Basic Features of Dr.Web for Linux

The basic features of Dr.Web for Linux:

1.Detection and neutralization of threats. Scanning for malicious programs of any kind (various viruses including those that infect mail files and boot records, trojans, email worms and so on) and unwanted software (adware, joke programs and dialers). For details on threat types, refer to Appendix A. Types of Computer Threats.

The product uses the following methods to detect malicious and unwanted programs:

A signature analysis. A scan method enabling detection of already known threats covered by virus databases.

A heuristic analysis. A set of scan methods enabling detection of threats that are not known yet.

Cloud-based threat detection technologies using the Dr.Web Cloud service, which collects up-to-date information about recent threats detected by various Dr.Web anti-virus products.

The heuristic analyzer may cause false-positive detections. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you quarantine such files and send them for analysis to the Doctor Web anti-virus laboratory. For details on the methods used to neutralize threats, refer to Appendix B. Neutralizing Computer Threats.

File system scanning can be started on demand or automatically on schedule. Both a full scan (scanning of all file system objects available to the user) and a custom scan (scanning of individual directories or files) can be performed. Furthermore, the user can start an individual scan of volume boot records and executable files that ran currently active processes. In the latter case, if a threat is detected, the malicious executable file is neutralized and all processes run from this file are forced to terminate.

For operating systems with a graphical desktop environment, integration of file scanning with either a taskbar or a graphic file manager is available. For systems that implement mandatory access control with different access levels, files that are not available for the current level can be scanned in special autonomous instance mode.

All objects containing threats detected in the file system are registered in a permanent threat registry, except those threats that were detected in autonomous instance mode.

The command-line tool supplied with Dr.Web for Linux allows scanning file systems of remote network hosts for threats. The hosts provide remote terminal access via SSH or Telnet.

Remote scanning can only be used to detect malicious and suspicious files on a remote host. To eliminate the detected threats on the remote host, use administration tools provided directly by this host. For example, for routers and other smart devices, update the firmware; for computing machines, connect to them (using a remote terminal is one of the options) and perform the necessary operations on the file system (remove or move files and so on), or run the anti-virus software installed on them.

2.Monitoring access to files. This mode tracks access to data files and an attempt to run executables. This allows you to detect and neutralize malware when it attempts to infect the computer. In addition to the standard monitoring mode, you can use the enhanced (or Paranoid) mode, so that the monitor blocks access to files until the scan is completed (this helps prevent access to files that contain a threat; however, a scan result becomes known only after the application accesses the file). The enhanced monitoring mode increases security, but slows down access of applications to unscanned files.

3.Monitoring of network connections. All attempts to access internet servers (web servers, file servers) via HTTP and FTP are monitored to block access to websites or hosts of the unwanted categories and to prevent downloading malicious files.

4.Scanning of email messages to prevent receiving and sending messages containing infected files and unwanted links or classified as spam.

Scanning of email messages and downloaded files for viruses and other threats is performed on the fly. Depending on the distribution, the Dr.Web Anti-Spam component may not be included in Dr.Web for Linux. In this case, email messages are not scanned for spam.

To detect unwanted links, Dr.Web for Linux is supplied with an automatically updated database of web resource categories and black and white lists, which are manually edited by the user. In addition, Dr.Web for Linux may also use the Dr.Web Cloud service to check whether a web resource requested by the user or a link to which is provided in an email message is classified as malicious by other Dr.Web anti-virus products.

If any email messages are falsely detected by the Dr.Web Anti-Spam component, we recommend you to forward them to special addresses for analysis and improvement of spam filter quality. To do that, save each message to a separate .eml file. Attach the saved files to an email message and forward it to the corresponding service address:

nonspam@drweb.com—if it contains email files erroneously classified as spam;

spam@drweb.com—if it contains email files erroneously not classified as spam.

 

5.Reliable isolation of infected or suspicious objects in special storage known as quarantine to prevent any damage to the system. When quarantined, the objects are renamed according to specific rules and, if necessary, such objects can be restored to their original location only on user demand.

6.Automatic updating of Dr.Web virus databases and the scan engine to maintain a high level of protection against malware.

7.Collection of statistics on virus events, logging threat detection events (available only via the command line tool) as well as sending of statistics on virus incidents to the Dr.Web Cloud service.

8.Operation in centralized protection mode (when connected to a centralized protection server such as Dr.Web Enterprise Server or as a part of the Dr.Web AV-Desk service) to implement single security policies adopted for a network comprising this computer. It can be a corporate network, a private network (VPN) or a network of a service provider (for example, an internet service provider).

Since the use of the information stored by the Dr.Web Cloud service requires transferring of data about user activity (for example, addresses of visited websites), Dr.Web Cloud can be used only after the user allows it. If necessary, the use of Dr.Web Cloud can be disabled at any time in the settings of Dr.Web for Linux.