|
The component uses configuration parameters which are specified in the [SMBSpider] section of the integrated Appendix D. Configuration File of Dr.Web for UNIX File Servers.
The section contains the following parameters:
LogLevel
{logging level}
|
Logging level of the component.
If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.
Default value: Notice
|
Log
{log type}
|
Logging method
|
ExePath
{path to file}
|
Path to the executable file of the component.
Default value: <opt_dir>/bin/drweb-smbspider-daemon
•For Linux, Solaris: /opt/drweb.com/bin/drweb-smbspider-daemon •For FreeBSD: /usr/local/libexec/drweb.com/bin/drweb-smbspider-daemon |
Start
{Boolean}
|
The component must be launched by the Dr.Web ConfigD configuration daemon.
When you specify the Yes value for this parameter, it instructs the configuration daemon to start the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately.
Default value: No
|
SambaChrootDir
{path to directory}
|
Defines the path to the root directory of the SMB file storage (can be redefined by the file server with the help of the chroot restriction).
Used as a prefix inserted at the beginning of all paths to files and directories residing in the file server’s storage and describes the path relative to the root of the local file system.
If not specified, the path to the file system root is used /.
Default value: (not specified)
|
SmbSocketPath
{path to file}
|
Path to the socket file which enables interaction between SpIDer Guard for SMB and VFS SMB modules.
The path is always relative and is a supplement for the path specified as the SambaChrootDir parameter value (if the SambaChrootDir parameter is empty, than the path to the file system root is supplemented /).
Default value: var/run/.com.drweb.smb_spider_vfs
|
ActionDelay
{time interval}
|
Delay time between the moment when a threat is detected and the moment when SpIDer Guard for SMB applies the action specified for this threat type. During this time period, the file is blocked.
Default value: 24h
|
MaxCacheSize
{size}
|
Size of cache used by VFS SMBmodules to store data on scanned files in monitored SMB directories.
If 0 is specified, data is not cached.
Default value: 10mb
|
[*] ExcludedPath
{path to file or directory}
|
Path to the shared directory object which must be skipped during scanning. You can specify a directory or file path. It is also possible to use file masks (which contain the characters '?' and '*', as well as character classes '[ ]', '[! ]', '[^ ]').
You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Example: Add to the list the files /etc/file1 and directory /usr/bin.
1.Adding of values to the configuration file. •Two values in one string
[SMBSpider]
ExcludedPath = "/etc/file1", "/usr/bin"
|
•Two strings (one value per a string)
[SMBSpider]
ExcludedPath = /etc/file1
ExcludedPath = /usr/bin
|
2.Adding values via the command drweb-ctl cfset.
# drweb-ctl cfset SMBSpider.ExcludedPath -a /etc/file1
# drweb-ctl cfset SMBSpider.ExcludedPath -a /usr/bin
|
If a directory is specified, all directory content will be skipped.
Default value: (not specified)
|
[*] IncludedPath
{path to file or directory}
|
Path to the shared directory object, which must be scanned. You can specify a directory or file path. It is also possible to use file masks (that contain the characters '?' and '*', as well as character classes '[ ]', '[! ]', '[^ ]').
You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Example: Add to the list the files /etc/file1 and directory /usr/bin.
1.Adding of values to the configuration file. •Two values in one string
[SMBSpider]
IncludedPath = "/etc/file1", "/usr/bin"
|
•Two strings (one value per a string)
[SMBSpider]
IncludedPath = /etc/file1
IncludedPath = /usr/bin
|
2.Adding values via the command drweb-ctl cfset.
# drweb-ctl cfset SMBSpider.IncludedPath -a /etc/file1
# drweb-ctl cfset SMBSpider.IncludedPath -a /usr/bin
|
If a directory is specified, all directory content will be scanned.
Note that this parameter has higher priority than the ExcludedPath parameter (see above); that is, if the same object (file or directory) is specified in both parameter values, this object will be scanned.
Default value: (not specified)
|
[*] AlertFiles
{Boolean}
|
Indicates whether a text file is created next to an object blocked by SMB directory monitor as malicious. The created text file describes the reason why the object was blocked. The created file will be named as <name of the blocked file>.drweb.alert.txt.
Allowed values:
•Yes—Files are created. •No—Files are not created. Default value: Yes
|
[*] OnKnownVirus
{action}
|
Action applied by Dr.Web for UNIX File Servers to a known threat (virus, etc.) detected by using signature analysis during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Block, Cure, Quarantine, Delete
Default value: Cure
|
[*] OnIncurable
{action}
|
Action applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed) detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Block, Quarantine, Delete
Default value: Quarantine
|
[*] OnSuspicious
{action}
|
Action applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected by using heuristic analysis during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Pass, Block, Quarantine, Delete
Default value: Quarantine
|
[*] OnAdware
{action}
|
Action applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Pass, Block, Quarantine, Delete
Default value: Pass
|
[*] OnDialers
{action}
|
Action applied by Dr.Web for UNIX File Servers to a dialer detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Pass, Block, Quarantine, Delete
Default value: Pass
|
[*] OnJokes
{action}
|
Action applied by Dr.Web for UNIX File Servers to joke detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Pass, Block, Quarantine, Delete
Default value: Pass
|
[*] OnRiskware
{action}
|
Action applied by Dr.Web for UNIX File Servers to riskware detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values: Pass, Block, Quarantine, Delete
Default value: Pass
|
[*] OnHacktools
{action}
|
Action applied by Dr.Web for UNIX File Servers to a hacktool (tool for remote administration, Trojan, etc.) detected during scanning initiated by SpIDer Guard for SMB.
Allowed values: Pass, Block, Quarantine, Delete
Default value: Pass
|
[*] BlockOnError
{Boolean}
|
Indicates whether SpIDer Guard for SMB should block access to a file if an attempt to cure it resulted in an error, or is there is no valid license, which allows the SpIDer Guard for SMB monitor to scan files.
|
When there is no valid license, if this parameter is set to Yes, SpIDer Guard for SMB will block all files moved to the shared directory it protects.
|
Allowed values:
•Yes—block access to a file. •No—access to a file is not blocked. Default value: Yes
|
[*] ScanTimeout
{time interval}
|
Timeout for scanning one file initiated by SpIDer Guard for SMB.
A value in the range from 1s to 1h can be specified
Default value: 30s
|
[*] HeuristicAnalysis
{On | Off}
|
Indicates whether heuristic analysis is used for detection of unknown threats during the scanning initiated by SpIDer Guard for SMB. Heuristic analysis provides higher detection reliability but, at the same time, it increases time of virus scanning.
Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value.
Allowed values:
•On—instructs to use heuristic analysis when scanning. •Off—instructs not to use heuristic analysis. Default value: On
|
[*] PackerMaxLevel
{integer}
|
Maximum nesting level when scanning packed objects. All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[*] ArchiveMaxLevel
{integer}
|
Maximum nesting level when scanning archives. All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.
Default value: 0
|
[*] MailMaxLevel
{integer}
|
Maximum nesting level when scanning email messages and mailboxes. All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[*] ContainerMaxLevel
{integer}
|
Maximum nesting level when scanning other containers (for example, HTML pages). All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[*] MaxCompressionRatio
{integer}
|
Maximum compression ratio of scanned objects (ratio between the compressed size and uncompressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by SpIDer Guard for SMB.
The compression ratio must not be smaller than 2.
Default value: 500
|
Customizing Monitoring Settings
You can specify a different tag for each VFS SMB module which monitors each shared directory (file storage). You can do it in the configuration file of SMB server Samba (typically, this is smb.conf file). Unique tags for VFS SMB modules in smb.conf file are specified as follows:
smb_spider:tag = <share name>
|
where <share name> is a unique tag assigned to a VFS SMB module, which controls some shared directory, by the Samba server.
If a VFS SMB module has a unique tag <share name>, you can create a separate section in the configuration file of Dr.Web for UNIX File Servers in addition to [SMBSpider]. The created section will store all configuration parameters for scanning a particular file storage protected by this VFS SMB module. The name of this section should look as follows: [SMBSpider.Share.<share name>].
Sections created for VFS SMB modules can contain parameters indicated with asterisk “[*]” in the abovementioned table. Other parameters cannot be specified in such individual sections as the parameter values configure operation of all VFS SMB modules operating with SMB directories monitor SpIDer Guard for SMB.
VFS SMB module uses parameter values from the general section [SMBSpider.Share.<share name>] if these parameters are not specified in the individual section [SMBSpider], created for this module. Thus, if no individual section, indicated with a tag, is created, all VFS SMB modules use the same parameters for monitoring shared directories. If you delete some parameter from the [SMBSpider.Share.<share name>] section, the parameter value for this section (and for the corresponding shared directory with <share name>) will be taken from the “parent” parameter with the same name from the general [SMBSpider] section; the default parameter value is not used in this case.
To add new section for the shared Samba directory with a tag <share name> using the Dr.Web Ctl command-line tool for Dr.Web for UNIX File Servers management (it is run by drweb-ctlcommand-line tool for managing the solution from the command line Dr.Web Ctl (it is run by drweb-ctl command), use the command
# drweb-ctl cfset SmbSpider.Share -a <share name>
|
Example:
# drweb-ctl cfset SmbSpider.Share -a BuhFiles
# drweb-ctl cfset SmbSpider.Share.BuhFiles.OnAdware Quarantine
|
The first command adds the [SMBSpider.Share.BuhFiles] section to the configuration file; the second, changes OnAdware parameter value, so that the added section contains all parameters, marked with the “[*]” symbol in the abovementioned table, at that, values for all parameters specified in the command, except OnAdware, coincide with parameter values from the general [SMBSpider] section.
|
