Doctor Web, Ltd. Dr.Web(R) for Linux Updating components Administrator Manual Version 6.0.2.9 ==================================================================== All the materials published herein are the property of Doctor Web, Ltd. and may not be reproduced in any form without written permission of Doctor Web, Ltd. and proper attribution. Dr.Web is a registered trademark of Doctor Web, Ltd. Other product names mentioned herein are trademarks or registered trademarks of their respective companies. There might be further improvements and changes in the software not described in this manual. The revised and amended versions of this manual are available at www.drweb.com. ==================================================================== (C) 2003-2012 Doctor Web, Ltd. Russia, Moscow - Saint Petersburg http://www.drweb.com/ CONTENTS 1. INTRODUCTION 2. UPDATING SCRIPT OF THE PROGRAM AND THE VIRUS BASES 2.1. Running the updating script. Command line options 2.2. Blocking updates for selected components 2.3. Restoring updates 2.4. Configuration file. Updating parameters 3. CONTACTS 1. INTRODUCTION Dr.Web program components require regular updating. For successful operation of antivirus and traffic filtering modules, virus bases of the known viruses and content-specific black and white lists must be updated regularly. For successful updating of virus bases a valid license key file is required. It has limited term of use. Before each updating Dr.Web Updater checks how many days are left before license expiration. If the number of days left is equal to or less then the value of ExpiredTimeLimit parameter from the correspondingS section of drweb32.ini configuration file, then Dr.Web Updater tries to renew the license key file automatically (renewal attempts are made at every start until successful renewal). Note: Dr.Web Updater performes license key file renewal in two modes: using SSL protocol or using some other protocols. SSL mode is chosen when Net::SSLeay perl module is installed to the system. Otherwise Non-SSL mode will be chosen. Virus base contains several *.vdb files, representing separate parts of it. On update servers these files are also stored in lzma-archives. When new viruses appear, small files (only several Kbytes in size) with base segments describing these viruses are released for amendment. Add-ons are the same for all supported platforms. There are two types of them: daily "hot" add-ons (drwtoday.vdb) and regular weekly updates (drwXXXYY.vdb - where XXX is for untivirus version number, and YY is a sequential number, beginning from 00). "Hot" add-ons may be issued daily or even several times a day to provide effective protection against new viruses. This type of add-ons must be installed over the old ones: i.e. previous drwtoday.vdb file will be overwritten. When new regular add-on is released, all records from drwtoday.vdb are copied to drwXXXYY.vdb, and new empty drwtoday.vdb file is issued. If you want to update virus base manually, you must install all missing regular add-ons first, and then overwrite drwtoday.vdb file. To add the add-on to the main virus base place corresponding file to /var/drweb/bases/ directory or to any other directory specified in the configuration file. Signatures for virus-like malicious programs (adware, dialers, hacktools, etc.) are supplied in two additional files - drwrisky.vdb è drwnasty.vdb - with the structure similar to virus bases. These files are also updated regularly: dwrXXYYY.vdb and dwnXXYYY.vdb are for regular updates, and dwrtoday.vdb and dwntoday.vdb are for "hot" updates. From time to time (as brand new viruses and antivirus techniques appear), new versions of the antivirus package are released, containing the updated algorithms, implemented in the antivirus Engine. At the same time, all released add-ons are brought together, and the new package version is completed with the updated main virus base with descriptions of all known viruses. After regular updating, virus bases attain the following structure: - drwebase.vdb - general virus database, received with the new version of the package; - drwXXXXX.vdb - regular weekly add-ons; - drwtoday.vdb - "hot" add-ons issued daily or several times a day; - drwnasty.vdb - general database of malware, received with the new version of the package; - dwnXXXYY.vdb - regular weekly add-ons; - dwntoday.vdb - "hot" add-ons issued daily or several times a day; - drwrisky.vdb - general database of riskware, received with the new version of the package; - dwrXXXYY.vdb - regular weekly add-ons; - dwrtoday.vdb - "hot" add-ons issued daily or several times a day. Content-specific black and white lists consist of files with *.dws extension. Every file contains list of URLs access to which must be blocked or permitted. On update servers these files can also be stored in lzma-archives. - dwfXXXNN.dws - predefined black list, where XXX is for theme of the list (e.g. "prn" means "porno", "mlw" means "malware"), and YY is a sequential number of the list devoted to the specific theme. - white_dwfXXX.dws - predefined white list, where XXX is for theme of the list. If there is no need in updating these lists, then icap.drl file must be removed or deleted from directory containing drl-files (path to this directory is specified as a value of DrlDir parameter described below). For automatic receipt and installation of the anti-virus add-ons and content-specific black and white lists you must use a special updating module. Please note, that the updating module requires the installed Perl 5.8.0 or higher. 2. UPDATING MODULE Dr.Web Updater 2.1. Running the updating module. Command line parameters Updating module Dr.Web Updater is a script "update.pl" written in perl. It can be found in directory containing executable program files. Dr.Web Updater settings are stored in main configuration file (drweb32.ini by default) from /etc/drweb directory. To run the script use the following command: > /opt/drweb/update.pl [parameters] --help parameter is used to show brief usage summary. To use another configuration file, specify full path to it with --ini command line parameter. If the name of the configuration file is not specified, /etc/drweb/drweb32.ini is used. Example: > /opt/drweb/update.pl -ini=/etc/drweb/drweb32.conf --what command line parameter allows to temporarily override value of Section parameter on Updater's launch. Parameter will take effect until next start of the script. Possible values: scanner or daemon. Example: > /opt/drweb/update.pl --what=Scanner --components parameter is used to view a list of all product components available for update. Example: > /opt/drweb/update.pl --components --not-need-reload parameter can also be specified as command line parameter. It can be used in several ways: a. If --not-need-reload parameter is not specified, maild, icapd and drwebd daemons will be reloaded after update.pl script finishes its work. (Note: daemons will be reloaded only if any of their components has been updated/removed/added during script operation.) b. If --not-need-reload parameter is specified, but no value is set for it, maild, icapd, drwebd and lotusd daemons will not be reloaded after update.pl script finishes its work. c. Daemons names are used as values for --not-need-reload parameter. Several names can be specified in one string, without white spaces and with comma, used as delimiter. Values are case insensitive. Daemons, which names are specified as parameter values, will not be reloaded. Allowed parameter values are: maild, icapd, drwebd, lotusd. Examples: 1) /opt/drweb/update.pl --not-need-reload 2) /opt/drweb/update.pl --not-need-reload=maild,icapd 3) /opt/drweb/update.pl --not-need-reload=drwebd The updating process includes the following stages: - Dr.Web Updater reads the configuration file; - Parameters to be used are located in [Updater] section of configuration file, as well as the following: EnginePath - serves both to determine the Daemon version and to specify the directory, where updated drweb32.dll file is downloaded; VirusBase - serves to specify the directory, where updated virus bases are downloaded. UpdatePath - serves to specify the directory, where all other updated files are downloaded. PidFile - serves to specify path to file, from which the drwebd process identifier used for the reload of the Daemon reload is read. - Dr.Web Updater requests the list of updates from the server, then tries to download lzma-archives of the corresponding bases. If no lzma-archives are found, it downloads necessary bases in *.vdb and *.dws formats. To extract files from lzma-archives special lzma-utility is used, path to which is specified by LzmaDecoderPath parameter value in the [Updater] section. - Downloaded updates are placed to the corresponding directories as it is described above. All files for the current Dr.Web version will be downloaded. If some sections of any previous versions are found, only *.vdb files will be downloaded. 2.2. Blocking updates for selected components You can configure Updater to block updates for selected components of your Dr.Web solution. To view the list of available components, use --components command-line parameter. Example: # ./update.pl --components Available Components: agent drweb (frozen) icapd (frozen) vaderetro_lib If updates for any component are blocked, that component will be marked as frozen. Frozen components will not be updated when Updater is ran. 2.2.1. Blocking updates To block updates for specific component use --freeze= command- line parameter, where is a comma-delimited list of names of components to be frozen. Example: # ./update.pl --freeze=drweb Updates for component 'drweb' are frozen. Run command './updater --unfreeze=drweb' to start updates again. 2.2.2. Unblocking updates To once again enable updates for a frozen component, use --unfreeze= command-line parameter, where is a comma- delimited list of names of components to be unfrozen. Example: # ./update.pl --unfreeze=drweb Updates for component 'drweb' are no longer frozen. Please note, that Unfreezing will not update the component. 2.3. Restoring updates When updating components of your Dr.Web solution, back-up copies will be saved in Updater working directory. It enables you to restore any component to its previous state in case there are some problems with the update. To restore component to a previous state, use --restore= command-line parameter, where is a comma delimited list of components to be restored. Example: # ./update.pl --restore=drweb Restoring backup for component 'drweb'... Updates for component 'drweb' are frozen. Run command './updater --unfreeze=drweb' to start updates again. Backup for component 'drweb' has been restored! Dr.Web (R) restore details: Following files has been restored: /var/drweb/bases/drwtoday.vdb /var/drweb/bases/dwntoday.vdb /var/drweb/bases/dwrtoday.vdb /var/drweb/bases/timestamp /var/drweb/updates/timestamp Please note, that component will be automatically frozen after restoring. To enable updates for a restored component you need to unfreeze it. 2.4. Configuration file. Parameters for updating module The configuration file is a text file, therefore it can be edited by any text editor. It has the following structure: --- Beginning of file --- [Name of section 1] Parameter1 = value1, ..., valueK ..... ParameterM = value1, ..., valueK ...... [Name of section X] Parameter1 = value1, ..., valueK ..... ParameterY = value1, ..., valueK --- end of file --- If the line begins with ";" or "#" symbols, it is considered to be the line of comments. These lines are skipped when reading parameters from the configuration file. If any parameter is commented out or not specified, it does not mean that this parameter has no value. In this case the hardcoded default value will be used. Only some parameters are optional or do not have default values. Every such case will be described separatedly. Parameter values can be included in brackets (and must be included in brackets when contain white spaces). Some parameters can have several values, with comma used as delimiter. If values are included in {}, then the parameter may take only one value from the specified. Settings for Dr.Web Updater module can be found in [Updater] section of the main configuration file. Updating script settings section name - [Updater]. The parameters will be described as follows: ParameterName = ParameterPseudoValue Parameter description May have or not several values Default value: {value | unspecified} Below you will find descriptions of all available parameters: UpdatePluginsOnly = {Yes | No} With Yes value specified Dr.Web Updater will not update Daemon and Scanner. It will update only plug-ins. Default value: No Section = {Daemon | Scanner} Specifies from which section of configuration file Updater will take settings to determine program version, paths to virus databases, etc. Possible values: Scanner, Daemon. Value of this parameter can be temporarily overriden by --what command line parameter. Parameter will take effect until next start of the script. Default value: Daemon ProgramPath = {path to file} Path to Daemon or Scanner. It is used by the Dr.Web Updating System for getting the product version and API information of the installed binary. Default value: /opt/drweb/drwebd SignedReader = {path to file} This program is used by the Dr.Web Updating System for reading signed files. Default value: /usr/lib/drweb/read_signed (for FHS-compatible systems) /usr/local/drweb/read_signed (for BSD-like systems) /opt/drweb/read_signed (for other systems) LzmaDecoderPath = {path to file} Path to program used for unpacking of lzma-archives. Default value: /opt/drweb LockFile = {path to file} Path to lock file used to prevent sharing of certain files during their processing by Dr.Web Updater. Default value: /var/drweb/run/update.lock CronSummary = {Yes | No} If Yes is specified, the updating script displays message on each session results in stdout. The mode can be used for notification of an administrator by email, if the script is run by the cron daemon. Default value: Yes DrlFile = {path to a file} The path to a file containing list of accessible Dr.Web updating servers. The script selects the server for updating by random order from this list. This file is signed by Doctor Web, Ltd. and should not be modified by a user. If necessary, it is automatically corrected by the updating script. Default value: /var/drweb/bases/update.drl CustomDrlFile = {path to file} Path to the alternative *.drl file with the list of update servers. This file is signed by Dr.Web and should not be modified by the user. It is updated automatically. Default value: /var/drweb/bases/custom.drl FallbackToDrl = {Yes | No} Determines which *.drl file will be used first. If specified value is Yes, Updater will attempt to use the file specified in CustomDrlFile and then, if it fails, will attempt to use the file specified in DrlFile. Default value: Yes DrlDir = {path to directory} Path to the directory containing drl files with lists of update servers for each plug-in. These files are signed by Dr.Web and should not be modified by the user. Default value: /var/drweb/drl/ Timeout = {number in seconds} Timeout for updates to be downloaded The empty value or the absence of the parameter mean unspecified value of the timeout. Default value: 90 Tries = {numerical value} Number of attempts to be made by Dr.Web Updater to establish a connection with update server. Default value: 3 ProxyServer = {proxy server name or IP} If you use proxy server for Internet access specify its name or IP-address. Default value: empty (the proxy is not used) ProxyLogin = {name} Sets the --proxy-user parameter value of the wget utility. Default value: empty (the proxy is not used) ProxyPassword = {password} Sets the --proxy-passwd parameter value of the wget utility. Default value: empty LotusdPidFile = {path to file} Path to Lotus Daemon PID file. Default value: /var/drweb/run/drweblotusd.pid MaildPidFile = {path to file} Path to drweb-maild PID file. Default value: /var/drweb/run/drweb-maild.pid IcapdPidFile = {path to file} Path to drweb-icapd PID file. Default value: /var/drweb/run/drweb_icapd.pid BlacklistPath = {path to directory} Path to directory with .dws files. Default value: /var/drweb/dws AgentConfPath = {path to file} Path to Agent configuration file. Default value: /etc/drweb/agent.conf PathToVadeRetro = {path to file} Path to libvaderetro.so library. Default value: /var/drweb/lib/libvaderetro.so ExpiredTimeLimit = {number} Number of days before license expiration during which Updater will be attempting to update license key file. Default value: 14 ESLockfile = {path to file} Path to lock file. If the lock file exists, Dr.Web Updater will not be automatically initialized by cron daemon. Default value: /var/drweb/es_updater.lock Below go the updating log settings. LogFileName = {filename} Updating log filename. Default value: /var/log/drweb/updater.log (for FHS-compatible systems) /var/drweb/log/updater.log (for other systems) LogLevel = {Quiet | Debug | Verbose | Info | Warning | Error} The log level degree. Default value: Verbose SyslogFacility = {Daemon | Local0 .. Local7 | Kern | User | Mail} Log type to be used by syslogd system service. Default value: Daemon 3. CONTACTS Dr.Web program is developing permanently. To get news and new information about updates, please visit our web-site: http://www.drweb.com Marketing dept.: http://buy.drweb.com e-mail: sales@drweb.com You can contact technical support: - by filling in the web-from in the corresponding section of the support site at http://support.drweb.com ; - by phone in Moscow: +7 (495) 789-45-86. Please include the following information into your problem report: - full name and version of your UNIX distribution; - Dr.Web version that is logged during program start.