Operating Principles

The component allows sending the data not represented as files in the local file system for scanning into Dr.Web Scanning Engine engine (located on local or remote host). This data is process by the components which send data for scanning via (Dr.Web MailD, Dr.Web ClamD) connection. Mind that these components always use Dr.Web Network Checker for files transmission to Dr.Web Scanning Engine engine, even if it is located on local host. Thus, if Dr.Web Network Checker is unavailable, these components cannot work correctly.

In addition, Dr.Web Network Checker allows the Dr.Web for UNIX Mail Servers connection with a given set of nodes on the network with the Dr.Web for UNIX Mail Servers installed on them (or any other Dr.Web for UNIX solution 10.1 or later) in order to organize distributed checks data presence which is not represented as files in the local file system. Thereby, this component allows to create and configure a scanning cluster, which is a set of network nodes that exchange data for verification (each instance must have its own instance of the Dr.Web Network Checker distributed verification agent). On each node of the network included in the scanning cluster, Dr.Web Network Checker performs automatic distribution of tasks for scanning data, transferring it over the network to all available nodes with which the connection is configured. At the same time, the load balancing on nodes is performed, caused by data verification depending on the amount of resources available on remote nodes (as an indicator of the amount of resources available for load, the number of child scanning processes generated by the scanning core Dr.Web Scanning Engine on this node is used). The lengths of the files queues waiting for checking on each used node are also estimated.

In this case, any network node included in the scanning cluster can act as a scanning client that transmits data to a remote scan as well as a scanning server that receives data from the specified network nodes for verification. If necessary, the distributed scanning agent can be configured so that the node acts only as a scanning server or only as a scanning client.

The data received via network for scanning is saved to the local file system as temporary files and are sent to Dr.Web Scanning Engine engine or, in case if it is unavailable, to the other node of the scanning cluster.

The InternalOnly parameter, which you can find in settings, allows to manage the Dr.Web Network Checker operation mode. It indicates if Dr.Web Network Checker is used for including Dr.Web for UNIX Mail Servers to the scanning cluster or for internal purposes of the Dr.Web for UNIX Mail Servers local components only.

You can create your own component (external application) which will use Dr.Web Network Checker to check the files (including distributing the scanning jobs to the nodes of the scanning cluster). For this, the Dr.Web Network Checker component provides a custom API based on the Google Protobuf technology. The Dr.Web Network Checker API, as well as client application sample code that uses Dr.Web Network Checker, are supplied as part of drweb-netcheck package.

The example of creating the scanning cluster can be found in Creating the Scanning Cluster section.