Chapter 3. Dr.Web for Linux

Top  Previous  Next

This Manual describes management aspects of Dr.Web for Linux anti-virus software designed for the GNU/Linux OS. The manual is designed for a person responsible for anti-virus protection and security ("Administrator" hereinafter).

Dr.Web for Linux main functions:

1.Detection and neutralization of malicious programs (for example, viruses, including those that infect mail files and boot records, Trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers).

The product uses several malware detection methods simultaneously:

Signature analysis, which allows detection of known threats information on which is stored in virus bases

Heuristic analysis, which allows detection of unknown threats

Dr.Web Cloud service that collects up-to-date information about recent threats and sends it to Dr.Web products.

Note that the heuristics analyzer may raise false alarms. Thus, objects that contain threats detected by the analyzer are considered "suspicious". It is recommended to quarantine such files and send them for analysis to Doctor Web anti-virus laboratory.

File system scanning can be started in two ways: manually on user request and automatically, according to the schedule. There are two modes of scanning: full scan (scan of all file system objects) and custom scan of selected objects (directories or files). Moreover, the user can start a separate scan of volume boot records and executable files that ran currently active processes. In the latter case, if a malicious executable file is detected, it is neutralized and all processes run by this file are forced to terminate.

2.Monitoring of file reference. File events and attempts to run executable files are monitored. This feature allows to detect and neutralize malware at its attempt to infect the computer.

3.Monitoring of access to the Internet. All attempts to access Internet servers are monitored in order to block access to the websites included in the black lists and to categories that marked as unwanted, and to check files on the fly for viruses or other threats. To restrict access to unwanted websites, Dr.Web for Linux supports databases of web resource categories that are automatically updated, and white and black lists that are edited by the user. Dr.Web Cloud service is also used to check whether the requested web resource is marked malicious by other anti-virus products of Dr.Web. For additional protection, Dr.Web Link Checker is also included. It is an extension for Google Chrome and Mozilla Firefox browsers which allows to scan the content of downloaded webpages for malicious links and obtrusive advertising as well as to block such downloads automatically.