Dr.Web (R) Configuration file $Revision: 1.90.2.19 $ +-------------------------------------------------------------------+ | SECTION: Daemon | | | | Dr.Web Daemon general settings. | +-------------------------------------------------------------------+ EnginePath = {FilePath} (/var/drweb/lib/drweb32.dll) drweb32.dll (Engine) location. This parameter is also used by Updater. VirusBase = {Lookups} (/var/drweb/bases/*.vdb) Masks for downloaded virus bases. This parameter is also used by the updating module for updating of antivirus bases. Listing of several masks is allowable. UpdatePath = {FilePath} (/var/drweb/updates) Path to directory, where files dowloaded by updating module are stored (except for drweb32.dll and virus bases). Value of this parameter is mandatory. TempPath = {FilePath} (/var/drweb/spool) Path to directory used by antivirus module (Engine) for creating of temporary files. During normal operation process this directory is not used. It is used for unpacking archives, or when system lacks memory resources. Key = {FilePath} (/opt/drweb/drweb32.key) Location of the key file (license or demo). PleskPublicKey = {FilePath} (/etc/drweb/plesk.key) Path to Plesk public RSA key file. OutputMode = {Quiet|Terminal} (Terminal) Information output mode at start. "Terminal" value outputs information to console, "Quiet" value disables output. RunForeground = {Boolean} (no) Yes value of this parameter disables the daemon mode of the Dr.Web Daemon, i.e. to operate in the background without the controlling terminal. This option can be used by certain monitoring tools (or example, by daemontools). User = {String} (drweb) User account with appropriate rights to run Daemon. It's recommended to create special user "drweb" which will be used by Daemon and filters. Running Daemon with Administrator privileges is insecure and therefore undesirable. User parameter value cannot be changed when reloading configuration using SIGHUP! PidFile = {FilePath} (/var/drweb/run/drwebd.pid) Path to file where Daemon PID and socket or the port number will be written to at start. If several Socket parameters are specified, this file will contain information aboutn all sockets set (one address per line). BusyFile = {FilePath} (/var/drweb/run/drwebd.bsy) Path to Daemon busy file. This file is created by Daemon scanning copy and removed after successful execution of corresponding command. Names of the files created by each copy of the Daemon are appended with a point and ASCIIZ representation of PID (e.g., /var/run/drwebd.bsy.123456). ProcessesPool = {String} (auto,timeout=120,stop_timeout=1,stat=no) Process pool settings. At first, number of processes in a pool is defined: * auto - number of processes in a pool is automatically detected, depending on the current system load; * N - non-negative integer. At least N processes in a pool will be active, and new processes will be created as required; * N-M - positive integers, and M>=N. At least N processes in a pool will be active, and new processes will be created as required until the number of processes reaches M value. Further the following additional parameters can be specified: * timeout = {time in seconds} - if a process does not become active during the specified period of time, it is closed. This parameter does not affect the first N processes, which are waiting for requests infinitely. Default value: 120 * stat = {yes|no} - statistics for processes in a process pool. If specified value is yes, pool statistics will be output to the log file when SIGUSR1 signal will be received. Default value: no * stop_timeout = {time in seconds} - maximum time for a working process to stop. Default value: 1 OnlyKey = {Boolean} (no) When enabled, only key file will be requested from Agent. Local configuration file will be used. ControlAgent = {String} (local:/var/drweb/ipc/.agent) Agent address. If the value of OnlyKey parameter is set to No, then Daemon receives both key file and configuration file from Agent. MailCommand = {String} ("/usr/sbin/sendmail -i -bm -f drweb -- root") Command used by Daemon and Updater to send notifications to a user (administrator) via e-mail. Daemon uses this feature at every start (restart, reboot), if less than two weeks left until the key file (one of key files) expires. Updater uses this feature to send information bulletins by Doctor Web, Ltd. NotifyPeriod = {Digital} (14) Number of days before license key expiration to start sending notifications about license renewal. When parameter value is set to 0, notifications will be sent only when license key is expired. NotifyFile = {FilePath} (/var/drweb/.notify) Path to file with a timestamp of last notification sent to Administrator about license key expiration. NotifyType = {Ever|Everyday|Once} (Ever) Frequency of notifications dispatch. When parameter value is set to "Once", notification will be sent only once. With "Everyday" value specified notifications will be sent once a day. With "Ever" value specified notifications will be sent at every reload of the Daemon and after every update. FileTimeout = {Digital} (30) Maximum time to one file scan in seconds StopOnFirstInfected = {Boolean} (no) Termination of message scan after detection of the first virus. With "Yes" value specified mail-server load and message check time can be reduced considerably. ScanPriority = {String} (0) Daemon processes priority. The range of this parameter value must be within -20 (highest priority) to 20 (lowest priority). FilesTypes = {MultiString} (EXE,COM,SYS,OV?,BAT,BIN,DRV,PRG,BOO, SCR,CMD,VXD,386,DLL,FON,DO?,XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,AR?, ZIP,R??,PP?,OBJ,LIB,HLP,MD?,INI,MBR,IMG,CSC,CPL,MBP,SHS,SHB,PIF, SO,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD,THE*,NWS,SWF,BMP,MPP,OCX,DVB, CPY,MSG,EML) File types to be checked during "by type" scan, i.e. when ScanFiles parameter has the ByType value. "*" and "?" symbols are accepted. Several lines can be specified for this parameter, and in this case the specified lists are summed up. FilesTypesWarnings = {Boolean} (yes) Unknown file types alert. ScanFiles = {ByType|All} (All) Additional restriction for files to be checked. Scan only files with extensions specified in FileTypes parameter (value ByType) or all files (value All). Value ByType of this parameter can be used only in local scan mode (in other modes always used only All value). In mailboxes are always scanned all files (independent of ScanFiles parameter value). Attention! In case in configuration of anti-virus plug-in Drweb (used in product Dr.Web for UNIX mail servers) value of parameter ScanType is specified to local or auto, setting ScanFiles = ByType will force this plug-in to skip all email messages WITHOUT anti-virus checking! CheckArchives = {Boolean} (yes) Whether to unpack ZIP (WinZip, InfoZIP...), RAR, ARJ, TAR, GZIP and CAB archives, or not. CheckEMailFiles = {Boolean} (yes) Whether to scan files in e-mail formats, or not. ExcludePaths = {Lookups} (/proc,/sys,/dev) Masks for files to be excluded from scan by Daemon. FollowLinks = {Boolean} (no) Whether to follow symbolic links, or not. RenameFilesTo = {String} (#??) Mask for renaming files using custom file extension, if "Rename" action is specified for infected or suspicious files. The first character of the file extension is replaced with "#", and two subsequent characters will be preserved. If a file has no extension, it will consist of only one "#" symbol. MoveFilesTo = {DirPath} (/var/drweb/infected) Path to quarantine directory. BackupFilesTo = {DirPath} (/var/drweb/infected) Path to directory used to store backups of infected files, which have been cured. LogFileName = {FilePath} (syslog) Log filename. When "syslog" value is specified, report will be logged using syslogd system service. Since syslog records information about various events of different importance in several files, you can find out where information about Scanner operation is stored using SyslogFacility and SyslogPriority parameters and syslog configuration file (usually /etc/syslogd.conf). SyslogFacility = { Mail| User| Kern| Local7| Local6| Local5| Local4| Local3| Local2| Local1| Local0| Daemon } (Daemon) Sets the log type when using syslogd system service. SyslogPriority = {Error|Info|Notice|Warning|Alert} (Info) Sets the log priority when using syslogd system service. LimitLog = {Boolean} (no) Specifies whether the log file size must be limited, or not. Parameter is ignored when LogFileName parameter value is "syslog". When current log file size exceeds the value set for MaxLogSize parameter, log file is erased and started over from scratch. MaxLogSize = {Digital} (512) Maximum log file size. Can be used with LimitLog = Yes only. LogScanned = {Boolean} (yes) Whether to log or not information about all checked objects (infected and clean). LogPacked = {Boolean} (yes) Whether to log or not additional information about files packed by DIET, PKLITE and similar utilities. LogArchived = {Boolean} (yes) Whether to log or not additional information about files archived by RAR, ZIP, TAR and similar archivers. LogTime = {Boolean} (yes) Whether to log or not the time for each record. This parameter is not used when LogFileName is set to "syslog". LogProcessInfo = {Boolean} (yes) Whether to log or not clients address (hostname or IP) anp PID of every scanning process. RecodeNonprintable = {Boolean} (yes) Output mode for nonprintable characters. RecodeMode = {QuotedPrintable|Replace} (QuotedPrintable) With RecodeNonprintable value set to "Yes" this parameter specifies decoding method for nonprintable characters. If its value is set to "Replace", all such characters are replaced with the RecodeChar parameter value. If its value is set to "QuotedPrintable", Quoted Printable format is used for decoding. RecodeChar = {Char} ("?") Defines symbol to replace nonprintable characters if RecodeMode parameter value is set to "Replace". Socket = {MultiString} (/var/drweb/run/.daemon,3000, localhost) Description of socket used for communication with Daemon. Sockets can be specified in several ways. If it is necessary to specify several socket addresses in one string, you should use TYPE:ADDRESS format, where TYPE is the type of socket: inet - TCP socket, local or unix - UNIX socket. Example: Socket = inet:3000@127.0.0.1,local:%var_dir/.drwebd Also you can specify socket address in PORT [interfaces] | FILE [access] format. For a TCP socket, specify decimal port number (PORT) and the list of interface names or IP addresses for incoming requests (interfaces). Example: Socket = 3000 127.0.0.1, 192.168.0.100 For UNIX sockets, specify socket name (FILE) and access permissions in octal form (access). Example: Socket = %var_dir/.drwebd 0660 SocketTimeout = {Digital} (10) Timeout in seconds to receive/send all data through socket (not considering scanning time). If 0 - time is unlimited. MaxCompressionRatio = {String} (500) Maximum compression ratio, i.e. ratio of the unpacked file length to the length of packed file in archive. If the ratio exceeds value specified for this parameter, file will not be extracted and therefore will not be checked. Parameter can take only natural values. If parameter value is set to 0, check of compression ratio will not be carried out. CompressionCheckThreshold = {Digital} (1024) Minimum size of a file inside archive (in KBytes) beginning from which the compression ratio check will be performed (if this is specified by the MaxCompressionRatio parameter). If 0 - check will not be performed. MaxFileSizeToExtract = {Digital} (40960) Maximum unpacked size for the file in an archive(in KBytes). If unpacked size exceeds specified value the archive will not be scanned. If value is 0 then size is unlimited. MaxArchiveLevel = {Digital} (8) Maximum archive nesting level. If archive nesting level exceeds specified value, the archive will not be scanned. If value is set to 0, nesting level will not be limited. ClientsLogs = {String} (drwebdc:/var/drweb/log/drwebdc.log,smb_spider:syslog,mail:/var/drweb/log/drwebmail.log,kerio:syslog,lotus:syslog) Splitting the log files.If after communicating with Daemon client uses the option to transfer its ID, log file will be substituted with the file specified in this parameter. The log files are defined in the following way: :, : Client name may be one of the following web smb_spider mail drwebdc kerio lotus Example: drwebdc:/var/drweb/log/drwebdc.log,smb_spider:syslog, mail:/var/drweb/log/drwebmail.log,kerio:syslog,lotus:syslog Also if client uses the option to transfer its ID, scanning result will begin with prefix defined by the client ID. Following prefixes are possible: MaxBasesObsolescencePeriod = {Digital} (24) A maximum period of time (in hours) since the last update to consider virus databases up-to-date. After this period expires, a notification about obsolete virus databases is output to console. If the value of this parameter is set to 0, then update status of virus bases is not checked, and no notification is output. MessagePatternFileName = {String} (/etc/drweb/templates/drwebd/msg.tmpl) Path to template for message about license expiration. You can define expiration message according to your requirements. You can use variables that will be substituted for the following values: $EXPIRATIONDAYS — number of day left until the license would expire; $KEYFILENAME — path to license key file; $KEYNUMBER - license number; $KEYACTIVATES — license activation date; $KEYEXPIRES — license expiration date. If there is no user-defined template, standard message in English will be used. MailTo = {String} () Administrator email address to send messages about license expiration, virus databases obsolescence, etc. +-------------------------------------------------------------------+ | SECTION: Updater | | | | Updater general settings. | +-------------------------------------------------------------------+ WorkingDir = {DirPath} (/var/drweb/updater/) Path to working dir of updater. UpdatePluginsOnly = {Boolean} (no) "Yes" value enables updating of plug-ins only, without updating of Daemon and Scanner at the same time. Section = {Scanner|Daemon} (Daemon) Defines which component must be updated. Information about files to be updated is received from corresponding sections of configuration file. This value can be overridden by command line parameter --what at startup. ProgramPath = {FilePath} (/opt/drweb/drwebd) Path to program files. Used by Updater to get product versions and API versions for installed binaries. SignedReader = {FilePath} (/opt/drweb/read_signed) Path to program used by Updater to read signed files. LzmaDecoderPath = {DirPath} (/opt/drweb) Path to program used by Updater to unpack lzma-archives. LockFile = {FilePath} (/var/drweb/run/update.lock) Path to file used to prevent sharing of certain files during update. CronSummary = {Boolean} (yes) Enables output of update session log to stdout. It is used by cron daemon for sending notifications to administrator. DrlFile = {FilePath} (/var/drweb/bases/update.drl) Path to file with list of currently available update servers. Updater randomly selects server for each update session. This file is signed by Dr.Web. and cannot be changed manually. It is updated automatically. CustomDrlFile = {FilePath} (/var/drweb/bases/custom.drl) Path to alternative file with list of currently available update servers. Updater randomly selects server for each update session. This file is signed by Dr.Web. and cannot be changed manually. It is updated automatically. FallbackToDrl = {Boolean} (yes) Defines behavior of Updater if both DrlFile and CustomDrlFile parameters are set. If you enable FallbackToDrl parameter and Updater fails to update anything using path specified in CustomDrlFile parameter value, it will use DrlFile parameter value as fallback. DrlDir = {DirPath} (/var/drweb/drl) Path to directory containing signed *.drl files with lists of update servers for Dr.Web plugins (e.g. VadeRetro antispam library) to be updated. Timeout = {Digital} (90) Timeout for updates to be downloaded. When this value is left empty, download time is not limited. Tries = {Digital} (3) Number of attempts Updater makes to download updated files. ProxyServer = {Address} () IP-address of a proxy server to be used during update process. Proxy server is specified in the following format: [http://]hostname[:port] where optional elements are in square brackets. If port number is not specified, then 3128 port will be used by default. If you do not have proxy server, leave this value empty. ProxyLogin = {String} () Proxy server authentication username. If you do not have proxy server, leave this value empty. ProxyPassword = {String} () Proxy server authentication password. If you do not have proxy server, leave this value empty. LogFileName = {FilePath} (syslog) Log filename. When "syslog" value is specified, report will be logged using syslogd system service. Since syslog records information about different events of various importance to several files, you can find out where information about Updater operation is stored using SyslogFacility and SyslogPriority parameters and syslog configuration file (usually /etc/syslogd.conf). LogLevel = {Quiet|Error|Warning|Info|Verbose|Debug} (Info) Log verbosity level. SyslogFacility = { Mail| User| Kern| Local7| Local6| Local5| Local4| Local3| Local2| Local1| Local0| Daemon } (Daemon) Sets the log type when using syslogd system service. LotusdPidFile = {FilePath} (/var/drweb/run/drweblotusd.pid) Path to pid file of Lotusd. MaildPidFile = {FilePath} (/var/drweb/run/drweb-maild.pid) Path to pid file of Maild. IcapdPidFile = {FilePath} (/var/drweb/run/drweb_icapd.pid) Path to pid-file of Icapd. BlackListPath = {DirPath} (/var/drweb/dws) Path to dir with dws-files. AgentConfPath = {FilePath} (/etc/drweb/agent.conf) Path to agent config file. PathToVadeRetro = {FilePath} (/var/drweb/lib/libvaderetro.so) Path to shared library libvaderetro.so . ExpiredTimeLimit = {Digital} (14) A number of days left before license key file expiration. During this period Updater will make attempts to renew the key. ESLockfile = {FilePath} (/var/drweb/run/es_updater.lock) Path to lockfile. There is the file, so the updater can not do its work.