G1. Dr.Web Server Configuration File

The drwcsd.conf Server configuration file resides by default in the etc subfolder of the Server root folder. If the Server is run with a command line parameter, a non-standard location and name of the configuration file can be set (for more read Appendix H4. Dr.Web Server).

2.Disable self-protection (in case of installed Agent with the active self-protection—in the Agent context menu).

The name of Dr.Web Server or a cluster of Dr.Web Servers, which is used during the search by Agent, Agent installers and Control Center. Leave the value blank ('' is used by default), to use the name of the computer where Dr.Web Server software is installed.

The Server unique identifier. In the previous versions was placed in the Server license key. Starting from version 10, is stored in the Server configuration file.

•<location city='' country='' department='' floor='' latitude='' longitude='' organization='' province='' room='' street=''/>

Attribute	Description
city	City
country	Country
department	Department name
floor	Floor
latitude	Latitude
longitude	Longitude
organization	Organization name
province	Province name
room	Room number
street	Street name

The threads number processing data from the Agents. Minimal value is 5. Default is 5. This parameter affects Server performance. Change the default setting on advice of the technical support only.

Attribute

Allowed values

Description

Default

approve-to-group

The group which is set as a primary by default for new stations for the Allow access automatically mode (mode='open').

Empty value, which means assign the Everyone group as a primary.

default-rate

For AV-Desk. The group which is set as a tariff by default for new stations for the Allow access automatically mode (mode='open').

Empty value, which means assign the Dr.Web Premium group as a tariff.

mode

•open—allow access automatically,

•closed—always deny access,

•approval—approve access manually.

New stations approval policy.

▫yes—stations authorisation of which is failed (e.g., if the database is corrupted), will be automatically reset to newbies,

Maximal number of stations in the queue for authorization on the Server. Change the default setting on advice of the technical support only.

Replace IP address with DNS names in Dr.Web Server log file. Allowed values of enabled:

Timeout in seconds for resolving DNS direct/reverse queries. Leave the value blank to disable restriction on wait time until the end of the resolution

Attribute

Allowed values

Description

enabled

•yes—store responses in the cache,

•no—do not store responses in the cache.

Mode of storing responses in the cache.

negative-ttl

Storage time in the cache (TTL) of negative responses from the DNS server in minutes.

positive-ttl

Storage time in the cache (TTL) of positive responses from the DNS server in minutes.

List of DNS servers, which replaces default system list. Contains one or several <server address=""/> child elements, the address parameter of which defines IP address of the server.

List of DNS domains, which replaces default system list. Contains one or several <domain name=""> child elements, the name parameter of which defines the domain name.

Cleanup interval of Server quarantined files in seconds. Default is 604800 (one week).

Cleanup interval of personal installation packages. Default is 604800 (one week).

Synchronize stations descriptions on Dr.Web Server with the Computer description field at the System properties page on the station. Allowed values of enabled:

Allowed difference between system time at Dr.Web Server and Dr.Web Agents in minutes. If the difference is larger than specified value, it will be noted in the status of the station at Dr.Web Server. 3 minutes are allowed by default. The empty value or the 0 value means that checking is disabled.

Attribute

Allowed values

Description

level

Integer from 1 to 9.

Compression level.

mode

•yes—use compression,

•no—do not use compression,

•possible—compression is allowed.

Compression mode.

Allow monitoring ans storing into the Server database the results of tasks execution on workstations. Allowed values of enabled: yes or no.

Allow monitoring of changes in the stations state ans storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of changes in the state (compound, changes) of virus bases on stations and storing the information into the Server database. Allowed values of enabled: yes or no. Parameter is ignored for <track-agent-status enabled='no'/>.

Allow monitoring of modules versions on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of the list of installed components on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of user sessions on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of compound of hardware and software on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of information on start and stop of anti-virus components operating on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of threats detection on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of scan errors on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of scan statistics on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of information on Agent installations on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of information on the Quarantine state on stations and storing the information into the Server database. Allowed values of enabled: yes or no.

Maximal network traffic bandwidth in KB/sec. for transmitting updates from Server to Agents.

Attribute

Allowed values

Description

Default

queue-size

•positive integer,

•unlimited.

Maximum allowable number of updates distribution sessions running at the same time from the Server. When the limit is reached, the Agent requests are placed into the waiting queue. The waiting queue size is unlimited.

unlimited

value

•maximal speed in KB/sec,

•unlimited.

Maximal summary speed for updates transmission.

unlimited

Maximal network traffic bandwidth in KB/sec. for transmitting data during Dr.Web Agent installation on stations.

Attribute

Allowed values

Description

Default

queue-size

•positive integer,

•unlimited.

Maximum allowable number of the Agent installation sessions running at the same time from the Server. When the limit is reached, the Agent requests are placed into the waiting queue. The waiting queue size is unlimited.

unlimited

value

•maximal speed in KB/sec,

•unlimited.

Maximal summary speed for transmitting data during Agent installations.

unlimited

Attribute

Allowed values

Description

enabled

•yes—allow synchronization,

•no—disable synchronization.

Synchronization mode.

startup-sync

Positive integer.

Number of stations without geographical coordinates, information on which is requested when establishing a connection between Dr.Web Servers.

Allow monitoring of administrator operations in Dr.Web Security Control Center and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of internal operations in Dr.Web Server and storing the information into the Server database. Allowed values of enabled: yes or no.

Allow monitoring of operations via Web API in Dr.Web Server and storing the information into the Server database. Allowed values of enabled: yes or no.

Attribute	Allowed values	Description
auth-list	•none—do not use authorization, •any—any supported method, •safe—any safe supported method, •the following methods, if several, set all necessary methods separated by a space: ▫basic ▫digest ▫ntlm ▫negotiate	Proxy server authorization type. Default is 'any'.
enabled	•yes—use proxy server, •no—do not use proxy server.	Mode of connections to Dr.Web Server via HTTP proxy server.
host	-	Proxy server address.
password	-	Password of proxy server user if proxy server requires authorization.
user	-	Name of proxy server user if proxy server requires authorization.

Parameters of sending of the statistics on virus events to the Doctor Web company to the stat.drweb.com section.

Attribute

Allowed values

Description

Default

enabled

•yes—send statistics,

•no—do not send statistics.

Mode of statistics sending to the Doctor Web company.

MD5 of the Agent license key.

interval

Positive integer.

Interval of statistics sending in minutes.

Parameters of Dr.Web Servers cluster for data exchange in multiserver anti-virus network configuration

Contains one or several <on multicast-group="" port="" interface=""/> child elements.

Attribute	Description
multicast-group	IP address of multicast group through which Servers will be exchange information.
port	Port number of network interface to which transport protocol is bound to transmit the information into multicast group.
interface	IP address of network interface to which transport protocol is bound to transmit the information into multicast group.

Configuration of updates transmission on workstations via the multicast protocol. Allowed values of enabled: yes or no.

The <mcast-updates /> element contains one or several <on multicast-group="" port="" interface=""/> child elements.

Attribute

Description

multicast-group

IP address of multicast group in which stations receive multicast updates.

port

Port number of Dr.Web Server network interface, to which transport multicast protocol is bound for updates transmission.

For multicast updates, you must specify any unused port, particularly, different from the port that is specified in the settings of transport protocol for Server operating.

interface

IP address of Dr.Web Server network interface, to which transport multicast protocol is bound for updates transmission

The <mcast-updates /> element contains the <trandfer datagram-size="" assembly-timeout="" updates-interval="" chunks-interval="" resend-interval="" silence-interval="" accumulate-interval="" /> child element.

Attribute	Description	Default
datagram-size	UDP datagram size (bytes)—size of UDP datagrams in bytes. Allowed range is 512—8192. To avoid fragmentation, it is recommended to set a value less than MTU (Maximum Transmission Unit) of the network.	4096
assembly-timeout	File transmission time (ms.)—during specified time, single update file is transmitted, after that Server starts sending the next file. All files which failed to transmit at the step of multicast protocol update, will be transmitted at standard update process over the TCP protocol.	180000
updates-interval	Multicast updates duration (ms.)—duration of update process via multicast protocol. All files that failed to transmit during update stage via multicast protocol will be transmitted in process of standard update via TCP protocol.	600000
chunks-interval	Packages transmission interval (ms.)—interval of packages transmission to a multicast group. The low interval value may cause significant losses during package transfer and network overload. It is not recommended to change this parameter.	20
resend-interval	Interval between retransmission requests (ms.)—with this interval Agents send requests for retransmission of lost packages. Server accumulates these requests after that sends lost blocks.	1000
silence-interval	“Silence” interval on the line (ms.)—when a file transmission is over before allowed time has expired, if during specified “silence” interval no requests from Agents for retransmission of lost packages are received, Server considers that all Agent received updates files and starts sending the next file.	10000
accumulate-interval	Retransmission requests accumulation interval (ms.)—during specified interval, Server accumulates requests from Agents for retransmission of lost packages. Agent request lost packages. Server accumulates these requests during specified time slot after that sends lost blocks.	2000

Database definition. The connections parameter specifies the number of connections of database with the Server. Default is 2. Change the default setting on advice of the technical support only.

•<sqlite dbfile="database.sqlite" cache="SHARED" cachesize="2048" mmapsize="0" readuncommitted="off" precompiledcache="1024" serialyze="yes" synchronous="FULL" openmutex="FULL" debug="no" />

Attribute	Allowed values	Description	Default
dbfile		Database name.
cache	SHARED \| PRIVATE	Caching mode.	SHARED
cachesize	Positive integer.	Database cache size (in 1.5Kb pages).	2048
mmapsize	Positive integer.	Maximum number of bytes of the database file that is allowed to be mapped into the process address space at one time.	•for UNIX—10485760 •for Windows—0
precompiledcache	Positive integer.	Cache size of precompiled sql operators in kilobytes.	1024
synchronous	•TRUE or FULL—synchronous •FALSE or NORMAL—normal •OFF—asynchronous	Data write mode.	FULL

Attribute

Allowed values

Description

Default

dbfile

Database name.

cachesize

Positive integer.

Database cache size (in 1.5Kb pages).

2048

synchronous

•TRUE or FULL—synchronous

•FALSE or NORMAL—normal

•OFF—asynchronous

Data write mode.

FULL

•<pgsql dbname="drwcs" host="localhost" port="5432" options="" requiressl="" user="" password="" temp_tablespaces="" default_transaction_isolation="" debugproto ="yes"/>

Attribute	Allowed values	Description	Default
dbname		Database file name.
host		PostgreSQL server host or path to UNIX domain socket.
port		PostgreSQL server port or extension of UNIX domain socket file.
options		Command line parameters to send to a database server. For more details, see chapter 18 at http://www.postgresql.org/docs/9.1/static/libpq-connect.html
requiressl	•1 \| 0 (via Control Center) •y \| n •yes \| no •on \| off	Allow SSL connections only.	•0 •y •yes •on
user		Database user name.
password		Database user password.
temp_tablespaces		Namespace for temporary tables.
default_transaction_isolation	•read uncommitted •read committed •repeatable read •serializable	Transaction isolation level.	read committed

Attribute	Allowed values	Description	Default
connectionstring		String with Oracle SQL Connect URL or Oracle Net keyword-value pairs.
user		Registration name of database user.
password		Database user password.
client		Path to the Oracle Instant Client for the access to the Oracle DB. Dr.Web Server is supplied with the Oracle Instant Client of 11 version. But, for newer Oracle Servers or if the Oracle driver contains errors, you can download corresponding driver from the Oracle site and set the path to the driver in this field.

Attribute	Allowed values	Description	Default
dsn		ODBC data source name.	drwcs
user		Registration name of database user.	drwcs
pass		Database user password.	drwcs
limit	Positive integer.	Reconnect to the DBMS after specified number of transaction.	0—do not reconnect
transaction	•SERIALIZABLE—serializable •READ_UNCOMMITTED—read uncommitted data •READ_COMMITTED—read committed data •REPEATABLE_READ—repeatable read •DEFAULT—equal ""—depends on DBMS.	Transaction isolation level. Some DBMS support READ_COMMITTED only.	DEFAULT

Access control lists. Allows to configure restrictions for network addresses from which Agents, network installers and other (neighboring) Dr.Web Servers will be able to access the Server.

The <acl /> element contains the following child elements into which limitations for corresponding connection types are configured:

▫<install />—the list of limitations on IP addresses from which Dr.Web Agents installers can connect to this Server.

▫<agent />—the list of limitations on IP addresses from which Dr.Web Agents can connect to this Server.

▫<links />—the list of limitations on IP addresses from which neighbor Dr.Web Servers can connect to this Server.

▫<discovery />—the list of limitations on IP addresses from which broadcast queries can be received by the Server Detection Service.

All child elements contain the same structure of nested elements that defines the following limitations:

Lists priority. Allowed values of mode: "allow" or "deny". For the <priority mode="deny"> value, the <deny /> list has a higher priority than the <allow /> list. Addresses not included in any of the lists or included into both of them are denied. Allowed only addresses that are included in the <allow /> list and not included in the <deny /> list.

The list of TCP addresses from which the access is allowed. The <allow /> element contains one or several <ip address="" /> child elements to specify allowed addresses in the IPv4 format and <ip6 address="" /> to specify allowed addresses in the IPv6 format. The attribute address defines network addresses in the following format: <IP address>/[<prefix>].

The list of TCP addresses from which the access is denied. The <deny /> element contains one or several <ip address="" /> child elements to specify denied addresses in the IPv4 format and <ip6 address="" /> to specify denied addresses in the IPv6 format. The attribute address defines network addresses in the following format: <IP address>/[<prefix>].

Attribute

Allowed values

Description

Default

profile

•yes,

•no.

Log information on Server scripts execution profiling. This parameter is used by technical support and developers. It is not recommended to change this parameter without need.

stack

Log information on Server scripts execution from a call stack. This parameter is used by technical support and developers. It is not recommended to change this parameter without need.

trace

Log information on Server scripts execution tracing. This parameter is used by technical support and developers. It is not recommended to change this parameter without need.

▫<cpath root=''/>—path to the binary modules folder. Allowed values of root: home (default), var, bin, lib.

▫<path value=''/>—path to the scripts folder. If it is not a child of the <jobs /> or <hooks /> elements, when it is used by both. Paths specified in the value attribute, are relative from paths in the root attribute of the <cpath /> element.

The <jobs /> element contains one or several <path value=''/> child elements to specify the path to the scrips folder.

The <hooks /> element contains one or several <path value=''/> child elements to specify the path to the scrips folder.

Configuration of transport protocols parameters used by the Server to connect with clients. Contains one or several <trandport discovery='' ip='' name='' multicast='' multicast-group='' port=''/> child elements.

Attribute	Description	Obligatory	Allowed values	Default
discovery	Defines whether the Server detection service is used or not.	no, specified with the ip attribute only.	yes, no	no
•ip •unix	Defines the family of used protocols and specifies the interface address.	yes	-	•0.0.0.0 •-
name	Specifies the Server name for the Server detection service.	no	-	drwcs
multicast	Defines whether the Server included into a multicast group or not.	no, specified with the ip attribute only.	yes, no	no
multicast-group	Specifies the address of the multicast group into which the Server is included.	no, specified with the ip attribute only.	-	•231.0.0.1 •[ff18::231.0.0.1]
port	Port to listen.	no, specified with the ip attribute only.	-	2193

The list of disabled protocols. Contains one or several <protocol enabled='' name=''/> child elements.

Attribute

Allowed values

Description

Default

enabled

•yes—protocol is enabled,

•no—protocol is disabled.

Protocol usage mode.

name

•AGENT—protocol that allows interaction of the Server with Dr.Web Agents.

•MSNAPSHV—protocol that allows interaction of the Server with the Microsoft NAP Validator component of system health validating.

•INSTALL—protocol that allows interaction of the Server with Dr.Web Agent installers.

•CLUSTER—protocol for interaction between Servers in the cluster system.

•SERVER—protocol that allows interaction of Dr.Web Server with other Dr.Web Servers.

Protocol name.

The list of disabled extensions. Contains one or several <plugin enabled='' name=''/> child elements.

Attribute

Allowed values

Description

Default

enabled

•yes—extension is enabled,

•no—extension is disabled.

Extension usage mode.

name

•WEBMIN—Dr.Web Security Control Center extension for managing the Server and anti-virus network via the Control Center.

•FrontDoor—Dr.Web Server FrontDoor extension that allows connections of Server remote diagnostics utility.

Extension name.

Element	Description	The value attribute default values, min.
expiration-interval	Validity period of donated licenses—time period on which licenses are donated from the key on this Server. The setting is used if the Server donates licenses to neighbor Servers.	1440
prolong-preact	Period for accepted licenses renewal—period till the license expiration, starting from which this Server initiates renewal of the license which is accepted from the neighbor Server. The setting is used if the Server accepts licenses from neighbor Servers.	60
check-interval	License synchronization period—interval for synchronising information about donating licenses between Servers.	1440

Parameters of sending emails from the Control Center, e.g., as administrative notifications or when mailing installation packages of the stations.

Attribute

Allowed values

Description

Default

from

Email address which will be set as a sender of emails.

drwcs@localhost

debug

•yes—use debug mode,

•no—do not use debug mode.

Use debug mode to get SMTP session detailed log.

▫<smtp server="" user="" pass="" port="" start_tls="" auth_plain="" auth_login="" auth_cram_md5="" auth_digest_md5="" auth_ntlm="" conn_timeout=""/>

Attribute	Allowed values	Description	Default
server	-	SMTP server address which is used to send emails.	127.0.0.1
user	-	name of SMTP server user, if the SMTP server requires authorization.	-
pass	-	password of SMTP server user, if the SMTP server requires authorization.	-
port	Positive integer.	SMTP server port which is used to send emails.	25
start_tls	•yes—use this authentication type, •no—do not use this authentication type.	Encrypt data transfer. At this, switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection.	yes
auth_plain		Use plain text authentication on a mail server.	no
auth_login		Use LOGIN authentication on a mail server.	no
auth_cram_md5		Use CRAM-MD5 authentication on a mail server.	no
auth_digest_md5		Use DIGEST-MD5 authentication on a mail server.	no
auth_ntlm		Use AUTH-NTLM authentication on a mail server.	no
conn_timeout	Positive integer.	Connection timeout for SMTP server.	180

Attribute

Allowed values

Description

Default

enabled

•yes—use SSL,

•no—do not use SSL.

SSL encryption usage mode.

verify_cert

•yes—check SSL sertificate,

•no—do not check SSL sertificate.

Validate the SSL certificate of a mail server.

ca_certs

The path to the root SSL certificate of Dr.Web Server.

Attribute

Allowed values

Description

Default

enabled

•yes—enable epidemic tracking and send single notification on threats,

•no—disable epidemic tracking and send notifications on threats in normal mode.

Administrator notification mode on virus epidemic.

period

Positive integer.

Time period in seconds, during which specified number of messages on infections must be received, so that Dr.Web Server may send to the administrator a single notification on epidemic on all cases of infection.

300

threshold

The number of messages on infections that must be received in specified time period, so that Dr.Web Server may send to the administrator a single notification on epidemic on all cases of infection.

100

Default language which is used by components and systems of Dr.Web Servers if failed to get language settings from the Server database. Particularly used by Dr.Web Security Control Center and administrator notification system if the database has been corrupted and the language settings cannot be obtained.