cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bfc6c842567147fcad047b8c041ee73fdac81d7
server/opt/drweb/doc/daemon/readme.daemon
cutemeli 0bfc6c8425 Initial
2025-12-22 10:32:59 +00:00

1042 lines
41 KiB
Plaintext
Raw Blame History

Doctor Web, Ltd.
Dr.Web(R) Daemon for Linux
Administrator Manual
Version 6.0.2.9
====================================================================
All the materials published herein are the property of Doctor Web, Ltd.
and may not be reproduced in any form without written permission of
Doctor Web, Ltd. and proper attribution.
Dr.Web is a registered trademark of Doctor Web, Ltd.
Other product names mentioned herein are trademarks or registered
trademarks of their respective companies.
There might be further improvements and changes in the software not
described in this manual. The revised and amended versions of
this manual are available at www.drweb.com.
====================================================================
(C) 2003-2012 Doctor Web, Ltd.
Russia, Moscow - Saint Petersburg
http://www.drweb.com/
CONTENTS
1. INTRODUCTION
1.1. What is this manual about?
1.2 What is the Dr.Web(R) Daemon for Unix?
1.3. Dr.Web(R) reqirements to OS and hardware
2. Dr.Web(R) Daemon
2.1. Location of package files
2.2. Command line parameters
2.3. Configuring Dr.Web Daemon
2.4. Starting Dr.Web Daemon
2.5. Verifying availability of Dr.Web Daemon
2.6. Scan modes of Dr.Web Daemon
2.7. Package registration. License key file
2.8. Updating programs and virus bases
3. CONTACTS
1. INTRODUCTION
1.1. What is this manual about
The present manual describes the antivirus module Dr.Web Daemon for
UNIX-based systems - Linux, FreeBSD, SunOS Solaris and OpenBSD.
This manual is designed for the system administrator, responsible for
antivirus security and network settings (hereinafter "administrator").
Antivirus protection of UNIX-based operating systems has two aspects:
- protection of local system and user data from the destructive activity of
viruses;
- diagnostics and neutralization of viruses when using UNIX-systems as
platforms for communication services: mail servers, file servers of local
networks, etc.
Viruses can be (and in most cases, they are) designed not directly for
UNIX-systems. Through local networks and mail services ordinary Windows
viruses are distributed, including macro-viruses for Word, Excel and other
office applications.
Dr.Web antivirus package for UNIX-systems consists of two major components
and performs two functions.
Scanning module Dr.Web Scanner detects and cures viruses on the local
computer. GUI module for Scanner makes setup process and operation management
much easier.
Antivirus resident module Dr.Web Daemon can be used almost in any data
processing scheme as an external antivirus filter plug-in. For example, mail
systems (such as Communigate Pro, Sendmail, Postfix, Exim, QMail, ZMailer
and other) can be easily adjusted to use Dr.Web Daemon for checking e-mail
messages, transmitted by the mail server.
In the present manual basic steps of setup (chapter 2.1), adjustment (chapters
2.2 and 2.3) and launch (chapters 2.4, 2.5, 2.6) procedures of Dr.Web Daemon
will be discussed.
Information on setup, adjustment and launch of Dr.Web Scanner is available
in the corresponding manual (readme.scanner file).
Dr.Web products are developing permanently. Add-ons to virus databases
are released daily or even several times a day. New versions of programs
appear. Diagnostics techniques and methods of antivirus protection, as well
as integration with other applications of UNIX-systems are improved regularly.
Besides that, the list of applications compatible with Dr.Web is constantly
expanding, therefore some settings and functions of any new version may
differ from those described in this manual.
1.2. What is the Dr.Web(R) Daemon for Unix?
Dr.Web Daemon is a permanently loaded Dr.Web Antivirus module that
can scan for viruses files on disk or data, transferred through socket
on request from filtering programs. Requests are made using special protocol
via unix-sockets or TCP sockets. Dr.Web Daemon:
- uses the same antivirus engine and virus databases as Scanner;
- detects and cures all known viruses;
- checks packed files and archives.
Besides, Dr.Web Daemon has option to filter mail messages based on
e-mail headers analysis results.
Dr.Web Daemon is always running and has clear and easy protocol for sending
scanning requests, which make it a perfect solution as antivirus filter
for mail transfer systems and file servers. Dr.Web developers offer ready-made
solutions for Dr.Web Daemon integration with CommuniGate Pro, Courier-MTA,
Exim, Postfix, QMail, Sendmail and ZMailer MTAs, as well as with Samba file
servers and applications using ICAP protocol (Squid and Shweby proxy-servers).
You can also use Dr.Web Daemon for any other tasks.
Dr.Web Daemon installation is described in chapter 2 together with program
and virus databases update process.
1.3. Dr.Web(R) requirements to OS and Computer
Components of Dr.Web package for Linux are compatible with Linux
distributions based on glibc version 2.2 or higher.
libstdc++ and libgcc_s libraries must be installed and available for the
linker by default.
Regarding the hardware, the Dr.Web requirements are similar to those
of the console (text) mode for Linux. For installation of the Dr.Web package
approximately 50 Mb of the disk space are required.
2. USING Dr.Web(R) DAEMON
In this section location of Dr.Web package files, command line parameters for
Dr.Web Daemon, configuration file structure and parameter values, module
setup and updating are described.
2.1. Location of package files
The Dr.Web package is installed by default to the directories
/opt/drweb, /etc/drweb and /var/drweb.
The subdirectories structure created in these directories is described below.
/opt/drweb - executable program modules of the Scanner (drweb) and
the Daemon (drwebd).
/opt/drweb/lib/ - antivirus Engine in form of the loadable library
(drweb32.dll).
/var/drweb/bases/*.vdb - database of known viruses.
/etc/drweb/drweb32.ini - configuration file.
/opt/drweb/lib/ru_daemon.dwl - language resource file.
/opt/drweb/doc/ - documentation.
All the manuals are released as ordinary text files in English and
Russian (KOI8-R encoding) languages.
/opt/drweb - updating module (a perl script "update.pl").
/opt/drweb/agent/ - meta-configuration files, necessagry for Agent
operation.
/var/drweb/infected/ - quarantine directory for moving there infected
files, if the corresponding reaction is set in configuration file for infected
or suspicious files detected.
2.2. Dr.Web(R) Daemon command line parameters
As every UNIX program Dr.Web Daemon supports command line parameters.
They are separated from specified path by white space and are prefixed by
hyphen ("-") symbol. To get complete list of parameters, launch Daemon
with -?, -h or -help parameters.
-ini=<file> - use of alternative configuration file;
-lng=<file> - use of alternative language file. If English interface has been
chosen during installation, specify ru_daemon.dwl to display program messages
in Russian language.
--foreground=<yes|no> - setting up Daemon operation mode at launch. If "Yes"
value is specified, Daemon will work in foregroung; with "No" value specified,
Daemon will operate in daemon mode.
--check-only <command line parameters for check> - checking validity of
Daemon's configuration at start. If some command line parameters are also
specified, their validity will be checked as well.
-a=<Control Agent address> - running Daemon in central protection mode.
--only-key - nothing but key file is received from the Control Agent at start.
2.3. Configuring Dr.Web(R) Daemon
Daemon can be used with default settings, but it is much more convenient
to set it up according to your requirements and situations. Daemon settings
are stored in configuration file (drweb32.ini by default) which is located in
/etc/drweb directory. To use another configuration file specify
its full path using command line parameter, e.g.
> $ /opt/drweb/drwebd -ini=/usr/local/drweb/drwebd.ini
Configuration file is a text file, therefore it can be edited by any text
editor. It has the following structure:
--- Beginning of file ---
[Name of section 1]
Parameter1 = value1, ..., valueK
.....
ParameterM = value1, ..., valueK
......
[Name of section X]
Parameter1 = value1, ..., valueK
.....
ParameterY = value1, ..., valueK
--- end of file ---
If the line begins with ";" or "#" symbols, it is considered to be the line of
comments. These lines are skipped when reading parameters from the
configuration file.
If any parameter is commented out or not specified, it does not mean
that this parameter has no value. In this case the hardcoded default value
will be used. Only some parameters are optional or do not have default values.
Every such case will be described separatedly.
Parameter values can be included in brackets (and must be included
in brackets when contain white spaces). Some parameters can have several
values, with comma used as delimiter. If values are included in {},
then the parameter may take only one value from the specified.
Settings for Dr.Web Daemon module can be found in [Daemon] section of the
main configuration file.
Parameters will be described as follows:
ParameterName = ParameterPseudoValue
Parameter description
{May have or not several values}
Default value:
{value | unspecified}
Parameters are described in the order they are presented in main configuration
file.
EnginePath = {path to file, usual extensions is *.dll}
Location of drweb32.dll module (Engine). This parameter is also used
by update utility.
Default value:
/opt/drweb/lib/drweb32.dll
VirusBase = {list of paths (masks) to files, usual extension is *.vdb}
Masks for loading virus databases. This parameter is also used by
update utility. Several masks can be listed.
Default value:
/var/drweb/bases/*.vdb,/var/drweb/bases/*.VDB
UpdatePath = {path to directory}
This parameter is used by update utility (update.pl) and is mandatory.
Default value:
/var/drweb/updates
TempPath = {path to directory}
Directory for Engine to create temporary files. Usually it is not used
but sometimes is needed to unpack certain archives or when system
is short of memory resources.
Default value:
/var/drweb/spool
Key = {path to file, usual extension is *.key}
Key file location (license or demo).
Default value:
/opt/drweb/drweb32.key
PleskPublicKey = {path to file}
Path to file with public RSA key for Plesk Software (this parameter
is required only when using this software). It is recommended to use
absolute paths; still, the relative paths are acceptable too.
Default value:
/etc/drweb/plesk.key
OutputMode = {Terminal | Quiet}
Information output mode at launch: Terminal outputs to console,
Quiet disables output.
Default value:
Terminal
RunForeground = {Yes | No}
Disables/enables daemon mode for Dr.Web Daemon. With Yes value it can
no longer act in the background without controlling terminal. This
option can be used by certain monitoring utilities
(i.e., daemontools).
Default value:
No
User = {user name}
User account with appropriate rights to be used by Daemon.
It is strongly recommended to create a separate "drweb" user account,
which will be used by Daemon and filters. It is not recommended to run
Daemon with root privileges, although it may take less time to set it
up (especially with Samba servers).
This parameter value cannot be changed when reloading configuration
using SIGHUP.
Default value:
drweb
PidFile = {path to a file}
Specified file contains Daemon pid and Unix-socket (if Socket
parameter enables usage of unix-socket) or port number (if Socket
parameter enables usage of TCP socket). If more than one Socket
parameter is specified, this file will contain information on all the
sockets (one per line). This file is created every time Daemon starts.
Default value:
/var/drweb/run/drwebd.pid
BusyFile = {path to a file}
File where Daemon execution flag is stored. This file is created by a
Daemon's child process upon a receipt of the corresponding command
and removed after successful execution of this command. Filenames
created by each Daemon child process are appended by a point and
ASCIIZ representation of pid (e.g., /var/run/drwebd.bsy.123456).
Default value:
/var/drweb/run/drwebd.bsy
ControlAgent = {socket address}
Agent address. If the value of OnlyKey parameter is set to No, then
Daemon receives both key file and configuration file from Agent.
Default value:
local:/var/drweb/ipc/.agent
OnlyKey = {Yes | No}
When enabled, only key file will be requested from Agent.
Local configuration file will be used.
Default value:
No
ProcessesPool = {string}
Process pool settings.
At first, number of processes in a pool is defined:
* auto - number of processes in a pool is automatically detected,
depending on the current system load;
* N - non-negative integer. At least N processes in a pool will be
active, and new processes will be created as required;
* N-M - positive integers, and M>=N. At least N processes in a pool
will be active, and new processes will be created as
required until the number of processes reaches M value.
Further the following additional parameters can be specified:
* timeout = {time in seconds} - if a process does not become active during
the specified period of time, it is closed. This
parameter does not affect the first N processes, which
are waiting for requests infinitely.
Default value: 120
* stat = {yes|no} - statistics for processes in a process pool.
If specified value is yes, pool statistics will be output to
the log file.
Default value: no
* stop_timeout = {time in seconds} - maximum time for a working process to
stop.
Default value: 1
MailCommand = {command}
Command used by Daemon and update utility for sending out
notifications and information bulletins on new updates to user
(administrator) via e-mail. If less than two weeks left until the key
file (or one of the key files) expires, Daemon starts sending out
notifications every time system launches, restarts or reboots.
Default value:
/usr/sbin/sendmail -i -bm -f drweb -- root
NotifyPeriod = {numeric value}
This parameter value specifies the length of a period (in days) before
the license expiration date, from the beginning of which Daemon starts
sending out notifications of license renewal. When parameter value is
set to 0 Daemon starts sending out notifications immediately after the
key file expires.
Default value:
14
NotifyFile = {path to file}
File with a timestamp of last notification of license renewal. It is
send out to administrator after the key file expires.
Default value:
/var/drweb/.notify
NotifyType = {Once | Everyday | Ever}
Frequency of dispatch of notifications about license expiration.
Once - notification is sent only once. Everyday - notification is
sent daily. Ever - notification is sent every time Daemon restarts
or every time bases update.
Default value:
Ever
FileTimeout = {value in seconds}
Maximum time for Daemon to perform a scan of one file.
Default value:
30
StopOnFirstInfected = {Yes | No}
Enables/disables termination of the process of message scan
after the detection of first virus. Yes value may considerably reduce
mail-server load and message scan time.
Default value:
No
ScanPriority = {value}
Daemon process priority. Value must be within <20>20 (highest priority)
to 20 (lowest priority) range. Please note that lowest priority value
for Linux is 19.
Default value:
0
FilesTypes = {extension list}
File types to be checked <20>by type<70>, i.e. when ScanFiles parameter
(explained below) has ByType value. <20>*<2A> and <20>?<3F> symbols are allowed.
This parameter can be multi-string (specified lists are summed up).
Default value:
<20><><EFBFBD><EFBFBD><EFBFBD>
FilesTypesWarnings = { Yes | No }
Enables/disables warning for unknown file types.
Default value:
Yes
ScanFiles = {All | ByType }
Files to be checked after extraction from archive. ByType value
enables scan of files with extensions specified either by default or
in FilesTypes parameter (or parameters). Mode All is always enabled
for mail messages. ByType value can be used only in local scan mode.
Default value:
All
CheckArchives = {Yes | No}
Enables/disables extracting of files archived with ZIP (WinZip,
InfoZIP, etc.), RAR, ARJ, TAR, GZIP, CAB and other archivers.
Default value:
Yes
CheckEMailFiles = {Yes | No}
Enables/disables scanning mail messages.
Default value:
Yes
ExcludePaths = {list of paths (masks) to be excluded from scan}
Masks for files which should not be checked.
Default value:
/proc,/sys,/dev
FollowLinks = {Yes | No}
Enables/disables following symbolic links.
Default value:
No
RenameFilesTo = {mask}
Mask for renaming infected or suspicious files using custom file
extensions if action Rename is specified.
Default value:
"#??" first character of file extension will be replaced by
"#" symbol, two subsequent characters will be preserved.
If file has no extension, it will consist only of "#" symbol.
MoveFilesTo = {path to directory}
Quarantine directory for transfer of infected files. This parameter is
used only when Daemon is integrated with on-access scanner for Samba.
Default value:
/var/drweb/infected
BackupFilesTo = {path to directory}
Directory for backup copies of infected files if requested action
was Cure.
Default value:
/var/drweb/infected
LogFileName = {path to log file}
Log file location. You can specify syslog as parameter value and
logging will be carried out by syslogd system service. In this case
SyslogFacility and SyslogPriority parameters (explained below) must
be also specified. As syslog uses several files for logging various
events of different importance, these two parameters and syslog
configuration file (usually /etc/syslogd.conf) determine location
where information is logged to.
Default value:
/var/drweb/log/drwebd.log
SyslogFacility = {Daemon | Local0 .. Local7 | Kern | User | Mail}
Log type when syslogd system service is used.
Default value:
Daemon
SyslogPriority = {Alert | Warning | Notice | Info | Error}
Log priority when syslogd system service is used.
Default value:
Info
LimitLog = {Yes | No}
Enables/disables limit for log file size. Parameter is ignored when
LogFileName = syslog. When current log file size exceeds MaxLogSize
parameter value, log file is erased and started from scratch.
Default value:
No
MaxLogSize = {value in Kbytes}
Maximum log file size. Can be used with LimitLog = Yes only.
Default value:
512
LogScanned = {Yes | No}
Enables/disables logging of information about all scanned objects
(infected, suspicious and clean).
Yes
LogPacked = {Yes | No}
Enables/disables logging of additional information about files packed
with DIET, PKLITE and other utilities.
Default value:
Yes
LogArchived = {Yes | No}
Enables/disables logging of additional information about files archived with various archiving utilities.
Default value:
Yes
LogTime = {Yes | No}
Enables/disables logging of timestamp for each record. Parameter is
not used if LogFileName = syslog.
Default value:
Yes
LogProcessInfo = {Yes | No}
Enable/disable logging of every scanning process pid and filter
address (host name or IP) from which scanning has been activated.
This data is placed before each record.
Default value:
Yes
RecodeNonprintable = {Yes | No}
Nonprintable characters output mode for given terminal.
Default value:
Yes
RecodeMode = {Replace | QuotedPrintable}
Decoding mode for nonprintable characters if RecodeNonprintable = Yes.
Replace parameter value substitutes all nonprintable characters by
RecodeChar parameter value (see below). QuotedPrintable parameter
value converts all nonprintable characters to Quoted Printable format.
Default value:
QuotedPrintable
RecodeChar = {"?" | "_" | ...}
Symbol to replace nonprintable characters if RecodeMode = Replace.
Default value:
"?"
Socket = {PORT [interfaces] | FILE [access]}
Description of a socket used for communication with Daemon.
Sockets can be specified in several ways.
If it is necessary to specify several socket addresses in one string, you should use TYPE:ADDRESS format, where TYPE is the type of socket: inet - TCP socket, local or unix - UNIX socket.
Example:
Socket = inet:3000@127.0.0.1,local:%var_dir/.drwebd
Also you can specify socket address in PORT [interfaces] | FILE [access] format.
For a TCP socket, specify decimal port number (PORT) and the list of interface names or IP addresses for incoming requests (interfaces).
Example:
Socket = 3000 127.0.0.1, 192.168.0.100
For UNIX sockets, specify socket name (FILE) and access permissions in octal form (access).
Example:
Socket = %var_dir/.drwebd 0660
Default value:
3000, localhost
/var/drweb/run/.daemon.
SocketTimeout = {value in seconds}
Maximum time for data transfer via socket (file scanning time is
not included).
Default value:
10
The following parameters can be used to reduce archive scan time (some objects
in archives will not be checked). If object falls under restrictions set by
these parameters, ArchiveRestriction procedure is applied. ArchiveRestriction
parameter value is specified in configuration files of various filters.
MaxCompressionRatio = {value}
Maximum compression ratio, i.e. ratio of unpacked file size to packed
file size (inside archive). If the ratio exceeds specified value, file
will not be extracted and therefore will not be checked. Messages with
such file will be treated as mail bomb.
Default value:
500
CompressionCheckThreshold = {value in Kbytes}
Minimum size of the file inside archive, beginning from which maximum
compression ratio check will be performed (if it is specified by
MaxCompressionRatio parameter value).
Default value:
1024
MaxFileSizeToExtract = {value in Kbytes}
Maximum unpacked size for the file in an archive. If unpacked size
exceeds specified value the archive will not be scanned.
Default value:
40960
MaxArchiveLevel = {value}
Maximum archive nesting level. If archive nesting level exceeds
specified value, the archive will not be scanned.
If value is set to 0, nesting level will not be limited.
Default value:
8
ClientsLogs = {list}
Splitting the log files.If after communicating with Daemon client uses
the option to transfer its ID, log file will be substituted with the
file specified in this parameter.
The log files are defined in the following way:
<client name1>:<path to file>, <client name2>:<path to file>
Client name may be one of the following
web - Dr.Web Icap
smb_spider - Dr.Web Samba SpIDer
mail - Dr.Web MailD
drwebdc - console client for Dr.Web Daemon
Log files definitions are delimited by commo or whitespace. No more
than 4 definitions can be specified.
Example:
drwebdc:/var/drweb/log/drwebdc.log,smb_spider:syslog,mail:/var/drweb/log/drwebmail.log
Also if client uses the option to transfer its ID, scanning result will
begin with prefix defined by the client ID.
Following prefixes are possible:
<web> - Dr.Wen Icap
<smb_spider> - Dr.Web Samba SpIDer
<mail> - Dr.Web MailD
<drwebdc> - console client for Dr.Web Daemon
Default value:
MaxBasesObsolescencePeriod = {time}
A maximum period of time (in hours) since the last update to consider
virus databases up-to-date. After this period expires, a notification
about obsolete virus databases is output to console. If the value of
this parameter is set to 0, then update status of virus bases is not
checked, and no notification is output.
Default value:
24
MessagePatternFileName = {path to file}
Path to template for message about license expiration.
You can define expiration message according to your requirements.
You can use variables that will be substituted for the following values:
$EXPIRATIONDAYS <20> number of day left until the license would expire;
$KEYFILENAME <20> path to license key file;
$KEYNUMBER - license number;
$KEYACTIVATES <20> license activation date;
$KEYEXPIRES <20> license expiration date.
If there is no user-defined template, standard message in English will be used.
Default value:
/etc/drweb/msg.tmpl
2.4. Starting Dr.Web(R) Daemon
When Daemon is launched (with default settings) the following actions are taken:
- configuration file is located and loaded. If configuration file is not found,
loading process terminates. Path to configuration file can be specified at
startup, by the command line parameter -ini: {path/to/your/drweb32.ini},
or default value (etc/drweb/drweb32.ini) can be used. At start several
parameters get validated, and if parameter value is not allowable default
value is applied;
- language file is loaded from the location specified in configuration file.
If language file is not found, all messages are displayed in English;
- log file is created. User account used by Daemon must have appropriate
privileges to write to the directory where log file is situated. Please note
that users have no write access to the default /var/log/ directory. If User
parameter is specified, you must also redefine LogFileName parameter and
provide alternative location;
- key file is loaded from the location specified in configuration file. If the
key file is not found, loading process terminates;
- if User parameter is specified, Daemon will offer to
create an appropriate user account (default value: drweb) and to use it with
the rights provided;
- Engine (drweb32.dll) is loaded. If Engine is damaged or not found (errors in
configuration file), loading process terminates;
- virus databases are loaded in arbitrary sequence from the location specified
in configuration file. If virus databases are damaged or absent, loading
process proceeds;
- Daemon enters daemon mode, so all information about loading problems can
not be output to console and is written to log file;
- socket for interaction between Daemon and other Dr.Web Antivirus modules is
created. When TCP-sockets are used, there can be several connections (loading
continues if at least one connection is established). When unix-socket is
used, Daemon's user account must have appropriate privileges to read from the
directory containing this socket and write to it. User accounts for e-mail
plugins must have execution access to the directory itself and write and read
access to the socket file. Please note that users have no write or execution
access to the default /var/run/ directory. If User parameter is specified, you
must also redefine Socket parameter and provide alternative location.
If socket can not be created, Daemon loading stops;
- pid-file with Daemon PID information and transport addresses is created.
User account used by Daemon must have appropriate privileges to write to the
directory containing pid-file. Please note that users have no write access to
the default /var/run/ directory. If User parameter is specified, you must also
redefine PidFile parameter and provide alternative location. If pid-file is
not created, loading process terminates.
2.5. Verifying availability of Dr.Web(R) Daemon
If no evident problems have occurred during load, Daemon is ready to work.
To make sure Daemon was loaded correctly, run netstat -a to check whether
all necessary sockets were created.
If TCP sockets are used:
--- cut ---
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:3000 *:* LISTEN
raw 0 0 *:icmp *:* 7
raw 0 0 *:tcp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 384 /dev/gpmctl
unix 0 [ ] STREAM CONNECTED 190 @0000001b
unix 1 [ ] STREAM CONNECTED 1091 @00000031
unix 0 [ ACC ] STREAM LISTENING 403 /tmp/.font-unix/fs7100
unix 4 [ ] DGRAM 293 /dev/log
unix 1 [ ] STREAM CONNECTED 1092 /dev/gpmctl
unix 0 [ ] DGRAM 450
unix 0 [ ] DGRAM 433
unix 0 [ ] DGRAM 416
unix 0 [ ] DGRAM 308
--- cut ---
If unix-sockets are used:
--- cut ---
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
raw 0 0 *:icmp *:* 7
raw 0 0 *:tcp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 384 /dev/gpmctl
unix 0 [ ] STREAM CONNECTED 190 @0000001b
unix 1 [ ] STREAM CONNECTED 1091 @00000031
unix 0 [ ACC ] STREAM LISTENING 1127 /opt/drweb/run/drwebd.skt
unix 0 [ ACC ] STREAM LISTENING 403 /tmp/.font-unix/fs7100
unix 4 [ ] DGRAM 293 /dev/log
unix 1 [ ] STREAM CONNECTED 1092 /dev/gpmctl
unix 0 [ ] DGRAM 450
unix 0 [ ] DGRAM 433
unix 0 [ ] DGRAM 416
unix 0 [ ] DGRAM 308
--- cut ---
If output to console differs from the result given above and any of the
sockets from the list is missing, some errors have occurred during load.
To run functional test and obtain service information use console client for
Daemon (drwebdc).
If TCP sockets are used:
$ drwebdc -nHOSTNAME -pPORTNUM -sv -sb
If unix-socket is used:
$ drwebdc -uSOCKETFILE -sv -sb
Client's output to console must contain all the parameters supported. The
following information must appear:
--- cut ---
- Version: DrWeb Daemon 6.02
- Loaded bases:
Base /var/drweb/bases/drwtoday.vdb contains 5 records.
Base /var/drweb/bases/drw50003.vdb contains 409 records.
Base /var/drweb/bases/drw50002.vdb contains 543 records.
Base /var/drweb/bases/drwebase.vdb contains 51982 records.
Base /var/drweb/bases/drw50001.vdb contains 364 records.
Total 53303 virus-finding records.
--- cut ---
If output to console differs from the result given above, try to run drwebdc
in enhanced diagnostic mode.
If TCP sockets are used:
$ drwebdc -nHOSTNAME -pPORTNUM -sv -sb -v
If unix-socket is used:
$ drwebdc -uSOCKETFILE -sv -sb -v
More detailed output may clarify the situation:
--- cut ---
dwlib: fd: connect() failed - Connection refused
dwlib: tcp: connecting to 127.0.0.1:3300 - failed
dwlib: cannot create connection with a DrWeb daemon
ERROR: cannot retrieve daemon version
Error -12
--- cut ---
Open readme.eicar.rus test file from distribution package and follow
instructions to make eicar.com program in text editor. Then try to scan it
with Daemon.
If you have license for mail servers with 50 and more addresses:
For TCP sockets:
$ drwebdc -nHOSTNAME -pPORTNUM -e eicar.com
For unix-socket:
$ drwebdc -uSOCKETFILE -e eicar.com
If you have license for mail servers with 15 or 30 addresses:
For TCP sockets:
$ drwebdc -nHOSTNAME -pPORTNUM -e -FEMAIL_ADDRESS -REMAIL_ADDRESS
eicar.com
For unix-socket:
$ drwebdc -uSOCKETFILE -e -FEMAIL_ADDRESS -REMAIL_ADDRESS eicar.com
where EMAIL_ADDRESS is one of addresses from email.ini.
If you have license for file servers or internet-gateways:
For TCP sockets:
$ drwebdc -nHOSTNAME -pPORTNUM eicar.com
For unix-socket:
$ drwebdc -uSOCKETFILE eicar.com
Output to console must contain the following information:
--- cut ---
Results: daemon return code 0x20
(known virus is found)
--- cut ---
If diagnostics failed and no output appeared, check Daemon log file for the
record on the event. If there is no record, try to run drwebdc in enhanced
diagnostic mode. If you receive the same output that is given above, Daemon
is ready to work.
2.6. Check modes of the Dr.Web(R) Daemon
Dr.Web Daemon has two major scanning modes:
- scanning chunks of data received from socket;
- scanning files on disk (local scan).
In the first mode Daemon receives from socket chunks of data for scan. They
can be named or anonymous (this will affect only the way records are made in
Daemon log file). Daemon can perform scan of any chunk of data received from
socket, even a file.
In the second mode Daemon performs scan of the selected file on disk. Two
major advantages of local scan mode are increased productivity and simplicity.
Local scan mode is much more efficient. Console client or mail filter sends
Daemon only a path to file, not the whole file. Since clients can be located
on different computers, the path must be specified with regard to the actual
location of Daemon. Besides that, usage of this mode simplifies creation and
deployment of reliable solutions for content scan and curing of infected files
(e.g. on file servers).
Please note that local scan mode requires more accurate adjustment of user
rights. Daemon must have read access to each file specified. If you run Daemon
on mail server with Cure and Delete options enabled, you must allow write
access either. Usage of Daemon with mail servers requires special attention
because mail filters usually act on behalf of the mail system and use its
rights.
In local scan mode mail filter usually creates a file with the message
received from the mail system and provides Daemon a path to it. At this point
you must carefully specify access rights to the directory where filters create
appropriate files. We recommend either to include user whose rights are used
by Daemon into the mail subsystem group, or to run Daemon with the rights of
the mail system user.
Properly adjusted system doesn't require Daemon to use root privileges.
2.7. Package registration. License key file
User rights for using Dr.Web products are controlled by special file called
license key file. License key file contains the following information:
- list of Dr.Web components licensed to user;
- licensed versions of Dr.Web products;
- license expiration date;
- other restrictions (for example, number of protected PCs).
License key file has *.key extension and by default must be placed in
directory for Dr.Web executable files.
License key file is digitally signed to prevent its editing. Edited license
key file becomes invalid. It is not recommended to open your license key
file in text editor to avoid its accidental corruption.
Users who have purchased Dr.Web products from Dr. Web certified partners
obtain the license key file. The parameters of the key file are specified
according to the license user has paid for. The license key file contains the
name of the user (or a company name), and the name of the selling company.
For evaluation purposes users may also obtain demo key file. It allows user
to enjoy full full functionality of the Dr.Web products, but has a limited
term of use, and no technical support is provided.
License key file may be supplied as a file with *.key extension, or as a zip
archive containing license key file.
License key file may be received using one of the following ways:
- Sent by e-mail as a zip archive containing license key file with *.key
extension (usually after registration on the web site). Extract license key
file using the appropriate archiving utility and place it to /opt/drweb
directory.
- Included into the distribution package.
- Supplied on a separate media as a file with *.key extension. In this case
user must copy it manually to /opt/drweb directory.
License key file is sent to user via e-mail usually after registration on the
web site (web site location is specified in registration card accompanying
the product). Visit the site, fill in the web form with your customer data and
submit your registration serial number (printed on the registration card).
License key file will be sent to the e-mail address specified.
It is recommended to keep license key file until it expires, and use it when
reinstalling or repairing Dr.Web product installation. If the license key file
is lost, it can be recovered by re-registration at the web site. In this case
you must use the same product serial number and customer data that you
have used during the first registration, only e-mail address can be changed
(in this case license key file will be sent to the new e-mail address).
Registration with the same product serial number can be performed up to 25
times. If you need to recover lost license key file after 25th registration,
you must make a request for license key file recovery on
http://support.drweb.com/request/, and also specify all data used during
previous registrations, valid e-mail address and detailed description of the
situation. License key file will be sent to you by technical support service
using e-mail address specified.
Path to license key files must be specified in Key parameter value
in corresponding section of configuration file (drweb32.ini).
For example,
Key = /opt/drweb/drweb32.key
If license key file specified in Key parameter value in [Daemon] section
failed to read (wrong path, permission denied), expired, blocked or invalid,
Daemon tries to find installed Plesk Software. In this case it works in trial
mode and protects only 15 (or less) e-mail addresses received from Plesk.
Othewise Daemon will return DERR_LICENSE_ERROR error code when trying to scan
files.
Daemon terminates.
When less than two weeks is left until license expiration, Daemon notifies
user via e-mail. Messages are sent at Daemon startup, restart or reload for
every license key file installed. To enable this option you must set up
MailCommand parameter in [Daemon] section of drweb32.ini file.
Daemon can use several license key files simultaneously. For each of them Key
parameter value in [Daemon] section of drweb32.ini file must be specified.
For example,
Key = /opt/drweb/drwebFS.key
Key = /opt/drweb/drwebMS.key
Key = /opt/drweb/drwebGW.key
In this case Daemon merges if possible all license rights from
all available license key files. Please note that it is impossible
to use license key files for address and traffic licenses simultaneously.
2.8. Updating programs and virus bases
Dr.Web program components require regular updating.
For successful operation of antivirus and traffic filtering modules, virus
bases of the known viruses and content-specific black and white lists must
be updated regularly.
For automatic receipt and installation of the virus bases, add-ons,
content-specific black and white lists an updating module Dr.Web Updater
must be used, from the directory containing package executable files:
> /opt/drweb/update.pl
For details on setup and configuration of this module, please, refer to the
corresponding documentation (readme.updater).
3. CONTACTS
Dr.Web program is developing permanently.
To get news and new information about updates, please visit our web-site:
http://www.drweb.com
Marketing dept.:
http://buy.drweb.com
e-mail: sales@drweb.com
Support:
http://support.drweb.com
E-Mail: support@drweb.com
Please include the following information into your problem report:
- full name and version of your UNIX distribution;
- Dr.Web version that is logged during program start;
- versions of applications and filters the Dr.Web Daemon is integrated
with;
- configuration files of the daemon and the applications the Dr.Web
Daemon is integrated with;
- log files of the daemon, filters and other applications the
Dr.Web Daemon is integrated with.
Reference in New Issue View Git Blame Copy Permalink