In this section:
•List of Supported Operating System Distributions.
•Required Additional Components and Packages.
•Compatibility with Components of Operating Systems.
•Compatibility with Security Subsystems.
You can use Dr.Web for Linux on a computer that meets the following requirements:
Component |
Requirement |
|---|---|
Platform |
Processors of the following architectures and command systems are supported: •Intel/AMD: 32-bit (IA-32, x86); 64-bit (x86-64, x64, amd64) •ARM64 •E2K (Elbrus) •IBM POWER9, Power10 (ppc64el) |
Random Access Memory (RAM) |
At least 500 MB of free RAM (1 GB or more recommended). |
Space on |
At least 2 GB of free disk space on the volume where Dr.Web for Linux directories are stored. |
Operating |
GNU/Linux based on kernel ver. 2.6.37 or later, and using PAM and glibc library ver. 2.13 or later, systemd initialization system ver. 209 or later. The supported GNU/Linux distributions are listed below. |
Other |
The following valid network connections: •An internet connection to download updates and for sending requests to the Dr.Web Cloud service (only if it is manually authorized by the user). •When operating in the centralized protection mode, connection to the server on the local network is enough; connection to the internet is not required. |
|
To enable the correct operation of the SpIDer Gate component, the OS kernel must be built with the following options: •CONFIG_NETLINK_DIAG, CONFIG_INET_TCP_DIAG; •CONFIG_NF_CONNTRACK_IPV4, CONFIG_NF_CONNTRACK_IPV6, •CONFIG_NETFILTER_NETLINK_QUEUE, The set of required options from the specified list can depend on the GNU/Linux OS version in use. |
To enable the correct operation of Dr.Web for Linux, open the following ports:
Purpose |
Direction |
Port numbers |
|---|---|---|
To receive updates |
outgoing |
80 |
To connect to the Dr.Web Cloud service |
outgoing |
2075 (including those for UDP), |
|
Dr.Web for Linux is incompatible with other anti-virus programs. To avoid system errors and data loss that may occur when installing two anti-viruses on one computer, uninstall all other anti-virus programs prior to the installation of Dr.Web for Linux. |
List of Supported Distributions
The following GNU/Linux distributions are supported:
Platform |
Supported GNU/Linux versions |
|---|---|
x86_64 |
•ALT 8 SP •ALT Server 9, 10 •ALT Workstation 9, 10 •Astra Linux Common Edition (Orel) 2.12 •Astra Linux Special Edition 1.5 (with cumulative patch 20201201SE15), 1.6 (with cumulative patch 20200722SE16), 1.7, 1.8 •CentOS 7, 8 •Debian 9, 10, 11, 12 •Fedora 37, 38 •GosLinux IC6 •Red Hat Enterprise Linux 7, 8 •RED OS 7.2 MUROM, RED OS 7.3 MUROM, RED OS 8 •SUSE Linux Enterprise Server 12 SP3 •Ubuntu 18.04, 20.04, 22.04, 24.04 |
x86 |
•ALT 8 SP •ALT Workstation 9, 10 •CentOS 7 •Debian 10 |
ARM64 |
•ALT 8 SP •ALT Server 9, 10 •ALT Workstation 9, 10 •Astra Linux Special Edition (Novorossiysk) 4.7 •CentOS 7, 8 •Debian 11, 12 •Ubuntu 18.04 |
E2K |
•ALT 8 SP •ALT Server 10 •ALT Workstation 10 •Astra Linux Special Edition (Leningrad) 8.1 (with cumulative patch 8.120200429SE81) •Elbrus-D MCST 1.4 •GS CS Elbrus 8.32 TVGI.00311-28 |
ppc64el |
•CentOS 8 •Ubuntu 20.04 |
|
Mandatory access control is not supported on Elbrus-D MCST 1.4 and GosLinux IC6. |
For other GNU/Linux distributions that meet the abovementioned requirements, full compatibility with Dr.Web for Linux is not guaranteed. If a compatibility issue occurs, contact our technical support.
Required Additional Components and Packages
•To enable Dr.Web for Linux operation in graphical mode as well as to start an installer and an uninstaller in graphical mode, the X Window System graphics subsystem and any window manager are required. Moreover, the correct operation of the indicator in the Ubuntu Unity desktop environment may depend on an additional library (by default, the libappindicator1 library is required).
•To start the installer or uninstaller designed for the command line in the graphical mode, a terminal emulator (such as xterm or xvt) is required.
•To elevate privileges during installation or uninstallation, one of the following utilities is required: su, sudo, gksu, gksudo, kdesu, or kdesudo. For correct operation of Dr.Web for Linux, PAM must be used in the operating system.
|
For convenient work with Dr.Web for Linux from the command line, it is recommended to enable command auto-completion in your command shell (if disabled).
If you encounter any issue with installation of additional packages and components, refer to manuals for your distribution. |
Compatibility with Components of Operating Systems
•By default, the SpIDer Guard monitor uses the fanotify system mechanism, while on those operating systems on which fanotify is not implemented or is unavailable for other reasons, the component uses a custom loadable kernel module (LKM), which is supplied in a pre-built form. The Dr.Web for Linux distribution has LKM modules for all GNU/Linux systems mentioned above. If required, you can build a kernel module independently from the supplied source code for any OS that uses the Linux kernel of version 2.6.x and later.
|
The loadable kernel module (LKM) is not supported for ARM64, E2K and IBM POWER (ppc64el) architectures.
Operation of SpIDer Guard via the LKM is not supported for operating systems started in the Xen hypervisor environment. An attempt to load the kernel module used by SpIDer Guard during the OS operation in the Xen environment can lead to a critical error of the kernel (so called “Kernel panic” error).
SpIDer Guard can operate in enhanced or “paranoid” mode (blocks access to the files that have not been scanned yet), only via the fanotify system mechanism and providing that the OS kernel is built with the enabled CONFIG_FANOTIFY_ACCESS_PERMISSIONS option. |
•The SpIDer Gate monitor can conflict with other firewalls installed in your system:
▫Conflict with Shorewall and SuseFirewall2 (on SUSE Linux Enterprise Server). If there is a conflict with these firewalls, an error message of SpIDer Gate with code x109 is displayed. A way to resolve this conflict is described in the Appendix D. Known Errors section.
▫Conflict with FirewallD (on Fedora, CentOS, and Red Hat Enterprise Linux). If there is a conflict with this firewall, an error message of SpIDer Gate with code x102 is displayed. A way to resolve this conflict is described in the Appendix D. Known Errors section.
•If the OS includes NetFilter earlier than 1.4.15, SpIDer Gate can operate incorrectly. The issue is related to an internal error of NetFilter: disabling SpIDer Gate causes the network to become unstable. It is recommended that you upgrade your OS to a version that includes NetFilter 1.4.15 or later. A way to resolve this issue is described in the Appendix D. Known Errors section.
•Under normal operation, SpIDer Gate is compatible with all user applications that use network, including web browsers and mail clients. For the correct scanning of secured connections, it is necessary to add the Dr.Web for Linux certificate to a list of trusted certificates for those applications that use secure connections (for example, web browsers and mail clients).
•After adjusting the operation of SpIDer Gate (enabling the previously disabled monitor, changing the mode of scanning secure connections), it is necessary to restart mail clients that use IMAP to receive email messages from a mail server.
Compatibility with Security Subsystems
By default, Dr.Web for Linux does not support the SELinux security subsystem. Moreover, Dr.Web for Linux operates by default in a reduced functionality mode on the GNU/Linux systems that use mandatory access models (for example, on the systems distributed with the PARSEC mandatory access subsystem, which assigns different privilege levels, so-called mandatory levels, to users and files).
To install Dr.Web for Linux on systems with SELinux (as well as on systems that use mandatory access control models), you may have to additionally configure security subsystems to enable full functionality of Dr.Web for Linux. For details, refer to the Configuring Security Subsystems section.