The text for messages is generated by a Server component named the templates processor on the basis of the templates files.
|
Windows network message system functions only under Windows OS with Windows Messenger (Net Send) service support. Windows Vista OS and later do not support Windows Messenger service. |
A template file consists of text and variables enclosed in braces. When editing a template file, the variables listed below can be used.
|
The templates processor does not perform recursive substitutions. |
The variables are written as follows:
•{<VAR>}—substitute the current value of the <VAR> variable.
•{<VAR>:<N>}—the first <N> characters of the <VAR> variable.
•{<VAR>:<first>:<N>}—the value of <N> characters of the <VAR> variable that go after the first <first> characters (beginning from the <first>+1 symbol), if the remainder is less, it is supplemented by spaces on the right.
•{<VAR>:<first>:-<N>}—the value of <N> characters of the <VAR> variable that go after the first <first> characters (beginning from the <first>+1 symbol), if the remainder is less, it is supplemented by spaces on the left.
•{<VAR>/<original1>/<replace1>[/<original2>/<replace2>]}—replace specified characters of <VAR> variable with given characters: <original1> characters are replaced with <replace1> characters, <original2> characters are replaced with <replace2> characters, etc.
The number of substitution pairs are not limited.
•{<VAR>/<original1>/<replace1[{<SUB_VAR>}]>[/<original2>/<replace2>]}—similarly to the above described replaces to the specified values but the <SUB_VAR> nested variable is used. Actions with nested variables are the same as the actions with parent variables.
Nesting level for recursive substitutions is not limited.
•{<VAR>/<original1>/<replace1>/<original2>/<replace2>/*/<replace3>}—similarly to the above described replaces to the specified values but also the value from <replace3> can be substituted, if none of the listed original values match. Also, if either <original1>, or <original2> have not been found in <VAR>, all values will be replaced with the <replace3>.
Notation of variables
Variable |
Value |
Expression |
Result |
|---|---|---|---|
SYS.TIME |
10:35:17:456 |
{SYS.TIME:5} |
10:35 |
SYS.TIME |
10:35:17:456 |
{SYS.TIME:3:5} |
35:17 |
SYS.TIME |
10:35:17:456 |
{SYS.TIME:3:-12} |
°°°35:17:456 |
SYS.TIME |
10:35:17:456 |
{SYS.TIME:3:12} |
35:17:456°°° |
SYS.TIME |
10:35:17:456 |
{SYS.TIME/10/99/35/77} |
99:77:17.456 |
°—whitespace. |
Environment Variables
To form messages texts you can use environment variables of the Server process (the System user).
Environment variables are available in the Control Center messages editor, in the ENV drop-down list. Please note: the variables must be specified with the ENV. prefix (the prefix ends with a dot).
System Variables
•SYS.BRANCH—system version (Server and Agents),
•SYS.BUILD—Server build date,
•SYS.DATE—current system date,
•SYS.DATETIME—current system date and time,
•SYS.HOST—Server DNS name,
•SYS.MACHINE—network address of a computer with the Server installed,
•SYS.OS—operating system name of a computer with the Server installed,
•SYS.PLATFORM—Server platform,
•SYS.PLATFORM.SHORT—short variant of SYS.PLATFORM,
•SYS.SERVER—product name (Dr.Web Server),
•SYS.TIME—current system time,
•SYS.VERSION—Server version.
•GEN.LoginTime—station login time,
•GEN.StationAddress—station address,
•GEN.StationDescription—station description,
•GEN.StationID—station unique identifier,
•GEN.StationLDAPDN—distinguished name of a station under Windows OS. Relevant for stations included into ADS/LDAP domain,
•GEN.StationMAC—stations MAC address,
•GEN.StationName—station name,
•GEN.StationPrimaryGroupID—identifier of the station primary group,
•GEN.StationPrimaryGroupName—name of the station primary group,
•GEN.StationSID—security identifier of a station.
Common Variables for Repository
•GEN.CurrentRevision—current version identifier,
•GEN.Folder—product location folder,
•GEN.NextRevision—updated version identifier,
•GEN.Product—product description.
Variables by Message Types
Administrators
Message |
Variables |
Description |
|---|---|---|
Administrator authorization failed |
MSG.Login |
login |
MSG.Address |
Control Center network address |
|
MSG.LoginErrorCode |
numeric error code |
|
Unknown administrator |
MSG.Login |
login |
MSG.Address |
network address of Dr.Web Security Control Center |
Installations
For messages of this group, you can also use common variables for stations given above.
Message |
Variables |
Description |
|---|---|---|
Installation on station failed |
MSG.Error |
error message |
Installation on station successfully completed |
no variables are available |
|
Licenses
Message |
Variables |
Description |
|---|---|---|
License key automatically updated |
Sent if a license key has been automatically updated. At this, a new key has been successfully downloaded and propagated on all objects of an old license key. |
|
MSG.KeyId |
Identifier of an old license key |
|
MSG.KeyName |
Name of an old license key |
|
MSG.NewKeyId |
Identifier of a new license key |
|
MSG.NewKeyName |
Name of a new license key |
|
License key blocked |
MSG.KeyId |
ID of a license key |
MSG.KeyName |
Name of a user of a license key |
|
License key cannot be automatically updated |
Sent if a license key cannot be automatically updated, because the compound of licensed components differs in the current and the new keys. At this, a new key successfully downloaded but not propagated on all objects of an old license key. You must replace the license key manually. |
|
MSG.ExpirationDate |
date of license expiration |
|
MSG.Expired |
•1—the term has expired •0—the term has not expired |
|
MSG.KeyDifference |
The reason why automatic replacement is impossible: •the compound of licensed components differs in the current and the new license keys •the new license key has fewer licenses than the current license key |
|
MSG.KeyId |
Identifier of an old license key |
|
MSG.KeyName |
Name of an old license key |
|
MSG.NewKeyId |
Identifier of a new license key |
|
MSG.NewKeyName |
Name of a new license key |
|
License key expiration |
Sent if a license key is about to expire and the automatic update of a license is not available. |
|
MSG.ExpirationDate |
date of license expiration |
|
MSG.Expired |
•1—the term has expired •0—the term has not expired |
|
MSG.KeyId |
Identifier of a license key |
|
MSG.KeyName |
Name of a license key |
|
Licenses donation has expired |
Sent if the time of licenses donation to the neighbor Server has expired. |
|
MSG.ObjId |
license key ID |
|
MSG.Server |
the neighbor Server name |
|
Limitation on a number of licenses is exceeded |
Sent when the number of registered stations is approaching the license limit, namely less than 5% of the license limit or less than two stations is unused. |
|
MSG.Licensed |
permitted by license |
|
MSG.Used |
number of stations in the base |
|
GEN.StationPrimaryGroupName |
primary group name |
|
GEN.StationPrimaryGroupID |
primary group ID |
|
Limitation on donated licenses is reached |
Sent when trying to donate to the neighbor Server more licenses than the license key has. |
|
MSG.ObjId |
license key ID |
|
Limitation on online stations is reached |
Sent when a new station cannot log in on the Server due to the license limitations. |
|
MSG.ID |
station UUID |
|
MSG.StationName |
station name |
|
Common variables for stations given above are also available. |
||
Limitation on stations in the group is approaching |
Sent at every Server launch in case the Server is launched with a key allowing a lesser number of stations than it already has. |
|
MSG.Licensed |
permitted by license |
|
MSG.Percent |
the percentage of free licenses |
|
MSG.Used |
number of stations in the base |
|
GEN.StationPrimaryGroupID |
primary group ID |
|
GEN.StationPrimaryGroupName |
primary group name |
|
Newbies
For messages of this group, you can also use common variables for stations given above.
Message |
Variables |
Description |
|---|---|---|
Station automatically rejected |
no variables are available |
|
Station is waiting for approval |
||
Station rejected by administrator |
MSG.AdminAddress |
Control Center network address |
MSG.AdminName |
administrator name |
|
Other
Message |
Variables |
Description |
|---|---|---|
Epidemic in the network |
MSG.Infected |
total number of detected threats |
MSG.Virus |
the most common threats |
|
Neighbor Server has not connected for a long time |
MSG.LastDisconnectTime |
the time when the Server has been connected at the last time |
MSG.StationName |
the neighbor Server name |
|
Server log rotation error |
MSG.Error |
message text |
Server log write error |
MSG.Error |
message text |
Statistic report |
MSG.Attachment |
path to the report |
MSG.AttachmentType |
MIME type |
|
GEN.File |
report file name |
|
Summary report of Preventive protection |
MSG.AutoBlockedActCount |
number of processes with suspicious activity that were blocked automatically |
MSG.AutoBlockedProc |
processes with suspicious activity that were blocked automatically |
|
MSG.HipsType |
type of protected object |
|
MSG.IsShellGuard |
dividing on types of the Preventive protection reactions at automatic blocking: •blocking of unauthorized code •check the access to the protected objects |
|
MSG.ShellGuardType |
the most common reason of a blocking of unauthorized code execution at automatic event blocking |
|
MSG.Total |
total number of Preventive protection events detected on the network |
|
MSG.UserAllowedActCount |
number of processes with suspicious activity that were allowed by user |
|
MSG.UserAllowedHipsType |
type of the most common protected objects access to which was allowed by user |
|
MSG.UserAllowedIsShellGuard |
dividing on types of the Preventive protection reactions when the access was allowed by user: •blocking of unauthorized code •check the access to the protected objects |
|
MSG.UserAllowedProc |
processes with suspicious activity that were allowed by user |
|
MSG.UserAllowedShellGuard |
the most common reason of a blocking of unauthorized code execution which was allowed by user |
|
MSG.UserBlockedActCount |
number of processes with suspicious activity that were blocked by user |
|
MSG.UserBlockedHipsType |
type of the most common protected objects access to which was blocked by user |
|
MSG.UserBlockedIsShellGuard |
dividing on types of the Preventive protection reactions when the access was blocked by user: •blocking of unauthorized code •check the access to the protected objects |
|
MSG.UserBlockedProc |
processes with suspicious activity that were blocked by user |
|
MSG.UserBlockedShellGuard |
the most common reason of a blocking of unauthorized code execution which was blocked by user |
Repository
For messages of this group, you can also use common variables for repository given above.
Message |
Variables |
Description |
|---|---|---|
Not enough free space on disk |
Sent when it is not enough free space on disk with variable data. Common variables for repository given above are not available. |
|
MSG.FreeInodes |
the number of free inodes file descriptors (has the meaning only for some UNIX system-based OS) |
|
MSG.FreeSpace |
free space in bytes |
|
MSG.Path |
the path to the folder with low free space |
|
MSG.RequiredInodes |
number of free inodes required for operation (has the meaning only for some UNIX system-based OS) |
|
MSG.RequiredSpace |
free space required for operation |
|
Repository product cannot be updated |
MSG.Error |
error message |
MSG.ExtendedError |
detailed description of an error |
|
Repository product is up-to-date |
no variables are available |
|
Repository product is updated |
MSG.Added |
list of added files (each name in a separate line) |
MSG.AddedCount |
number of added files |
|
MSG.Deleted |
list of deleted files (each name in a separate line) |
|
MSG.DeletedCount |
number of deleted files |
|
MSG.Replaced |
list of replaced files (each name in a separate line) |
|
MSG.ReplacedCount |
number of replaced files |
|
Update of repository product is frozen |
no variables are available |
|
Update of repository product is started |
||
|
The variables of the Repository product is up-to-date template do not include the files marked as not to be notified of in the product configuration file, read F1. The Syntax of the Configuration File .config. |
Stations
For messages of this group, you can also use common variables for stations given above.
|
In multiserver network, it is possible to receive notifications about events on stations of neighbor Servers. You can enable this option when configuring neighbor Server connections (see Administrator Manual, the Setting Connections between Several Dr.Web Servers section). The following notifications are available to receive on event on the neighbor Server: Security threat detected, Report of Preventive protection, Scan error, Scan statistics. |
Message |
Variables |
Description |
|---|---|---|
Cannot create the station account |
MSG.ID |
station UUID |
MSG.StationName |
station name |
|
Connection terminated abnormally |
MSG.Reason |
reason for the termination |
MSG.Type |
client type |
|
Critical error of station update |
MSG.Product |
updated product |
MSG.ServerTime |
local time of receipt of a message by the Server |
|
Device blocked |
MSG.Capabilities |
device characteristics |
MSG.Class |
device class (the name of a parent group) |
|
MSG.Description |
device description |
|
MSG.FriendlyName |
user friendly name of the device |
|
MSG.InstanceId |
identifier of a device instance |
|
MSG.User |
user name |
|
Report of Preventive protection |
MSG.AdminName |
administrator who initiated the action on a suspicious process |
MSG.Denied |
action on a suspicious process: •denied •allowed |
|
MSG.HipsType |
protected object type |
|
MSG.IsShellGuard |
dividing on types of the Preventive protection reactions: •blocking of unauthorized code •check the access to the protected objects |
|
MSG.Path |
path to the process with suspicious activity |
|
MSG.Pid |
identifier of the process with suspicious activity |
|
MSG.ShellGuardType |
reason of execution of unauthorized code blocking |
|
MSG.StationTime |
time of event occurrence on a station |
|
MSG.Target |
path to the protected object to which the access attempt was made |
|
MSG.Total |
number of denials in case of automatic reaction of the Preventive protection |
|
MSG.User |
user who launched the suspicious process |
|
MSG.UserAction |
initiator of the action on a suspicious process •user •automatic reaction of the Preventive protection |
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Report of Preventive protection on threats detection by known hashes of threats |
MSG.AdminName |
administrator who initiated the action on a suspicious process |
MSG.Denied |
action on a suspicious process: •denied •allowed |
|
MSG.Document |
bulletin containing the hash of detected threat |
|
MSG.HipsType |
protected object type |
|
MSG.IsShellGuard |
dividing on types of the Preventive protection reactions: •blocking of unauthorized code •check the access to the protected objects |
|
MSG.Path |
path to the process with suspicious activity |
|
MSG.Pid |
identifier of the process with suspicious activity |
|
MSG.SHA1 |
SHA-1 hash of detected object |
|
MSG.SHA256 |
SHA-256 hash of detected object |
|
MSG.ShellGuardType |
reason of execution of unauthorized code blocking |
|
MSG.StationTime |
time of event occurrence on a station |
|
MSG.Target |
path to the protected object to which the access attempt was made |
|
MSG.Total |
number of denials in case of automatic reaction of the Preventive protection |
|
MSG.User |
user who launched the suspicious process |
|
MSG.UserAction |
initiator of the action on a suspicious process •user •automatic reaction of the Preventive protection |
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Scan error |
MSG.Component |
component name |
MSG.Error |
error message |
|
MSG.ObjectName |
object name |
|
MSG.ObjectOwner |
object owner |
|
MSG.RunBy |
component is launched by this user |
|
MSG.ServerTime |
event receipt time, GMT |
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Scan error at threat detection by known hashes of threats |
MSG.Component |
component name |
MSG.Document |
bulletin containing the hash of detected threat |
|
MSG.Error |
error message |
|
MSG.ObjectName |
object name |
|
MSG.ObjectOwner |
object owner |
|
MSG.RunBy |
component is launched by this user |
|
MSG.SHA1 |
SHA-1 hash of detected object |
|
MSG.SHA256 |
SHA-256 hash of detected object |
|
MSG.ServerTime |
event receipt time, GMT |
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Scan statistics |
MSG.Component |
component name |
MSG.Cured |
number of cured objects |
|
MSG.DeletedObjs |
number of deleted objects |
|
MSG.Errors |
number of scan errors |
|
MSG.Infected |
number of infected objects |
|
MSG.Locked |
number of blocked objects |
|
MSG.Modifications |
number of objects infected with known modifications of viruses |
|
MSG.Moved |
number of moved objects |
|
MSG.Renamed |
number of renamed objects |
|
MSG.RunBy |
component is launched by this user |
|
MSG.Scanned |
number of scanned objects |
|
MSG.ServerTime |
event receipt time, GMT |
|
MSG.Speed |
processing speed in KB/s |
|
MSG.Suspicious |
number of suspicious objects |
|
MSG.VirusActivity |
|
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Security threat detected |
MSG.Action |
action upon a detection |
MSG.Component |
component name |
|
MSG.InfectionType |
threat type |
|
MSG.ObjectName |
infected object name |
|
MSG.ObjectOwner |
infected object owner |
|
MSG.RunBy |
component is launched by this user |
|
MSG.ServerTime |
event receipt time, GMT |
|
MSG.Virus |
threat name |
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Security threat detected by known hashes of threats |
MSG.Action |
action upon a detection |
MSG.Component |
component name |
|
MSG.Document |
bulletin containing the hash of detected threat |
|
MSG.InfectionType |
threat type |
|
MSG.ObjectName |
infected object name |
|
MSG.ObjectOwner |
infected object owner |
|
MSG.RunBy |
component is launched by this user |
|
MSG.SHA1 |
SHA-1 hash of detected object |
|
MSG.SHA256 |
SHA-256 hash of detected object |
|
MSG.ServerTime |
event receipt time, GMT |
|
MSG.Virus |
threat name |
|
GEN.ServerRecvLinkID |
UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerRecvLinkName |
the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server) |
|
GEN.ServerOriginatorID |
UUID of the Server to which the station is connected from which the Preventive protection report was received |
|
GEN.ServerOriginatorName |
the name of the Server to which the station is connected from which the Preventive protection report was received |
|
Station already logged in |
Sent if the station is currently registered at this or another Server. |
|
MSG.ID |
station UUID |
|
MSG.Server |
ID of the Server at which the station is registered |
|
MSG.StationName |
name of the station |
|
Station approved by administrator |
MSG.AdminAddress |
network address of the Control Center |
MSG.AdminName |
administrator name |
|
Station authorization failed |
MSG.ID |
station UUID |
MSG.Rejected |
values: •rejected—access to a station is denied •newbie—there was an attempt to assign the "newbie" status to a station |
|
MSG.StationName |
station name |
|
Station automatically approved |
no variables are available |
|
Station has not connected to the Server for a long time |
Common variables for stations given above are not available. |
|
MSG.DaysAgo |
number of days since the last connection to the Server |
|
MSG.LastSeenFrom |
address of the station at the last connection to the Server |
|
MSG.StationDescription |
station description |
|
MSG.StationID |
station UUID |
|
MSG.StationMAC |
station MAC address |
|
MSG.StationName |
station name |
|
MSG.StationSID |
station security identifier |
|
Station reboot required |
MSG.Reason |
reboot reason the list of possible reboot reasons is given in the predefined template |
Station reboot required to apply updates |
MSG.Product |
updated product |
MSG.ServerTime |
local time of receipt of a message by the Server |
|
Unknown station |
MSG.ID |
UUID of unknown station |
MSG.Rejected |
values: •rejected—access for a station is denied •newbie—there was an attempt to assign the "newbie" status to a station |
|
MSG.StationName |
station name |
|