Basic Features of Dr.Web for Linux |
The basic features of Dr.Web for Linux: 1.. Scanning for malicious programs of any kind (various viruses including those that infect mail files and boot records, trojans, email worms and so on) and unwanted software (adware, joke programs and dialers). For details on threat types, refer to Appendix A. Types of Computer Threats. The product uses the following methods to detect malicious and unwanted programs: •A signature analysis. A scan method enabling detection of already known threats covered by virus databases. •A heuristic analysis. A set of scan methods enabling detection of threats that are not known yet. •Cloud-based threat detection technologies using the Dr.Web Cloud service, which collects up-to-date information about recent threats detected by various Dr.Web anti-virus products.
File system scanning can be started on demand or automatically on schedule. Both a full scan (scanning of all file system objects available to the user) and a custom scan (scanning of individual directories or files) can be performed. Furthermore, the user can start an individual scan of volume boot records and executable files that ran currently active processes. In the latter case, if a threat is detected, the malicious executable file is neutralized and all processes run from this file are forced to terminate. For operating systems with a graphical desktop environment, integration of file scanning with either a taskbar or a graphic file manager is available. For systems that implement mandatory access control with different access levels, files that are not available for the current level can be scanned in special autonomous instance mode. All objects containing threats detected in the file system are registered in a permanent threat registry, except those threats that were detected in autonomous instance mode. The command-line tool supplied with Dr.Web for Linux allows scanning file systems of remote network hosts for threats. The hosts provide remote terminal access via SSH or Telnet.
2.. This mode tracks access to data files and an attempt to run executables. This allows you to detect and neutralize malware when it attempts to infect the computer. In addition to the standard monitoring mode, you can use the enhanced (or Paranoid) mode, so that the monitor blocks access to files until the scan is completed (this helps prevent access to files that contain a threat; however, a scan result becomes known only after the application accesses the file). The enhanced monitoring mode increases security, but slows down access of applications to unscanned files. 3.. All attempts to access internet servers (web servers, file servers) via HTTP and FTP are monitored to block access to websites or hosts of the unwanted categories and to prevent downloading malicious files. 4. to prevent receiving and sending messages containing infected files and unwanted links or classified as spam. Scanning of email messages and downloaded files for viruses and other threats is performed on the fly. Depending on the distribution, the Dr.Web Anti-Spam component may not be included in Dr.Web for Linux. In this case, email messages are not scanned for spam. To detect unwanted links, Dr.Web for Linux is supplied with an automatically updated database of web resource categories and black and white lists, which are manually edited by the user. In addition, Dr.Web for Linux may also use the Dr.Web Cloud service to check whether a web resource requested by the user or a link to which is provided in an email message is classified as malicious by other Dr.Web anti-virus products.
5. in special storage known as quarantine to prevent any damage to the system. When quarantined, the objects are renamed according to specific rules and, if necessary, such objects can be restored to their original location only on user demand. 6. of Dr.Web virus databases and the scan engine to maintain a high level of protection against malware. 7. on virus events, logging threat detection events (available only via the command line tool) as well as sending of statistics on virus incidents to the Dr.Web Cloud service. 8. (when connected to a centralized protection server such as Dr.Web Enterprise Server or as a part of the Dr.Web AV-Desk service) to implement single security policies adopted for a network comprising this computer. It can be a corporate network, a private network (VPN) or a network of a service provider (for example, an internet service provider).
|