Operating Principles

The SpIDer Gate component monitors network connections initiated by user applications. The component checks whether a server to which a client application is trying to connect belongs to any of the web resource categories specified in the settings as unwanted. Moreover, the component can use the Dr.Web Cloud service to scan URLs. If the URL belongs to any of the unwanted categories (or is flagged by the Dr.Web Cloud service) or to a black list defined by your system administrator, the connection is terminated and an HTML page with a message of that access is denied is displayed (in case of an HTTP/HTTPS connection). The page is generated by SpIDer Gate on the basis of a template supplied with the component. This page contains a notification of that access to the requested resource is impossible and describes a reason for blocking. A similar page is displayed and returned to the client if SpIDer Gate detects a threat that must be blocked in the data being transmitted. If the connection uses a protocol different from HTTP(S), the component only checks for permission to establish a connection with this server. If a mail protocol (SMTP, POP3 or IMAP) is used, the Dr.Web MailD component for scanning of email messages is used to analyze data and search for threats. This component parses email messages on its own and extracts attached files and URLs. At that, the component uses the same blocking parameters as the SpIDer Gate component.

The Dr.Web Firewall for Linux service component redirects connections to remote servers established by client applications transparently to them and exercises dynamic control of the rules of NetFilter, a system component of Linux.

The same Dr.Web Updater component regularly and automatically updates databases of web resource categories from Doctor Web servers and virus databases for Dr.Web Scanning Engine. The Dr.Web Cloud service is maintained by the Dr.Web CloudD component (using the cloud service is configured in the general settings of Dr.Web Mail Security Suite and can be disabled, if necessary). To scan data being transmitted, SpIDer Gate uses a network scanning agent, Dr.Web Network Checker, which initiates data scanning via Dr.Web Scanning Engine.