Brief Instructions

In this section

Working with Email Servers:

How to Connect Dr.Web for UNIX Mail Servers to an MTA as a Filter via Milter, Spamd, or Rspamd

How to Connect Dr.Web for UNIX Mail Servers to an MTA as a Clamd Anti-Virus Filter

How to Configure Dr.Web for UNIX Mail Servers in the SMTP Proxy Mode

How to Configure the Transparent Proxy Mode for an MTA

General Operation of Dr.Web for UNIX Mail Servers:

How to Restart Dr.Web for UNIX Mail Servers

How to Connect to a Centralized Protection Server

How to Disconnect From a Centralized Protection Server

How to Activate Dr.Web for UNIX Mail Servers

How to Upgrade Dr.Web for UNIX Mail Servers

How to Add or Remove a Component of Dr.Web for UNIX Mail Servers

How to Manage Dr.Web for UNIX Mail Servers Component Operation

How to View the Log of Dr.Web for UNIX Mail Servers

 

How to Connect Dr.Web for UNIX Mail Servers to an MTA as a Filter via Milter, Spamd, or Rspamd

Follow the instructions provided in the Integration with MTA as a filter section.

How to Connect Dr.Web for UNIX Mail Servers to an MTA as a Clamd Anti-Virus Filter

Follow the instructions provided in the Integration with External Applications section.

In this case, special component Dr.Web MailD designed for email scanning (including scanning for the signs of spam) is not used. Email messages transmitted by an MTA will be scanned by the anti-virus only. In case of threat detection, the message processing is performed directly by the mail server.

How to Configure Dr.Web for UNIX Mail Servers in the SMTP Proxy Mode

Follow the instructions provided in the Using Dr.Web for UNIX Mail Servers in SMTP Proxy Mode section.

How to Configure the Transparent Proxy Mode for an MTA

Follow the instructions provided in the Using Dr.Web for UNIX Mail Servers in Transparent Proxy Mode section.

How to Restart Dr.Web for UNIX Mail Servers

To restart already running Dr.Web for UNIX Mail Servers, you can use the script that controls the Dr.Web ConfigD configuration daemon. Starting, stopping, or restarting the daemon will respectively start, stop or restart Dr.Web for UNIX Mail Servers.

The script that controls the operation of Dr.Web ConfigD is stored in the standard OS directory (/etc/init.d/ for GNU/Linux; /usr/local/etc/rc.d/ for FreeBSD) and is named drweb-configd. The script has the following parameters:

Parameter

Description

start

Start Dr.Web ConfigD if it is not running. Upon starting, Dr.Web ConfigD starts all the required components of Dr.Web for UNIX Mail Servers.

stop

Shut down Dr.Web ConfigD if it is running. Upon shutting down, Dr.Web ConfigD shuts down all the components of Dr.Web for UNIX Mail Servers.

restart

Restart (shut down and start) Dr.Web ConfigD. Dr.Web ConfigD shuts down and starts all the components of Dr.Web for UNIX Mail Servers. If Dr.Web ConfigD is not running, the parameter has the same effect as start.

condrestart

Restart Dr.Web ConfigD only if it is running.

reload

Send a HUP signal to Dr.Web ConfigD if it is running. Dr.Web ConfigD forwards this signal to all the components of Dr.Web for UNIX Mail Servers. The parameter is used to make all Dr.Web for UNIX Mail Servers components reread their configuration.

status

Output the current state of Dr.Web ConfigD to the console.

For example, to restart Dr.Web for UNIX Mail Servers (or start it, if it is not running) on GNU/Linux, use the following command:

# /etc/init.d/drweb-configd restart

How to Connect to a Centralized Protection Server
 

1.Obtain a centralized protection server address and certificate file from your anti-virus network administrator. You may also need additional parameters, such as an identifier and a password for your workstation or identifiers of the main group and the tariff group.

2.Use the esconnect command of the Dr.Web Ctl command-line tool bundled with Dr.Web for UNIX Mail Servers.

To establish a connection, you must use the --Certificate parameter by specifying a path to the certificate file of the server. You can additionally enter an identifier of your host (“station” in the terms of the centralized protection server) and a password for authentication on the server, if you know them, by using the --Login and --Password parameters. If these parameters are specified, connection to the server will be established only if you specify a correct identifier-password pair. If the parameters are not specified, connection to the server will be established only if it is approved for the server (automatically or by the administrator of the anti-virus network, depending on the server settings).

Moreover, you can use the --Newbie parameter (connect as a new user). If this mode is allowed on the server, after this connection is approved, the server automatically generates a unique identifier-password pair for this host, which will be further used to connect it to the server.

In this mode the centralized protection server generates a new account for the host even if this host already has another account on the server.

A standard example of the command to connect Dr.Web for UNIX Mail Servers to the centralized protection server:

# drweb-ctl esconnect <server address> --Certificate <path to the server certificate file>

After establishing a connection to the centralized protection server, Dr.Web for UNIX Mail Servers will operate in the centralized protection mode or in the mobile mode, depending on permissions set on the server and the value of the MobileMode configuration parameter of the Dr.Web ES Agent component. To force the mobile mode, set the parameter value to On. For operation in the centralized protection mode, set the parameter value to Off.

A standard example of the command to switch Dr.Web for UNIX Mail Servers, which is connected to the centralized protection server, to the mobile mode is as follows:

# drweb-ctl cfset ESAgent.MobileMode On

If the centralized protection server in use does not support or does not allow the mobile mode, changing the MobileMode parameter value will not switch Dr.Web for UNIX Mail Servers to the mobile mode.

How to Disconnect From a Centralized Protection Server

To disconnect Dr.Web for UNIX Mail Servers from the centralized protection server and switch to the standalone mode, use the esdisconnect command of the Dr.Web Ctl command-line tool bundled with Dr.Web for UNIX Mail Servers:

# drweb-ctl esdisconnect

To use Dr.Web for UNIX Mail Servers in the standalone mode, a valid license key file is required. Otherwise, anti-virus functions of Dr.Web for UNIX Mail Servers will be blocked after switching to the standalone mode.

How to Activate Dr.Web for UNIX Mail Servers
 

1.Register on the website of the Doctor Web company at https://products.drweb.com/register/v4.

2.You will receive an archive containing a valid license key file at the email address that you specified during the registration (you can also download this archive directly from the website after you have finished the registration).

3.Install the key file.

How to Upgrade Dr.Web for UNIX Mail Servers

Update component versions or upgrade to a new version.

You may be asked to remove the current version of Dr.Web for UNIX Mail Servers.

How to Add or Remove a Component of Dr.Web for UNIX Mail Servers

Follow the Custom Component Installation and Uninstallation procedure.

When installing and uninstalling a component, other Dr.Web for UNIX Mail Servers components can be additionally installed or uninstalled to resolve dependencies.

How to Manage Dr.Web for UNIX Mail Servers Component Operation

To view the status of Dr.Web for UNIX Mail Servers components and to manage their operation, you can use:

The Dr.Web Ctl command-line management tool (use the drweb-ctl appinfo, drweb-ctl cfshow and drweb-ctl cfset commands. To view the list of available management commands, use the drweb-ctl --help command).

The management web interface of Dr.Web for UNIX Mail Servers (you can access it via a web browser at https://127.0.0.1:4443 by default).

How to View the Log of Dr.Web for UNIX Mail Servers

By default, the unified log of all Dr.Web for UNIX Mail Servers components is output to syslog (a file used by the system component syslog to log messages; the file depends on the system and is located in the /var/log directory). Unified log settings are defined in the configuration file in the [Root] section (Log and DefaultLogLevel parameters). Log and LogLevel parameters are provided for each component in its settings section. They set the log storage location and the logging level of messages output by the component to the log.

You can also use the drweb-ctl log command.

To change the logging settings, use the Dr.Web Ctl command-line management tool and the Dr.Web for UNIX Mail Servers management web interface (if it is installed).

To identify errors, we recommend you to store output of the unified log of all components in a separate file and enable output of detailed debug information. For that, run the following commands:

# drweb-ctl cfset Root.Log <log path>
# drweb-ctl cfset Root.DefaultLogLevel DEBUG

To restore the default logging method and verbosity level for all components, run the following commands:

# drweb-ctl cfset Root.Log -r
# drweb-ctl cfset Root.DefaultLogLevel -r