The Interaction Scheme of an Anti-Virus Network Components

Top  Previous  Next

The Figure below describes a general scheme of an anti-virus network built with Dr.Web Enterprise Security Suite.

The scheme illustrates an anti-virus network built with only one Server. In large companies it is worthwhile installing several Dr.Web Servers to distribute the load between them.

In this example the anti-virus network is implemented within a local network, but for the installation and operation of Dr.Web Enterprise Security Suite and anti-virus packages the computers need not be connected within any local network, Internet connection is enough.

Dr.Web Server


Dr.Web Security Control Center

TCP/IP network

Protected local computer

Unprotected local computer

The physical structure of the anti-virus network

When Dr.Web Server is launched, the following sequence of commands is performed:

1.Dr.Web Server files are loaded from the bin catalog.

2.The Server Task Scheduler is loaded.

3.The content of the centralized installation catalog and update catalog is loaded, notification system is initialized.

4.Server database integrity is checked.

5.Server Task Scheduler tasks are performed.

6.The Server is waiting for information from Dr.Web Agents and commands from Dr.Web Security Control Center.

The whole stream of instructions, data and statistics in the anti-virus network always goes through Dr.Web Server. Dr.Web Security Control Center exchange information only with Servers. Based on Dr.Web Security Control Center commands, Servers transfer instructions to Dr.Web Agents and change the configuration of workstations.

Thus, the logical structure of the fragment of the anti-virus network looks as in the Figure below.

Dr.Web Server


Dr.Web Security Control Center

TCP/IP network

Protected computer

Transfer of updates via HTTP

Dr.Web GUS



The logical structure of the anti-virus network

Between the Server and workstations (a thin continuous line in the Figure above) transferring the following information:

Agents requests for the centralized schedule and the centralized schedule of workstations,

settings of the Agent and the anti-virus package,

requests for scheduled tasks to be performed (scanning, updating of virus databases, etc.),

files of anti-virus packages—when the Agent receives a task to install them,

software and virus databases updates—when an updating task is performed,

Agent messages on the configuration of the workstation,

statistics (to be added to the centralized log) on the operation of Agents and anti-virus packages,

messages on virus events and other events which should be logged.

The volume of traffic between the workstations and the Server can be quite sizeable subject to the settings and the number of the workstations. Therefore Dr.Web Enterprise Security Suite provides for the possibility to compress traffic. See the description of this optional mode in p. Traffic Encryption and Compression below.

Traffic between Dr.Web Server and Dr.Web Agent can be encrypted. This allows to avoid disclosure of data transferred via the described channel as well as to avoid substitution of software downloaded onto workstations. By default traffic encryption is enabled (for more, please read p. Traffic Encryption and Compression).

From the update web server to Dr.Web Server (a thick continuous line in the Figure above) files necessary for replication of centralized catalogs of installation and updates as well as overhead information on this process are sent via HTTP. The integrity of the information (Dr.Web Enterprise Security Suite files and anti-virus packages) is provided through the checksums: a file corrupted at sending or replaced will not be received by the Server.

Between the Server and Dr.Web Security Control Center (a dashed line in Figure above) data about the configuration of the Server (including information about the network layout) and workstations settings are passed. This information is visualized on Dr.Web Security Control Center, and in case a user (an anti-virus network administrator) changes any settings, the information about the changes is transferred to the Server.

Connection between Dr.Web Security Control Center and a certain Server is established only after an anti-virus network administrator is authenticated by his login name and password on the given Server.