The quarantine of Dr.Web for UNIX Mail Servers is a system of directories designated to isolate files containing detected threats that cannot be currently cured for some reason. For example, a detected threat can be incurable because Dr.Web for UNIX Mail Servers is still not aware of it (for example, the threat was detected by the heuristic analyzer, but the virus databases do not cover the threat signature and a method to cure) or curing causes errors. Moreover, a file can be quarantined at user request if the user selected the corresponding action in the list of detected threats or specified this action in settings as a reaction to threats of a specific type.
When a file is quarantined, it is renamed according to special rules to prevent its identification by users and applications and inhibit access to it by bypassing quarantine management tools implemented in Dr.Web for UNIX Mail Servers. Moreover, when a file is quarantined, its execution bit is always reset to prevent an attempt to run this file.
Quarantine directories are located in:
•user home directory (if multiple user accounts exist on the computer, a separate quarantine directory can be created for each of the users);
•root directory of each logical volume mounted on the file system.
Dr.Web quarantine directories are always named .com.drweb.quarantine and are not created until the Quarantine action is applied. At that, only a directory required for isolation of the file is created. When selecting the directory, the name of the file owner is used. Search is performed upwards from the directory containing the file to the file system root /; if the home directory of the owner is reached, the file is isolated in the quarantine directory under the home directory. Otherwise, the file is isolated in the quarantine directory created under the root directory of the volume (which is not always the same as the file system root directory). Thus, any infected file put in quarantine is always kept on the same volume, which provides for correct operation of quarantine in case there are removable data storage devices and other volumes that can be mounted in the file system occasionally and on different mount points.
A user can manage quarantine contents from the command line using the Dr.Web Ctl utility, or via the management web interface (if it is installed). All currently available quarantine directories containing isolated objects are always processed as a single entity.
|
You can manage quarantine even if no active license was found; however, isolated objects cannot be cured in this case.
Not all anti-virus components of Dr.Web for UNIX Mail Servers can use quarantine for threat isolation. For example, it is not used by Dr.Web ClamD and Dr.Web MailD components. |
