Dr.Web ConfigD

Configuration daemon Dr.Web for UNIX File Servers, which performs the following functions:

•Starts and stops the product’s components depending on the settings. Automatically restarts components if a failure in their operation occurs. Starts components at the request of other components. Informs active components when another component starts or shuts down.

•Stores information about present license keys and settings and provides this data to all components. Receives adjusted settings and license keys from the components of Dr.Web for UNIX File Servers expected to provide such information. Notifies other components on changes in license keys and settings.

Executable file: drweb-configd

Internal name output to the log file: ConfigD

Dr.Web Virus-Finding Engine

Anti-virus engine. The main component of the anti-virus protection. Implements algorithms to detect viruses and malicious programs as well as algorithms to analyze suspicious behavior (by using signature and heuristic analysis).

Used by all Dr.Web for UNIX File Servers components via Dr.Web Scanning Engine.

Executable file: drweb32.dll

Internal name output to the log file: CoreEngine

Dr.Web Scanning Engine

Scanning engine. The component responsible for loading the anti-virus engine Dr.Web Virus-Finding Engine and virus databases. It transmits the contents of files and disk boot records to the anti-virus engine for scanning at the request of other components of Dr.Web for UNIX File Servers. It queues files that are waiting to be scanned. Cures the files that can be cured. From the point of view of other components of Dr.Web for UNIX File Servers, this component provides the anti-virus scanning service. Can operate under the control of the Dr.Web ConfigD configuration daemon or in an autonomous mode (autonomously from other components).

Used by all Dr.Web for UNIX File Servers components for the anti-virus scanning.

Executable file: drweb-se

The internal name, displayed in log: ScanEngine

Dr.Web virus database

Automatically updated database of these virus signatures and other threats, also algorithms of detection and neutralization of malicious software.

Used by the anti-virus engine Dr.Web Virus-Finding Engine and provided along with it.

Dr.Web File Checker

The component which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX File Servers components and searches file system directories according to a received task, transmits files for scanning to Dr.Web Scanning Engine scanning engine and notifies components on scanning progress. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.

Used by components that scan file system objects, such as SpIDer Guard, SpIDer Guard for SMB, SpIDer Guard for NSS.

Executable file: drweb-filecheck

The internal name, displayed in log: FileCheck

SpIDer Guard

Linux file system monitor. Operates in background mode and controls file operations (such as creation, opening, closing, running) in GNU/Linux file systems. It sends the file scanning component requests to scan new or changed files as well as executables of programs when they are run.

Depending on its options, OS uses the fanotify mechanism (API provided by the OS) or a special kernel module, developed by Dr.Web (LKM-module is supplied together with SpIDer Guard in a separate package).

Executable file: drweb-spider

The internal name, displayed in log: LinuxSpider

GNU/Linux kernel module for SpIDer Guard

GNU/Linux kernel module (LKM-module) used by the SpIDer Guard to have access to the file system events in some operating systems, where API fanotify is unavailable or implemented with limited functions (for example, in systems with mandatory access model).

The component is included as compiled (for set of operation systems, where fanotify is not implemented or is unavailable) and as source codes, that allow to build and install the operating system kernel module manually (for the instruction, refer to the Building kernel module for SpIDer Guard section).

Executable file: drweb.ko

SpIDer Guard for SMB

Samba shared directories monitor. Operates in background mode and monitors file system operations (such as creation, opening, closing, read and write operations) in the directories selected as the Samba server’s file storages. Sends content of new or modified files for scanning to the file scanning component. Integration with the file server is performed via VFS SMB modules that operate on Samba server side.

Executable file: drweb-smbspider-daemon

The internal name, displayed in log: SMBSpider

SpIDer Guard for NSS

NSS (Novell Storage Services) volumes monitor. Operates in background mode and controls file system operations (such as creation, opening, closing and write operations) on NSS volumes that are mounted on the file system. Sends content of new or modified files for scanning to the file scanning component.

Executable file: drweb-nss

The internal name, displayed in log: <%NSSSPIDER_SECTION%>

Dr.Web ES Agent

Central protection agent. Makes it possible for the product to operate in centralized and mobile modes. Provides communication between the product and the central protection server, a license key file, updates to the virus databases and components. Sends to the server information on the components included in Dr.Web for UNIX File Servers and their state as well as statistics of virus events.

Executable file: drweb-esagent

The internal name, displayed in log: ESAgent

Dr.Web Network Checker

An agent of the network data scanning. Used to send data to the scanning engine for actual scanning. The data is sent by components of the product via the network (such components as Dr.Web ClamD).

Besides, it allows Dr.Web for UNIX File Servers to arrange a distributed scanning of files: to receive/transmit files for scanning from/to remote hosts. For that purpose, remote hosts must feature an installed and running Dr.Web for UNIX-based operating systems. In the distributed scanning mode. it allows automatic distribution of scanning load among remote hosts by reducing load on hosts with a large number of scanning tasks (for example, on mail servers, file servers, Internet gateways).

For security reasons, files are transmitted over SSL.

Executable file: drweb-netcheck

The internal name, displayed in log: NetCheck

Dr.Web HTTPD

Web interface for managing Dr.Web for UNIX File Servers components. It consists of management web interface (it should be installed separately) and service interface for operation of Dr.Web Link Checker(can be installed additionally) browser extension. You can access the interface via any browser on a local or remote host. In-built web interface enables the product to use neither third-party web servers (such as Apache HTTP Server) nor remote administration tools, such as Webmin.

For security reasons, web interface interacts with user over HTTPS.

Executable file: drweb-httpd

The internal name, displayed in log: HTTPD

Dr.Web Ctl

Tool for managing Dr.Web for UNIX File Servers from the command line.

Allows the user to start file scanning, to view quarantined objects, to start a virus database update procedure, to connect the product to or to disconnect it from the central protection server, to view and to configure parameters.

Executable file: drweb-ctl

The internal name, displayed in log: Ctl

Dr.Web Updater

An update component. Downloads from Doctor Web servers updates of the virus databases, anti-virus engine.

The updates can be downloaded automatically, according to a schedule, and on user’s demand (via Dr.Web Ctl or management web interface).

Executable file: drweb-update

The internal name, displayed in log: Update

Dr.Web SNMPD

An SNMP agent. Designed for integration of Dr.Web for UNIX File Servers with external monitoring systems over SNMP. Such integration allows you to monitor the state of the product’s components and to collect statistics on threat detection and neutralization. Supports SNMP v2c and v3.

Executable file: drweb-snmpd

The internal name, displayed in log: SNMPD

Dr.Web ClamD

Component emulating interface of the anti-virus daemon clamd, which is a component of ClamAV® anti-virus. Allows all applications that support ClamAV® to transparently use Dr.Web for UNIX File Servers for anti-virus scanning.

Executable file: drweb-clamd

The internal name, displayed in log: ClamD

Dr.Web CloudD

The component that sends the following information to the Dr.Web Cloud service: visited URLs and information about the scanned files, to check them for threats not yet described in virus databases.

Executable file: drweb-cloudd

The internal name, displayed in log: CloudD

— Dr.Web for UNIX File Servers as a whole and external Dr.Web applications together with systems which are not included in the solution.

— external to Dr.Web for UNIX File Servers programs and products for its integration.

— Components that are included in Dr.Web for UNIX File Servers engine. Other product components use the engine as a service that performs anti-virus checks.

— Service components designed to perform particular anti-virus protection functions (for example, scanning file system objects, updating virus databases, establishing connection to central protection servers, managing the operation of the product).

— Components that provide the user with the interface for Dr.Web for UNIX File Servers.

— Quarantine as a set of file system directories which store isolated malicious files.