Configuration Parameters

The component uses configuration parameters which can be found in the [NSS] section of the integrated configuration file of Dr.Web for UNIX File Servers.

The section contains the following parameters:

Parameter

Description

LogLevel

{logging level}

Logging level of the component.

If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method of the component.

Default value: Auto

LogProtocol

{Boolean}

Indicates whether protocol messages are registered in the log file of NSS volume monitor SpIDer Guard for NSS.

Allowed values:

Yes—messages are registered;

No—messages are not registered.

Default value: No

ExePath

{path to file}

Path to the executable file of the component.

Default value: <opt_dir>/bin/drweb-nss.

For GNU/Linux: /opt/drweb.com/bin/drweb-nss

Start

{Boolean}

The component must be launched by the Dr.Web ConfigD configuration daemon.

When you specify the Yes value for this parameter, it instructs the configuration daemon to start the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately.

Default value: No

ProtectedVolumes

{volume name}

Names of NSS file system volumes mounted on the NSS volumes and protected by the suite. If no value is specified, all volumes in the NSS volume mounting point must be protected.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list of volumes vol1 and vol2.

1.Adding of values to the configuration file.

Two values in one string:

[NSS]
ProtectedVolumes = "vol1", "vol2"

Two strings (one value per a string):

[NSS]
ProtectedVolumes = vol1
ProtectedVolumes = vol2

2.Adding values via the command drweb-ctl cfset:

# drweb-ctl cfset NSS.ProtectedVolumes -a vol1
# drweb-ctl cfset NSS.ProtectedVolumes -a vol2

Default value: (not set)

ExcludedPath

{path to file or directory}

Path to the object which must be skipped during scanning. You can specify a directory or file path. If a directory is specified, all directory content including subdirectories will be skipped. The exception is objects paths to which are specified in the parameter IncludedPath—such objects will be scanned.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list the files /etc/file1 and directory /usr/bin.

1.Adding of values to the configuration file.

Two values in one string:

[NSS]
ExcludedPath = "/etc/file1", "/usr/bin"

Two strings (one value per a string):

[NSS]
ExcludedPath = /etc/file1
ExcludedPath = /usr/bin

2.Adding values via the command drweb-ctl cfset:

# drweb-ctl cfset NSS.ExcludedPath -a /etc/file1
# drweb-ctl cfset NSS.ExcludedPath -a /usr/bin

The parameter allows to use file masks (wildcards). Case sensitivity of the indicated paths is defined by the NSS settings.

Paths in the list must be relative to a path indicated in the NSS volume mounting point.

Default value: (not set)

IncludedPath

{path to file or directory}

Path to the object which must be scanned. You can specify a directory or file path. If a directory is specified, all directory content will be scanned.

This parameter can be used only if you want to allow scanning of separate objects (files and subdirectories) paths to which is specified in the parameter ExcludedPath. In addition, this parameter has priority over the parameter ExcludedPath: if a path to an object is specified in the both parameters, this object will be scanned.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list the files /etc/file1 and directory /usr/bin.

1.Adding of values to the configuration file.

Two values in a line:

[NSS]
IncludedPath = "/etc/file1", "/usr/bin"

Two strings (one value per line):

[NSS]
IncludedPath = /etc/file1
IncludedPath = /usr/bin

2.Adding values via the command drweb-ctl cfset:

# drweb-ctl cfset NSS.IncludedPath -a /etc/file1
# drweb-ctl cfset NSS.IncludedPath -a /usr/bin

The parameter allows to use file masks (wildcards). Case sensitivity of the indicated paths is defined by the NSS settings.

Paths in the list must be relative to a path indicated in the NSS volume mounting point.

Default value: (not set)

OnKnownVirus

{action}

Action to be applied by Dr.Web for UNIX File Servers to a known threat (virus, and so on).

Acceptable values: Cure, Quarantine, Delete.

Default value: Cure

OnIncurable

{action}

Action to be applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed).

Acceptable values: Quarantine, Delete.

Default value: Quarantine

OnSuspicious

{action}

Action to be applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected in course of heuristic analysis.

Acceptable values: Report, Quarantine, Delete.

Default value: Quarantine

OnAdware

{action}

Action to be applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by NSS volume monitor.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnDialers

{action}

Action to be applied by Dr.Web for UNIX File Servers on detection of a dialer.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnJokes

{action}

Action to be applied by Dr.Web for UNIX File Servers on detection of joke programs.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnRiskware

{action}

Action to be applied by Dr.Web for UNIX File Servers on detection of riskware.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnHacktools

{action}

Action to be applied by Dr.Web for UNIX File Servers to on detection of a hacktool.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnError

{action}

Action applied by Dr.Web for UNIX File Servers to files that caused an error during the scanning initiated by NSS volume monitor.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

ScanTimeout

{time interval}

Timeout for scanning one file.

Acceptable values: from 1 second (1s) to 1 hour (1h)

Default value: 30s

HeuristicAnalysis

{On | Off}

Use heuristic analysis for detection of unknown threats. Heuristic analysis provides higher detection reliability but increases the duration of virus scanning.

Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value.

Allowed values:

On—use heuristic analysi;

Off—do not use heuristic analysis.

Default value: On

PackerMaxLevel

{integer}

Maximum nesting level for packed objects. A packed object is executable code compressed with special software (UPX, PELock, PECompact, Petite, ASPack, Morprine and so on). Such objects may include other packed objects which may also include packed objects. etc. The value of this parameter specifies the nesting limit beyond which packed objects inside other packed objects will not be scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 8

ArchiveMaxLevel

{integer}

Maximum nesting for archives (zip, rar, and so on) in which other archives may be enclosed (and these archives may also include other archives, and so on). The value of this parameter specifies the nesting limit beyond which archives enclosed in other archives will not be scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 0

MailMaxLevel

{integer}

Maximum nesting level for files of mailers (pst, tbb and so on) in which other files may be enclosed (and these files may also include other files and so on). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 8

ContainerMaxLevel

{integer}

Maximum nesting level for containers, i.e. other types objects inside which other objects are enclosed (HTML pages, jar-files, etc.). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 8

MaxCompressionRatio

{integer}

Maximum compression ratio of scanned objects (ratio between the compressed size and uncompressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by NSS volume monitor.

The compression ratio must not be smaller than 2.

Default value: 500

If Quarantine action is specified for some threat type in NSS volumes monitor settings, the object containing a threat of this type will be placed to quarantine again on attempt to restore this object from quarantine to an NSS volume. For example, the following default settings:

NSS.OnKnownVirus = Cure
NSS.OnIncurable = Quarantine

move all incurable objects to quarantine. At that, when any incurable object is restored from quarantine to an NSS volume, this object is automatically returned to quarantine.