Monitoring Network Connections

Continuous control of established network connections is performed by SpIDer Gate. It restricts access to websites added to user black lists or belonging to categories marked as unwanted for visiting. In addition, SpIDer Gate scans:

•incoming and outgoing email messages, including attachments (among other things, for signs of spam);

If SpIDer Gate detects a threat in the scanned object, its receiving or sending is blocked.

The Dr.Web for Linux graphical management interface allows you to configure the operation of SpIDer Gate:

•view the number of scanned and blocked objects and attempts to access websites;

Threats in email messages can be detected by the SpIDer Guard file system monitor (if enabled) at the moment of their saving by the mail client to the local file system.

You can start and stop the SpIDer Gate network connection monitor and view statistics on its operation on the specialized page of Dr.Web for Linux. To access this page, click SpIDer Gate on the main page.

On the page for monitoring network connections, the following information is displayed:

•state of the SpIDer Gate network connection monitor (enabled or disabled) and details on errors if they occurred during the component operation;

▪average speed of scanning email messages and files downloaded from the internet;

▪number of scanned objects (email messages, files downloaded from the internet and URLs);

To enable monitoring, if disabled, click Enable. To disable monitoring, if enabled, click Disable.

To disable monitoring network connections, the application must operate with elevated permissions; refer to the Managing Application Privileges section.

The option to enable and disable the SpIDer Gate network connection monitor when Dr.Web for Linux is managed by a centralized protection server can be blocked if disabled by the server.

State of the SpIDer Gate network connection monitor (enabled or disabled) is indicated as follows:

	SpIDer Gate is enabled and controls network connections (sending and receiving email messages and accessing the internet).
	SpIDer Gate does not control network connections (access to websites is not restricted, email messages being received and sent and downloaded files are not scanned) because either the user disabled the component or an error occurred.

If a mail client (such as Mozilla Thunderbird) is running that uses the IMAP protocol to receive email messages, it is necessary to restart such a mail client after enabling the SpIDer Gate monitor to ensure scanning of incoming email messages.

To close the page for monitoring network connections, go to another page by using the buttons in the pane.

The SpIDer Gate network connection monitor can be configured in the settings window:

•on the SpIDer Gate tab—setting the list of blocked website categories and reaction to the detected threats;

•on the Exclusions tab—managing the black and white lists of websites and exclude application network activity from monitoring;

If an error occurs in operation of the network connection monitor, the management page displays the error message. To solve the issue, refer to the description of known errors in the Appendix D. Known Errors section.

Depending on the distribution, Dr.Web Anti-Spam can be not bundled with Dr.Web for Linux. In this case, email messages are not scanned for signs of spam.

If any email messages are falsely detected by the Dr.Web Anti-Spam component, we recommend you to forward them to special addresses for analysis and improvement of spam filter quality. To do that, save each message to a separate .eml file. Attach the saved files to an email message and forward it to the corresponding service address:

•nonspam@drweb.com—if it contains email files erroneously recognized as spam;

•spam@drweb.com—if it contains spam email files failed to be recognized as spam.