Configuration Parameters

 Top  Previous  Next

The component uses configuration parameters which are specified in the [NSS] section of the integrated configuration file of Dr.Web for UNIX File Servers.

The section contains the following parameters:

LogLevel

{logging level}

Logging level of the component.

If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method

LogProtocol

{Boolean}

Indicates whether protocol messages are registered in the log file of NSS volume monitor SpIDer Guard for NSS.

Allowed values:

Yes—messages are registered.

No—messages are not registered.

Default value: No

ExePath

{path to file}

Path to the executable file of the component.

Default value: <opt_dir>/bin/drweb-nss

For Linux: /opt/drweb.com/bin/drweb-nss

Start

{Boolean}

The component must be launched by the Dr.Web ConfigD configuration daemon.

When you specify the Yes value for this parameter, it instructs the configuration daemon to start the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately.

Default value: No

NssVolumesMountDir

{path to directory}

Path to the file system directory where NSS file system volumes are mounted.

Default value: /media/nss

ProtectedVolumes

{volume name}

Names of NSS file system volumes mounted on NssVolumesMountDir and protected by the suite. If no value is specified, all volumes in the volume mounting point of NssVolumesMountDir must be protected.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list of volumes vol1 and vol2.

1.Adding of values to the configuration file.

Two values in one string

[<%NSSSPIDER_SECTION%>]
ProtectedVolumes = "vol1", "vol2"

Two strings (one value per a string)

[<%NSSSPIDER_SECTION%>]
ProtectedVolumes = vol1
ProtectedVolumes = vol2

2.Adding values via the command drweb-ctl cfset.

# drweb-ctl cfset <%NSSSPIDER_SECTION%>.ProtectedVolumes -a vol1
# drweb-ctl cfset <%NSSSPIDER_SECTION%>.ProtectedVolumes -a vol2

Default value: (not set)

ExcludedPath

{path to file or directory}

Path to the object which must be skipped during scanning. You can specify a directory or file path. If a directory is specified, all directory content including subdirectories will be skipped. The exception is objects paths to which are specified in the parameter IncludedPath—such objects will be scanned.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list the files /etc/file1 and directory /usr/bin.

1.Adding of values to the configuration file.

Two values in one string

[<%NSSSPIDER_SECTION%>]
ExcludedPath = "/etc/file1", "/usr/bin"

Two strings (one value per a string)

[<%NSSSPIDER_SECTION%>]
ExcludedPath = /etc/file1
ExcludedPath = /usr/bin

2.Adding values via the command drweb-ctl cfset.

# drweb-ctl cfset <%NSSSPIDER_SECTION%>.ExcludedPath -a /etc/file1
# drweb-ctl cfset <%NSSSPIDER_SECTION%>.ExcludedPath -a /usr/bin

Paths in the list must be relative to a path indicated in NssVolumesMountDir.

Default value: (not set)

IncludedPath

{path to file or directory}

Path to the object which must be scanned. You can specify a directory or file path. If a directory is specified, all directory content will be scanned.

This parameter can be used only if you want to allow scanning of separate objects (files and subdirectories) paths to which is specified in the parameter ExcludedPath. In addition, this parameter has priority over the parameter ExcludedPath: if a path to an object is specified in the both parameters, this object will be scanned.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list the files /etc/file1 and directory /usr/bin.

1.Adding of values to the configuration file.

Two values in one string

[<%NSSSPIDER_SECTION%>]
IncludedPath = "/etc/file1", "/usr/bin"

Two strings (one value per a string)

[<%NSSSPIDER_SECTION%>]
IncludedPath = /etc/file1
IncludedPath = /usr/bin

2.Adding values via the command drweb-ctl cfset.

# drweb-ctl cfset <%NSSSPIDER_SECTION%>.IncludedPath -a /etc/file1
# drweb-ctl cfset <%NSSSPIDER_SECTION%>.IncludedPath -a /usr/bin

Paths in the list must be relative to a path indicated in NssVolumesMountDir.

Default value: (not set)

OnKnownVirus

{action}

Action applied by Dr.Web for UNIX File Servers to a known threat (virus, etc.) detected with signature analysis during the scanning initiated by NSS volume monitor.

Possible values: Cure, Quarantine, Delete

Default value: Cure

OnIncurable

{action}

Action applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed) detected during the scanning initiated by NSS volume monitor.

Possible values: Quarantine, Delete

Default value: Quarantine

OnSuspicious

{action}

Action applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected by using heuristic analysis during the scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Quarantine

OnAdware

{action}

Action applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Report

OnDialers

{action}

Action applied by Dr.Web for UNIX File Servers to a dialer detected during the scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Report

OnJokes

{action}

Action applied by Dr.Web for UNIX File Servers to joke programs detected during the scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Report

OnRiskware

{action}

Action applied by Dr.Web for UNIX File Servers to riskware detected during the scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Report

OnHacktools

{action}

Action applied by Dr.Web for UNIX File Servers to a hacktool (tool for remote administration, Trojan, etc.) detected during scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Report

OnError

{action}

Action applied by Dr.Web for UNIX File Servers to files that caused an error during the scanning initiated by NSS volume monitor.

Possible values: Report, Quarantine, Delete

Default value: Report

ScanTimeout

{time interval}

Timeout for scanning one file initiated by NSS volume monitor.

A value in the range from 1s to 1h can be specified

Default value: 30s

HeuristicAnalysis

{On | Off}

Indicates whether heuristic analysis is used for detection of unknown threats during the scanning initiated by NSS volume monitor. Heuristic analysis provides higher detection reliability but, at the same time, it increases time of virus scanning.

Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value.

Allowed values:

On—instructs to use heuristic analysis when scanning.

Off—instructs not to use heuristic analysis.

Default value: On

PackerMaxLevel

{integer}

Maximum nesting level when scanning packed objects. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volume monitor.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 8

ArchiveMaxLevel

{integer}

Maximum nesting level when scanning archives. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volume monitor.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 0

MailMaxLevel

{integer}

Maximum nesting level when scanning email messages and mailboxes. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volume monitor.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 8

ContainerMaxLevel

{integer}

Maximum nesting level when scanning containers of other types. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volume monitor.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 8

MaxCompressionRatio

{integer}

Maximum compression ratio of scanned objects (ratio between the compressed size and uncompressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by NSS volume monitor.

The compression ratio must not be smaller than 2.

Default value: 500

If Quarantine action is specified for some threat type in NSS volumes monitor settings, the object containing a threat of this type will be placed to quarantine again on attempt to restore this object from quarantine to an NSS volume. For example, the following default settings:

NSS.OnKnownVirus = Cure
NSS.OnIncurable = Quarantine

move all incurable objects to quarantine. At that, when any incurable object is restored from quarantine to an NSS volume, this object is automatically returned to quarantine.