You can view a list of detected threats and manage a reaction to them on the Threats page.
This page contains the full list of threats detected by the components of Dr.Web for UNIX Mail Servers that monitor and scan the file system. At the top of the page, you can see a menu which allows filtration of threats according to their categories:
•All—show all detected threats (including both active and quarantined threats).
•Active—show only active threats, that is, those that were detected but not neutralized yet.
•Blocked—show those threats that were not neutralized, but access to files containing them was blocked for users.
•Quarantined—show quarantined threats.
•Errors—show threats the processing of which finished with an error.
To the right of the name of each category in the menu, a number of detected threats that fall into this category is displayed. To display threats of a required category, click its name in the menu.
|
Threats detected by the components that scan network traffic (SpIDer Gate, Dr.Web MailD), and also by Dr.Web ClamD are not displayed on the Threats page. To trace the threats detected by these components, you can monitor threat counters and receive notifications available via SNMP (the Dr.Web SNMPD component gives access to threat counters and notifications of incidents according to the Dr.Web MIB structure). |
For each threat, the following information is listed:
•File—name of a file that contains a malicious object (a file path is not specified).
•Owner—name of a user who owns the infected file.
•Component—name of a component that detected the threat.
•Threat—name of the threat that was detected in the file according to the classification used by the Doctor Web company.
For an object selected in the list, the following detailed information is displayed to the right of the list:
•name of the threat (displayed as a link that opens a page of the Dr.Web virus information library with a threat description);
•file size, in bytes;
•name of the component that detected the threat;
•date and time of threat detection;
•file last modification date and time;
•name of the user who owns the infected file;
•name of the group that includes the file owner;
•identifier that was assigned to the infected file (if the file was quarantined);
•full path to the file original location (at the moment of threat detection).
To select an object, click the corresponding line on the list. To select multiple objects, select the check boxes for the corresponding objects. To select all objects or cancel the selection at once, toggle the check box in the File field in the threat list header.
To apply actions to the objects selected on the list of threats, click the corresponding button on the toolbar that is located directly above the threat list. The toolbar contains the following buttons (note that some of them can be unavailable depending on the type of the selected threats):
|
Delete the selected files. |
|
Restore the selected files from quarantine to their original location. |
|
Apply an additional action to the selected files (available actions are specified in a drop-down list). The following additional actions are available: •Quarantine—quarantine the infected files. •Cure—try to cure the threats. •Ignore—ignore the threats detected in the selected files and remove the threats from the list. |
The Threats page also allows you to filter displayed threats based on a search query. To filter out unnecessary threats and display only those that correspond to the query, use the search box. The box is displayed on the right side of the toolbar and contains 
. To filter the threat list, enter a word in the search box. At that, all threats that do not have the entered word in their name or description will be hidden (the search is case-insensitive). To clear search results and display the unfiltered list, click 
in the search box or erase the word.