server/opt/drweb/doc/config_file

Dr.Web (R) Configuration file
$Revision: 1.90.2.19 $



+-------------------------------------------------------------------+
|                          SECTION: Daemon                          |
|                                                                   |
| Dr.Web Daemon general settings.                                   |
+-------------------------------------------------------------------+


EnginePath = {FilePath} (/var/drweb/lib/drweb32.dll)
drweb32.dll (Engine) location. This parameter is also used by Updater.


VirusBase = {Lookups} (/var/drweb/bases/*.vdb)
Masks for downloaded virus bases. This parameter is also used by the updating
module for updating of antivirus bases. Listing of several masks is allowable.


UpdatePath = {FilePath} (/var/drweb/updates)
Path to directory, where files dowloaded by updating module are stored (except
for drweb32.dll and virus bases). Value of this parameter is mandatory.


TempPath = {FilePath} (/var/drweb/spool)
Path to directory used by antivirus module (Engine) for creating of temporary
files. During normal operation process this directory is not used. It is used
for unpacking archives, or when system lacks memory resources.


Key = {FilePath} (/opt/drweb/drweb32.key)
Location of the key file (license or demo).


PleskPublicKey = {FilePath} (/etc/drweb/plesk.key)
Path to Plesk public RSA key file.


OutputMode = {Quiet|Terminal} (Terminal)
Information output mode at start. "Terminal" value outputs information to
console, "Quiet" value disables output.


RunForeground = {Boolean} (no)
Yes value of this parameter disables the daemon mode of the Dr.Web Daemon,
i.e. to operate in the background without the controlling terminal. This option
can be used by certain monitoring tools (or example, by daemontools).


User = {String} (drweb)
User account with appropriate rights to run Daemon. It's recommended to create
special user "drweb" which will be used by Daemon and filters. Running Daemon
with Administrator privileges is insecure and therefore undesirable. User
parameter value cannot be changed when reloading configuration using SIGHUP!


PidFile = {FilePath} (/var/drweb/run/drwebd.pid)
Path to file where Daemon PID and socket or the port number will be written to
at start. If several Socket parameters are specified, this file will contain
information aboutn all sockets set (one address per line).


BusyFile = {FilePath} (/var/drweb/run/drwebd.bsy)
Path to Daemon busy file. This file is created by Daemon scanning copy and
removed after successful execution of corresponding command. Names of the files
created by each copy of the Daemon are appended with a point and ASCIIZ
representation of PID (e.g., /var/run/drwebd.bsy.123456).


ProcessesPool = {String} (auto,timeout=120,stop_timeout=1,stat=no)
Process pool settings.
  At first, number of processes in a pool is defined:

            * auto - number of processes in a pool is automatically detected,
                     depending on the current system load;

            * N    - non-negative integer. At least N processes in a pool will
                     be active, and new processes will be created as required;

            * N-M  - positive integers, and M>=N. At least N processes in a
                     pool will be active, and new processes will be created as
                     required until the number of processes reaches M value.

  Further the following additional parameters can be specified:

    * timeout = {time in seconds} - if a process does not become active during
                the specified period of time, it is closed. This parameter
                does not affect the first N processes, which are waiting for
                requests infinitely.
                Default value: 120

    * stat = {yes|no} - statistics for processes in a process pool. 
                If specified value is yes, pool statistics will be output to 
                the log file when SIGUSR1 signal will be received.
                Default value: no

    * stop_timeout = {time in seconds} - maximum time for a working process to
                stop.
                Default value: 1


OnlyKey = {Boolean} (no)
When enabled, only key file will be requested from Agent.
Local configuration file will be used.


ControlAgent = {String} (local:/var/drweb/ipc/.agent)
Agent address. If the value of OnlyKey parameter is set to No, then Daemon
receives both key file and configuration file from Agent.


MailCommand = {String} ("/usr/sbin/sendmail -i -bm -f drweb -- root")
Command used by Daemon and Updater to send notifications to a user
(administrator) via e-mail. Daemon uses this feature at every start (restart,
reboot), if less than two weeks left until the key file (one of key files)
expires. Updater uses this feature to send information bulletins by Doctor Web,
Ltd.


NotifyPeriod = {Digital} (14)
Number of days before license key expiration to start sending notifications
about license renewal. When parameter value is set to 0, notifications will be
sent only when license key is expired.


NotifyFile = {FilePath} (/var/drweb/.notify)
Path to file with a timestamp of last notification sent to Administrator about
license key expiration.


NotifyType = {Ever|Everyday|Once} (Ever)
Frequency of notifications dispatch. When parameter value is set to "Once",
notification will be sent only once. With "Everyday" value specified
notifications will be sent once a day. With "Ever" value specified
notifications will be sent at every reload of the Daemon and after every
update.


FileTimeout = {Digital} (30)
Maximum time to one file scan in seconds


StopOnFirstInfected = {Boolean} (no)
Termination of message scan after detection of the first virus. With "Yes"
value specified mail-server load and message check time can be reduced
considerably.


ScanPriority = {String} (0)
Daemon processes priority. The range of this parameter value must be within
-20 (highest priority) to 20 (lowest priority).


FilesTypes = {MultiString} (EXE,COM,SYS,OV?,BAT,BIN,DRV,PRG,BOO,
SCR,CMD,VXD,386,DLL,FON,DO?,XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,AR?,
ZIP,R??,PP?,OBJ,LIB,HLP,MD?,INI,MBR,IMG,CSC,CPL,MBP,SHS,SHB,PIF,
SO,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD,THE*,NWS,SWF,BMP,MPP,OCX,DVB,
CPY,MSG,EML)
File types to be checked during "by type" scan, i.e. when ScanFiles parameter
has the ByType value. "*" and "?" symbols are accepted. Several lines can be
specified for this parameter, and in this case the specified lists are summed
up.


FilesTypesWarnings = {Boolean} (yes)
Unknown file types alert.


ScanFiles = {ByType|All} (All)
Additional restriction for files to be checked.
Scan only files with extensions specified in FileTypes
parameter (value ByType) or all files (value All).
Value ByType of this parameter can be used only in local
scan mode (in other modes always used only All value).
In mailboxes are always scanned all files (independent of
ScanFiles parameter value).

Attention! In case in configuration of anti-virus plug-in
Drweb (used in product Dr.Web for UNIX mail servers) value
of parameter ScanType is specified to local or auto, setting
ScanFiles = ByType will force this plug-in to skip all email
messages WITHOUT anti-virus checking!


CheckArchives = {Boolean} (yes)
Whether to unpack ZIP (WinZip, InfoZIP...), RAR, ARJ, TAR, GZIP and CAB
archives, or not.


CheckEMailFiles = {Boolean} (yes)
Whether to scan files in e-mail formats, or not.


ExcludePaths = {Lookups} (/proc,/sys,/dev)
Masks for files to be excluded from scan by Daemon.


FollowLinks = {Boolean} (no)
Whether to follow symbolic links, or not.


RenameFilesTo = {String} (#??)
Mask for renaming files using custom file extension, if "Rename" action is
specified for infected or suspicious files. The first character of the file
extension is replaced with "#", and two subsequent characters will be
preserved. If a file has no extension, it will consist of only one "#" symbol.


MoveFilesTo = {DirPath} (/var/drweb/infected)
Path to quarantine directory.


BackupFilesTo = {DirPath} (/var/drweb/infected)
Path to directory used to store backups of infected files, which have been
cured.


LogFileName = {FilePath} (syslog)
Log filename. When "syslog" value is specified, report will be logged using
syslogd system service. Since syslog records information about various events
of different importance in several files, you can find out where information
about Scanner operation is stored using SyslogFacility and SyslogPriority
parameters and syslog configuration file (usually /etc/syslogd.conf).


SyslogFacility = {
   Mail|
   User|
   Kern|
   Local7|
   Local6|
   Local5|
   Local4|
   Local3|
   Local2|
   Local1|
   Local0|
   Daemon
} (Daemon)
Sets the log type when using syslogd system service.


SyslogPriority = {Error|Info|Notice|Warning|Alert} (Info)
Sets the log priority when using syslogd system service.


LimitLog = {Boolean} (no)
Specifies whether the log file size must be limited, or not. Parameter is
ignored when LogFileName parameter value is "syslog". When current log file
size exceeds the value set for MaxLogSize parameter, log file is erased and
started over from scratch.


MaxLogSize = {Digital} (512)
Maximum log file size. Can be used with LimitLog = Yes only.


LogScanned = {Boolean} (yes)
Whether to log or not information about all checked objects (infected and
clean).


LogPacked = {Boolean} (yes)
Whether to log or not additional information about files packed by DIET, PKLITE
and similar utilities.


LogArchived = {Boolean} (yes)
Whether to log or not additional information about files archived by RAR, ZIP,
TAR and similar archivers.


LogTime = {Boolean} (yes)
Whether to log or not the time for each record. This parameter is not used when
LogFileName is set to "syslog".


LogProcessInfo = {Boolean} (yes)
Whether to log or not clients address (hostname or IP) anp PID of every
scanning process.


RecodeNonprintable = {Boolean} (yes)
Output mode for nonprintable characters.


RecodeMode = {QuotedPrintable|Replace} (QuotedPrintable)
With RecodeNonprintable value set to "Yes" this parameter specifies decoding
method for nonprintable characters. If its value is set to "Replace", all such
characters are replaced with the RecodeChar parameter value. If its value is
set to "QuotedPrintable", Quoted Printable format is used for decoding.


RecodeChar = {Char} ("?")
Defines symbol to replace nonprintable characters if RecodeMode parameter value
is set to "Replace".


Socket = {MultiString} (/var/drweb/run/.daemon,3000, localhost)
Description of socket used for communication with Daemon. Sockets can be
specified in several ways.
If it is necessary to specify several socket addresses in one string,
you should use TYPE:ADDRESS format, where TYPE is the type of socket:
inet - TCP socket, local or unix - UNIX socket.
Example:
     Socket = inet:3000@127.0.0.1,local:%var_dir/.drwebd
Also you can specify socket address in PORT [interfaces] | FILE [access] 
format. For a TCP socket, specify decimal port number (PORT) and the list
of interface names or IP addresses for incoming requests (interfaces).
Example:
     Socket = 3000 127.0.0.1, 192.168.0.100
For UNIX sockets, specify socket name (FILE) and access permissions in 
octal form (access).
Example:
     Socket = %var_dir/.drwebd 0660


SocketTimeout = {Digital} (10)
Timeout in seconds to receive/send all data through socket (not considering
scanning time). If 0 - time is unlimited.


MaxCompressionRatio = {String} (500)
Maximum compression ratio, i.e. ratio of the unpacked file length to the
length of packed file in archive. If the ratio exceeds value specified for this
parameter, file will not be extracted and therefore will not be checked.
Parameter can take only natural values. If parameter value is set to 0, check
of compression ratio will not be carried out.


CompressionCheckThreshold = {Digital} (1024)
Minimum size of a file inside archive (in KBytes) beginning from which the compression
ratio check will be performed (if this is specified by the MaxCompressionRatio
parameter). If 0 - check will not be performed.


MaxFileSizeToExtract = {Digital} (40960)
Maximum unpacked size for the file in an archive(in KBytes). If unpacked size exceeds 
specified value the archive will not be scanned. If value is 0 then size is unlimited.


MaxArchiveLevel = {Digital} (8)
Maximum archive nesting level. If archive nesting level exceeds specified 
value, the archive will not be scanned.
If value is set to 0, nesting level will not be limited.


ClientsLogs = {String} (drwebdc:/var/drweb/log/drwebdc.log,smb_spider:syslog,mail:/var/drweb/log/drwebmail.log,kerio:syslog,lotus:syslog)
Splitting the log files.If after communicating with Daemon client uses 
the option to transfer its ID, log file will be substituted with the 
file specified in this parameter. 
The log files are defined in the following way:
<client name1>:<path to file>, <client name2>:<path to file>
Client name may be one of the following
    web
    smb_spider
    mail
    drwebdc
    kerio
    lotus
Example:
drwebdc:/var/drweb/log/drwebdc.log,smb_spider:syslog,
mail:/var/drweb/log/drwebmail.log,kerio:syslog,lotus:syslog

Also if client uses the option to transfer its ID, scanning result 
will begin with prefix defined by the client ID.
Following prefixes are possible:
    <web>
    <smb_spider>
    <mail>
    <drwebdc>
    <kerio>
    <lotus>


MaxBasesObsolescencePeriod = {Digital} (24)
A maximum period of time (in hours) since the last update to consider virus
databases up-to-date. After this period expires, a notification about obsolete 
virus databases is output to console. If the value of this parameter is set
to 0, then update status of virus bases is not checked, and no notification 
is output.


MessagePatternFileName = {String} (/etc/drweb/templates/drwebd/msg.tmpl)
Path to template for message about license expiration. 
You can define expiration message according to your requirements.
You can use variables that will be substituted for the following values:
      $EXPIRATIONDAYS — number of day left until the license would expire;
      $KEYFILENAME —  path to license key file;
      $KEYNUMBER -  license number;
      $KEYACTIVATES — license activation date;
      $KEYEXPIRES — license expiration date.
If there is no user-defined template, standard message in English will be used.


MailTo = {String} ()
Administrator email address to send messages about license expiration,
virus databases obsolescence, etc.


+-------------------------------------------------------------------+
|                         SECTION: Updater                          |
|                                                                   |
| Updater general settings.                                         |
+-------------------------------------------------------------------+


WorkingDir = {DirPath} (/var/drweb/updater/)
Path to working dir of updater.


UpdatePluginsOnly = {Boolean} (no)
"Yes" value enables updating of plug-ins only, without updating of Daemon and
Scanner at the same time.


Section = {Scanner|Daemon} (Daemon)
Defines which component must be updated. Information about files to be updated
is received from corresponding sections of configuration file. This value can
be overridden by command line parameter --what at startup.


ProgramPath = {FilePath} (/opt/drweb/drwebd)
Path to program files. Used by Updater to get product versions and API versions
for installed binaries.


SignedReader = {FilePath} (/opt/drweb/read_signed)
Path to program used by Updater to read signed files.


LzmaDecoderPath = {DirPath} (/opt/drweb)
Path to program used by Updater to unpack lzma-archives.


LockFile = {FilePath} (/var/drweb/run/update.lock)
Path to file used to prevent sharing of certain files during update.


CronSummary = {Boolean} (yes)
Enables output of update session log to stdout. It is used by cron daemon for
sending notifications to administrator.


DrlFile = {FilePath} (/var/drweb/bases/update.drl)
Path to file with list of currently available update servers. Updater randomly
selects server for each update session. This file is signed by Dr.Web. and
cannot be changed manually. It is updated automatically.


CustomDrlFile = {FilePath} (/var/drweb/bases/custom.drl)
Path to alternative file with list of currently available update servers.
Updater randomly selects server for each update session. This file is signed by
Dr.Web. and cannot be changed manually. It is updated automatically.


FallbackToDrl = {Boolean} (yes)
Defines behavior of Updater if both DrlFile and CustomDrlFile parameters are
set. If you enable FallbackToDrl parameter and Updater fails to update anything
using path specified in CustomDrlFile parameter value, it will use DrlFile
parameter value as fallback.


DrlDir = {DirPath} (/var/drweb/drl)
Path to directory containing signed *.drl files with lists of update servers
for Dr.Web plugins (e.g. VadeRetro antispam library) to be updated.


Timeout = {Digital} (90)
Timeout for updates to be downloaded. When this value is left empty, download
time is not limited.


Tries = {Digital} (3)
Number of attempts Updater makes to download updated files.


ProxyServer = {Address} ()
IP-address of a proxy server to be used during update process. Proxy server is
specified in the following format:
[http://]hostname[:port]
where optional elements are in square brackets. If port number is not
specified, then 3128 port will be used by default.

If you do not have proxy server, leave this value empty.


ProxyLogin = {String} ()
Proxy server authentication username. If you do not have proxy server, leave
this value empty.


ProxyPassword = {String} ()
Proxy server authentication password. If you do not have proxy server, leave
this value empty.


LogFileName = {FilePath} (syslog)
Log filename. When "syslog" value is specified, report will be logged using
syslogd system service. Since syslog records information about different events
of various importance to several files, you can find out where information
about Updater operation is stored using SyslogFacility and SyslogPriority
parameters and syslog configuration file (usually /etc/syslogd.conf).


LogLevel = {Quiet|Error|Warning|Info|Verbose|Debug} (Info)
Log verbosity level.


SyslogFacility = {
   Mail|
   User|
   Kern|
   Local7|
   Local6|
   Local5|
   Local4|
   Local3|
   Local2|
   Local1|
   Local0|
   Daemon
} (Daemon)
Sets the log type when using syslogd system service.


LotusdPidFile = {FilePath} (/var/drweb/run/drweblotusd.pid)
Path to pid file of Lotusd.


MaildPidFile = {FilePath} (/var/drweb/run/drweb-maild.pid)
Path to pid file of Maild.


IcapdPidFile = {FilePath} (/var/drweb/run/drweb_icapd.pid)
Path to pid-file of Icapd.


BlackListPath = {DirPath} (/var/drweb/dws)
Path to dir with dws-files.


AgentConfPath = {FilePath} (/etc/drweb/agent.conf)
Path to agent config file.


PathToVadeRetro = {FilePath} (/var/drweb/lib/libvaderetro.so)
Path to shared library libvaderetro.so .


ExpiredTimeLimit = {Digital} (14)
A number of days left before license key file expiration. During this period
Updater will make attempts to renew the key.


ESLockfile = {FilePath} (/var/drweb/run/es_updater.lock)
Path to lockfile. There is the file, so the updater can not do its work.