Configuration Parameters

 Top  Previous  Next

The component uses configuration parameters which are specified in the [LinuxSpider] section of the integrated configuration file of Dr.Web for UNIX File Servers.

The section contains the following parameters:

LogLevel

{logging level}

Logging level of the component.

If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method

ExePath

{path to file}

Path to the executable file of the component.

Default value: <opt_dir>/bin/drweb-spider

For Linux: /opt/drweb.com/bin/drweb-spider

Start

{Boolean}

The component must be launched by the Dr.Web ConfigD configuration daemon.

When you specify the Yes value for this parameter, it instructs the configuration daemon to start the component immediately; and when you specify the No value, it instructs the configuration daemon to terminate the component immediately.

Default value: Depends on the product in which the component is supplied and operates.

Mode

{LKM | FANOTIFY | AUTO}

Operation mode of the file system monitor SpIDer Guard.

Allowed values:

LKM—using the Dr.Web LKM module installed in the operating system kernel (LKMLinux kernel module).

FANOTIFY—using the fanotify monitoring interface.

AUTO—The best operation mode is set automatically.

Changing of this parameter value should be done with the extreme caution as various GNU/Linux OS kernels support both operating modes in a different way. It is strongly recommended that you set this parameter value to AUTO, as in this case the best mode will be selected for integration with the file system manager on startup. At that, the component will attempt to enable FANOTIFY mode and, on failure—LKM. If none of the modes can be set, the component exits.

 

If necessary, you can build a Dr.Web LKM module from the source codes and install it, following the instructions in the Building kernel module for SpIDer Guard section.

Default value: AUTO

DebugAccess

{Boolean}

Indicates whether detailed messages about access to files are included in the log file on debug level (i.e. when LogLevel = DEBUG).

Default value: No

ExcludedProc

{path to file}

List of processes that are excluded from monitoring. If a file operation was initiated by one of the processes specified here, the modified or created file will not be scanned.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list of processes wget and curl.

1.Adding of values to the configuration file.

Two values in one string

[LinuxSpider]
ExcludedProc = "/usr/bin/wget", "/usr/bin/curl"

Two strings (one value per a string)

[LinuxSpider]
ExcludedProc = /usr/bin/wget
ExcludedProc = /usr/bin/curl

2.Adding values via the command drweb-ctl cfset.

# drweb-ctl cfset LinuxSpider.ExcludedProc -a /usr/bin/wget
# drweb-ctl cfset LinuxSpider.ExcludedProc -a /usr/bin/curl

Default value: (not set)

ExcludedPath

{path to file or directory}

Path to the object which must be excluded from monitoring. You can specified a directory or file path. If a directory is specified, all directory content will be excluded.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list the files /etc/file1 and directory /usr/bin.

1.Adding of values to the configuration file.

Two values in one string

[LinuxSpider]
ExcludedPath = "/etc/file1", "/usr/bin"

Two strings (one value per a string)

[LinuxSpider]
ExcludedPath = /etc/file1
ExcludedPath = /usr/bin

2.Adding values via the command drweb-ctl cfset.

# drweb-ctl cfset LinuxSpider.ExcludedPath -a /etc/file1
# drweb-ctl cfset LinuxSpider.ExcludedPath -a /usr/bin

Note that symbolic links here have no effect as only the direct path to a file is analyzed when scanning.

Default value: /proc, /sys

IncludedPath

{path to file or directory}

Path to the object which must be monitored and scanned upon any file event. You can specified a directory or file path. If a directory is specified, all directory content will be scanned, if the paths are not specified in the ExcludedPath list.

Note that this parameter has higher priority than the ExcludedPath parameter of the same section; that is, if the same object (file or directory) is specified in both parameter values, this object will be scanned upon any file event.

You can specify a list as the parameter value. The values in the list must be separated with commas (each value in the quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: Add to the list the files /etc/file1 and directory /usr/bin.

1.Adding of values to the configuration file.

Two values in one string

[LinuxSpider]
IncludedPath = "/etc/file1", "/usr/bin"

Two strings (one value per a string)

[LinuxSpider]
IncludedPath = /etc/file1
IncludedPath = /usr/bin

2.Adding values via the command drweb-ctl cfset.

# drweb-ctl cfset LinuxSpider.IncludedPath -a /etc/file1
# drweb-ctl cfset LinuxSpider.IncludedPath -a /usr/bin

Note that symbolic links here have no effect as only the direct path to a file is analyzed when scanning.

Default value: /

OnKnownVirus

{action}

Action applied by Dr.Web for UNIX File Servers to a known threat (virus, etc.) detected by using signature analysis during the scanning initiated by SpIDer Guard.

Possible values: Cure, Quarantine, Delete

Default value: Cure

OnIncurable

{action}

Action applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed) detected during the scanning initiated by SpIDer Guard.

Possible values: Quarantine, Delete

Default value: Quarantine

OnSuspicious

{action}

Action applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected by using heuristic analysis during the scanning initiated by SpIDer Guard.

Possible values: Report, Quarantine, Delete

Default value: Quarantine

OnAdware

{action}

Action applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by SpIDer Guard.

Possible values: Report, Quarantine, Delete

Default value: Quarantine

OnDialers

{action}

Action applied by Dr.Web for UNIX File Servers to a dialer detected during the scanning initiated by SpIDer Guard.

Possible values: Report, Quarantine, Delete

Default value: Quarantine

OnJokes

{action}

Action applied by Dr.Web for UNIX File Servers to joke detected during the scanning initiated by SpIDer Guard.

Possible values: Report, Quarantine, Delete

Default value: Report

OnRiskware

{action}

Action applied by Dr.Web for UNIX File Servers to riskware detected during the scanning initiated by SpIDer Guard.

Possible values: Report, Quarantine, Delete

Default value: Report

OnHacktools

{action}

Action applied by Dr.Web for UNIX File Servers to a hacktool (tool for remote administration, Trojan, etc.) detected during scanning initiated by SpIDer Guard.

Possible values: Report, Quarantine, Delete

Default value: Report

ScanTimeout

{time interval}

Timeout for scanning one file initiated by SpIDer Guard.

A value in the range from 1s to 1h can be specified

Default value: 30s

HeuristicAnalysis

{On | Off}

Indicates whether heuristic analysis is used for detection of unknown threats during file scanning initiated by SpIDer Guard. Heuristic analysis provides higher detection reliability but, at the same time, it increases time of virus scanning.

Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value.

Allowed values:

On—instructs to use heuristic analysis when scanning.

Off—instructs not to use heuristic analysis.

Default value: On

PackerMaxLevel

{integer}

Maximum nesting level when scanning packed objects. All objects at a deeper nesting level are skipped during file scanning initiated by SpIDer Guard.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 8

ArchiveMaxLevel

{integer}

Maximum nesting level when scanning archives. All objects at a deeper nesting level are skipped during file scanning initiated by SpIDer Guard.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 0

MailMaxLevel

{integer}

Maximum nesting level when scanning email messages and mailboxes. All objects at a deeper nesting level are skipped during file scanning initiated by SpIDer Guard.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 0

ContainerMaxLevel

{integer}

Maximum nesting level when scanning other containers (for example, HTML pages). All objects at a deeper nesting level are skipped during file scanning initiated by SpIDer Guard.

A value in the range from 0 to 60 can be specified. If the value is set to 0, nested objects are not scanned.

Default value: 8

MaxCompressionRatio

{integer}

Maximum compression ratio of scanned objects (ratio between the uncompressed size and compressed size). If the ratio of an object exceeds the limit, this object is skipped during file scanning initiated by SpIDer Guard.

The compression ratio must not be smaller than 2.

Default value: 500