In this section
•Customizing Monitoring Settings
The component uses configuration parameters which can be found in the [SMBSpider] section of the integrated Appendix D. Dr.Web for UNIX File Servers Configuration File of Dr.Web for UNIX File Servers.
The section contains the following parameters:
Parameter |
Description |
|||
|---|---|---|---|---|
LogLevel {logging level} |
Logging level of the component. If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used. Default value: Notice |
|||
Log {log type} |
Logging method of the component. Default value: Auto |
|||
ExePath {path to file} |
Path to the executable file of the component. Default value: <opt_dir>/bin/drweb-smbspider-daemon. •For GNU/Linux: /opt/drweb.com/bin/drweb-smbspider-daemon. •For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-smbspider-daemon |
|||
Start {Boolean} |
Launch/do not launch the component by the Dr.Web ConfigD configuration daemon. When you specify the Yes value for this parameter, the configuration daemon starts the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately. Default value: No |
|||
SambaChrootDir {path to directory} |
Path to the root directory of the SMB file storage (can be redefined by the file server with the help of the chroot restriction). Used as a prefix inserted at the beginning of all paths to files and directories residing in the file server storage and describes the path relative to the root of the local file system. If not specified, the path to the file system root is used /. Default value: (not specified) |
|||
SmbSocketPath {path to file} |
Path to the socket file which enables interaction between SpIDer Guard for SMB and VFS SMB modules. The path is always relative and is a supplement for the path specified as the SambaChrootDir parameter value (if the SambaChrootDir parameter is empty, than the path to the file system root is supplemented /). Default value: var/run/.com.drweb.smb_spider_vfs |
|||
ActionDelay {time interval} |
Delay time between the moment when a threat is detected and the moment when SpIDer Guard for SMB applies the action specified for this threat type. During this time period, the file is blocked. Default value: 24h |
|||
MaxCacheSize {size} |
Size of cache used by VFS SMBmodules to store data on scanned files in monitored SMB directories. If 0 is specified, data is not cached. Default value: 10mb |
|||
[*] ExcludedPath {path to file or directory} |
Path to the shared directory object which must be skipped during scanning. You can specify a directory or file path. It is also possible to use file masks (which contain the characters '?' and '*', as well as character classes '[ ]', '[! ]', '[^ ]'). You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list). Example: Add to the list the files /etc/file1 and directory /usr/bin. 1.Adding of values to the configuration file. •Two values in one string:
•Two strings (one value per a string):
2.Adding values via the command drweb-ctl cfset:
If a directory is specified, all directory content will be skipped. Default value: (not specified) |
|||
[*] IncludedPath {path to file or directory} |
Path to the shared directory object, which must be scanned. You can specify a directory or file path. It is also possible to use file masks (that contain the characters '?' and '*', as well as character classes '[ ]', '[! ]', '[^ ]'). You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list). Example: Add to the list the files /etc/file1 and directory /usr/bin. 1.Adding values to the configuration file. •Two values in a line:
•Two lines (a value per line):
2.Adding values via the command drweb-ctl cfset:
If a directory is specified, all directory content will be scanned. Note that this parameter has higher priority than the ExcludedPath parameter (see above); that is, if the same object (file or directory) is specified in both parameter values, this object will be scanned. Default value: (not set) |
|||
[*] AlertFiles {Boolean} |
Create a text file with the explanation of the reason for blocking for each blocked object. The created file will be named as <name of the blocked file>.drweb.alert.txt. Allowed values: •Yes—create files describing the reasons why the object was blocked; •No—do not create files. Default value: Yes |
|||
[*] OnKnownVirus {action} |
Action to be applied by Dr.Web for UNIX File Serverson detection of a known threat. Acceptable values: Block, Cure, Quarantine, Delete. Default value: Cure |
|||
[*] OnIncurable {action} |
Action to be applied by Dr.Web for UNIX File Servers on detection of an incurable threat. Acceptable values: Block, Quarantine, Delete. Default value: Quarantine |
|||
[*] OnSuspicious {action} |
Action to be applied by Dr.Web for UNIX File Servers on detection of an unknown threat (or suspicious objects) in course of heuristic. Acceptable values: Pass, Block, Quarantine, Delete. Default value: Quarantine |
|||
[*] OnAdware {action} |
Action to be applied by Dr.Web for UNIX File Servers on detection of adware. Acceptable values: Pass, Block, Quarantine, Delete. Default value: Pass |
|||
[*] OnDialers {action} |
Action to be applied by Dr.Web for UNIX File Servers on detection of a dialer. Acceptable values: Pass, Block, Quarantine, Delete. Default value: Pass |
|||
[*] OnJokes {action} |
Action to be applied by Dr.Web for UNIX File Servers to on detection of a joke. Acceptable values: Pass, Block, Quarantine, Delete. Default value: Pass |
|||
[*] OnRiskware {action} |
Action to be applied by Dr.Web for UNIX File Servers on detection of riskware. Acceptable values: Pass, Block, Quarantine, Delete. Default value: Pass |
|||
[*] OnHacktools {action} |
Action to be applied by Dr.Web for UNIX File Serverson detection of a hacktool. Acceptable values: Pass, Block, Quarantine, Delete. Default value: Pass |
|||
[*] BlockOnError {Boolean} |
Block access to a file when an attempt to cure it results with an error or when the license is not valid.
Allowed values: •Yes—block access to a file; •No—access to a file is not blocked. Default value: Yes |
|||
[*] ScanTimeout {time interval} |
Timeout for scanning one file initiated by SpIDer Guard for SMB. Acceptable values: from 1 second (1s) to 1 hour (1h). Default value: 30s |
|||
[*] HeuristicAnalysis {On | Off} |
Use heuristic analysis is for detection of unknown threats during the scanning initiated by SpIDer Guard for SMB. Heuristic analysis provides higher detection reliability but increases time of virus scanning. Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value. Allowed values: •On—use heuristic analysis when scanning; •Off—instructs not to use heuristic analysis. Default value: On |
|||
[*] PackerMaxLevel {integer} |
Maximum nesting level when scanning packed objects. A packed object is executable code compressed with special software (UPX, PELock, PECompact, Petite, ASPack, Morprine and so on). Such objects may include other packed objects which may also include packed objects. etc. he value of this parameter specifies the nesting limit beyond which packed objects inside other packed objects will not be scanned. The nesting level is not limited. If the value is set to 0, nested objects are not scanned. Default value: 8 |
|||
[*] ArchiveMaxLevel {integer} |
Maximum nesting level when scanning archives (zip, rar, and so on) in which other archives may be enclosed (and these archives may also include other archives, and so on). The value of this parameter specifies the nesting limit beyond which archives enclosed in other archives will not be scanned. The nesting level is not limited. If the value is set to 0, nested objects are not scanned. Default value: 0 |
|||
[*] MailMaxLevel {integer} |
Maximum nesting level when scanning files of mailers (pst, tbb and so on) in which other files may be enclosed (and these files may also include other files and so on). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned. The nesting level is not limited. If the value is set to 0, nested objects are not scanned. Default value: 8 |
|||
[*] ContainerMaxLevel {integer} |
Maximum nesting level when scanning other types objects inside which other objects are enclosed (HTML pages, jar-files, etc.). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned. The nesting level is not limited. If the value is set to 0, nested objects are not scanned. Default value: 8 |
|||
[*] MaxCompressionRatio {integer} |
Maximum compression ratio of scanned objects (ratio between the compressed size and uncompressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by SpIDer Guard for SMB. The compression ratio must not be smaller than 2. Default value: 500 |
Customizing Monitoring Settings
You can specify a different tag for each VFS SMB module which monitors each shared directory (file storage). You can do it in the configuration file of SMB server Samba (typically, this is smb.conf file). Unique tags for VFS SMB modules in smb.conf file are specified as follows:
smb_spider:tag = <share name> |
where <share name> is a unique tag assigned to a VFS SMB module, which controls some shared directory, by the Samba server.
If a VFS SMB module has a unique tag <share name>, you can create a separate section in the configuration file of Dr.Web for UNIX File Servers in addition to [SMBSpider]. The created section will store all configuration parameters for scanning a particular file storage protected by this VFS SMB module. The name of this section should look as follows: [SMBSpider.Share.<share name>].
Sections created for VFS SMB modules can contain parameters indicated with asterisk “[*]” in the abovementioned table. Other parameters cannot be specified in such individual sections as the parameter values configure operation of all VFS SMB modules operating with SMB directories monitor SpIDer Guard for SMB.
VFS SMB module uses parameter values from the general section [SMBSpider.Share.<share name>] if these parameters are not specified in the individual section [SMBSpider], created for this module. Thus, if no individual section, indicated with a tag, is created, all VFS SMB modules use the same parameters for monitoring shared directories. If you delete some parameter from the [SMBSpider.Share.<share name>] section, the parameter value for this section (and for the corresponding shared directory with <share name>) will be taken from the “parent” parameter with the same name from the general [SMBSpider] section; the default parameter value is not used in this case.
To add new section for the shared Samba directory with a tag <share name> using the Dr.Web Ctl command-line tool for Dr.Web for UNIX File Servers management (it is run by drweb-ctl command), use the command:
# drweb-ctl cfset SmbSpider.Share -a <share name> |
Example:
# drweb-ctl cfset SmbSpider.Share -a BuhFiles |
The first command adds the [SMBSpider.Share.BuhFiles] section to the configuration file; the second, changes OnAdware parameter value, so that the added section contains all parameters, marked with the “[*]” symbol in the abovementioned table, at that, values for all parameters specified in the command, except OnAdware, coincide with parameter values from the general [SMBSpider] section.