even if the website is included to the white list, data (sent and downloaded from the website) is scanned for threats.

In case of high intensity of the scanning of files transferred via the HTTP protocol, there is a possibility of having problems with scanning due to depletion of the number of available file descriptors by the Dr.Web Network Checker component. In this case, it is necessary to increase the limit of the number of file descriptors available to Dr.Web for UNIX Mail Servers.