D3. The Parameters of the Notification System Templates

The text for messages is generated by a Server component named the templates processor on the basis of the templates files.

warning

Windows network message system functions only under Windows OS with Windows Messenger (Net Send) service support.

Windows Vista OS and later do not support Windows Messenger service.

A template file consists of text and variables enclosed in braces. When editing a template file, the variables listed below can be used.

info

The templates processor does not perform recursive substitutions.

The variables are written as follows:

{<VAR>}—substitute the current value of the <VAR> variable.

{<VAR>:<N>}—the first <N> characters of the <VAR> variable.

{<VAR>:<first>:<N>}—the value of <N> characters of the <VAR> variable that go after the first <first> characters (beginning from the <first>+1 symbol), if the remainder is less, it is supplemented by spaces on the right.

{<VAR>:<first>:-<N>}—the value of <N> characters of the <VAR> variable that go after the first <first> characters (beginning from the <first>+1 symbol), if the remainder is less, it is supplemented by spaces on the left.

{<VAR>/<original1>/<replace1>[/<original2>/<replace2>]}—replace specified characters of <VAR> variable with given characters: <original1> characters are replaced with <replace1> characters, <original2> characters are replaced with <replace2> characters, etc.

The number of substitution pairs are not limited.

{<VAR>/<original1>/<replace1[{<SUB_VAR>}]>[/<original2>/<replace2>]}—similarly to the above described replaces to the specified values but the <SUB_VAR> nested variable is used. Actions with nested variables are the same as the actions with parent variables.

Nesting level for recursive substitutions is not limited.

{<VAR>/<original1>/<replace1>/<original2>/<replace2>/*/<replace3>}—similarly to the above described replaces to the specified values but also the value from <replace3> can be substituted, if none of the listed original values match. Also, if either <original1>, or <original2> have not been found in <VAR>, all values will be replaced with the <replace3>.

Notation of variables

Variable

Value

Expression

Result

SYS.TIME

10:35:17:456

{SYS.TIME:5}

10:35

SYS.TIME

10:35:17:456

{SYS.TIME:3:5}

35:17

SYS.TIME

10:35:17:456

{SYS.TIME:3:-12}

°°°35:17:456

SYS.TIME

10:35:17:456

{SYS.TIME:3:12}

35:17:456°°°

SYS.TIME

10:35:17:456

{SYS.TIME/10/99/35/77}

99:77:17.456

Conventions

Environment Variables

To form messages texts you can use environment variables of the Server process (the System user).

Environment variables are available in the Control Center messages editor, in the ENV drop-down list. Please note: the variables must be specified with the ENV. prefix (the prefix ends with a dot).

System Variables

SYS.BRANCH—system version (Server and Agents),

SYS.BUILD—Server build date,

SYS.DATE—current system date,

SYS.DATETIME—current system date and time,

SYS.HOST—Server DNS name,

SYS.MACHINE—network address of a computer with the Server installed,

SYS.OS—operating system name of a computer with the Server installed,

SYS.PLATFORM—Server platform,

SYS.PLATFORM.SHORT—short variant of SYS.PLATFORM,

SYS.SERVER—product name (Dr.Web Server),

SYS.TIME—current system time,

SYS.VERSION—Server version.

Common Variables for Stations

GEN.LoginTime—station login time,

GEN.StationAddress—station address,

GEN.StationDescription—station description,

GEN.StationID—station unique identifier,

GEN.StationLDAPDN—distinguished name of a station under Windows OS. Relevant for stations included into ADS/LDAP domain,

GEN.StationMAC—stations MAC address,

GEN.StationName—station name,

GEN.StationPrimaryGroupID—identifier of the station primary group,

GEN.StationPrimaryGroupName—name of the station primary group,

GEN.StationSID—security identifier of a station.

Common Variables for Repository

GEN.CurrentRevision—current version identifier,

GEN.Folder—product location folder,

GEN.NextRevision—updated version identifier,

GEN.Product—product description.

Variables by Message Types

Administrators

Message

Variables

Description

Administrator authorization failed

MSG.Login

login

MSG.Address

Control Center network address

MSG.LoginErrorCode

numeric error code

Unknown administrator

MSG.Login

login

MSG.Address

network address of Dr.Web Security Control Center

Installations

For messages of this group, you can also use common variables for stations given above.

Message

Variables

Description

Installation on station failed

MSG.Error

error message

Installation on station successfully completed

no variables are available

Licenses

Message

Variables

Description

License key automatically updated

Sent if a license key has been automatically updated. At this, a new key has been successfully downloaded and propagated on all objects of an old license key.

MSG.KeyId

Identifier of an old license key

MSG.KeyName

Name of an old license key

MSG.NewKeyId

Identifier of a new license key

MSG.NewKeyName

Name of a new license key

License key blocked

MSG.KeyId

ID of a license key

MSG.KeyName

Name of a user of a license key

License key cannot be automatically updated

Sent if a license key cannot be automatically updated, because the compound of licensed components differs in the current and the new keys. At this, a new key successfully downloaded but not propagated on all objects of an old license key. You must replace the license key manually.

MSG.ExpirationDate

date of license expiration

MSG.Expired

1—the term has expired

0—the term has not expired

MSG.KeyDifference

The reason why automatic replacement is impossible:

the compound of licensed components differs in the current and the new license keys

the new license key has fewer licenses than the current license key

MSG.KeyId

Identifier of an old license key

MSG.KeyName

Name of an old license key

MSG.NewKeyId

Identifier of a new license key

MSG.NewKeyName

Name of a new license key

License key expiration

Sent if a license key is about to expire and the automatic update of a license is not available.

MSG.ExpirationDate

date of license expiration

MSG.Expired

1—the term has expired

0—the term has not expired

MSG.KeyId

Identifier of a license key

MSG.KeyName

Name of a license key

Licenses donation has expired

Sent if the time of licenses donation to the neighbor Server has expired.

MSG.ObjId

license key ID

MSG.Server

the neighbor Server name

Limitation on a number of licenses is exceeded

Sent when the number of registered stations is approaching the license limit, namely less than 5% of the license limit or less than two stations is unused.

MSG.Licensed

permitted by license

MSG.Used

number of stations in the base

GEN.StationPrimaryGroupName

primary group name

GEN.StationPrimaryGroupID

primary group ID

Limitation on donated licenses is reached

Sent when trying to donate to the neighbor Server more licenses than the license key has.

MSG.ObjId

license key ID

Limitation on online stations is reached

Sent when a new station cannot log in on the Server due to the license limitations.

MSG.ID

station UUID

MSG.StationName

station name

Common variables for stations given above are also available.

Limitation on stations in the group is approaching

Sent at every Server launch in case the Server is launched with a key allowing a lesser number of stations than it already has.

MSG.Licensed

permitted by license

MSG.Percent

the percentage of free licenses

MSG.Used

number of stations in the base

GEN.StationPrimaryGroupID

primary group ID

GEN.StationPrimaryGroupName

primary group name

Newbies

For messages of this group, you can also use common variables for stations given above.

Message

Variables

Description

Station automatically rejected

no variables are available

Station is waiting for approval

Station rejected by administrator

MSG.AdminAddress

Control Center network address

MSG.AdminName

administrator name

Other

Message

Variables

Description

Epidemic in the network

MSG.Infected

total number of detected threats

MSG.Virus

the most common threats

Neighbor Server has not connected for a long time

MSG.LastDisconnectTime

the time when the Server has been connected at the last time

MSG.StationName

the neighbor Server name

Server log rotation error

MSG.Error

message text

Server log write error

MSG.Error

message text

Statistic report

MSG.Attachment

path to the report

MSG.AttachmentType

MIME type

GEN.File

report file name

Summary report of Preventive protection

MSG.AutoBlockedActCount

number of processes with suspicious activity that were blocked automatically

MSG.AutoBlockedProc

processes with suspicious activity that were blocked automatically

MSG.HipsType

type of protected object

MSG.IsShellGuard

dividing on types of the Preventive protection reactions at automatic blocking:

blocking of unauthorized code

check the access to the protected objects

MSG.ShellGuardType

the most common reason of a blocking of unauthorized code execution at automatic event blocking

MSG.Total

total number of Preventive protection events detected on the network

MSG.UserAllowedActCount

number of processes with suspicious activity that were allowed by user

MSG.UserAllowedHipsType

type of the most common protected objects access to which was allowed by user

MSG.UserAllowedIsShellGuard

dividing on types of the Preventive protection reactions when the access was allowed by user:

blocking of unauthorized code

check the access to the protected objects

MSG.UserAllowedProc

processes with suspicious activity that were allowed by user

MSG.UserAllowedShellGuard

the most common reason of a blocking of unauthorized code execution which was allowed by user

MSG.UserBlockedActCount

number of processes with suspicious activity that were blocked by user

MSG.UserBlockedHipsType

type of the most common protected objects access to which was blocked by user

MSG.UserBlockedIsShellGuard

dividing on types of the Preventive protection reactions when the access was blocked by user:

blocking of unauthorized code

check the access to the protected objects

MSG.UserBlockedProc

processes with suspicious activity that were blocked by user

MSG.UserBlockedShellGuard

the most common reason of a blocking of unauthorized code execution which was blocked by user

Repository

For messages of this group, you can also use common variables for repository given above.

Message

Variables

Description

Not enough free space on disk

Sent when it is not enough free space on disk with variable data.

Common variables for repository given above are not available.

MSG.FreeInodes

the number of free inodes file descriptors (has the meaning only for some UNIX system-based OS)

MSG.FreeSpace

free space in bytes

MSG.Path

the path to the folder with low free space

MSG.RequiredInodes

number of free inodes required for operation (has the meaning only for some UNIX system-based OS)

MSG.RequiredSpace

free space required for operation

Repository product cannot be updated

MSG.Error

error message

MSG.ExtendedError

detailed description of an error

Repository product is up-to-date

no variables are available

Repository product is updated

MSG.Added

list of added files (each name in a separate line)

MSG.AddedCount

number of added files

MSG.Deleted

list of deleted files (each name in a separate line)

MSG.DeletedCount

number of deleted files

MSG.Replaced

list of replaced files (each name in a separate line)

MSG.ReplacedCount

number of replaced files

Update of repository product is frozen

no variables are available

Update of repository product is started

info

The variables of the Repository product is up-to-date template do not include the files marked as not to be notified of in the product configuration file, read F1. The Syntax of the Configuration File .config.

Stations

For messages of this group, you can also use common variables for stations given above.

info

In multiserver network, it is possible to receive notifications about events on stations of neighbor Servers. You can enable this option when configuring neighbor Server connections (see Administrator Manual, the Setting Connections between Several Dr.Web Servers section).

The following notifications are available to receive on event on the neighbor Server: Security threat detected, Report of Preventive protection, Scan error, Scan statistics.

Message

Variables

Description

Cannot create the station account

MSG.ID

station UUID

MSG.StationName

station name

Connection terminated abnormally

MSG.Reason

reason for the termination

MSG.Type

client type

Critical error of station update

MSG.Product

updated product

MSG.ServerTime

local time of receipt of a message by the Server

Device blocked

MSG.Capabilities

device characteristics

MSG.Class

device class (the name of a parent group)

MSG.Description

device description

MSG.FriendlyName

user friendly name of the device

MSG.InstanceId

identifier of a device instance

MSG.User

user name

Report of Preventive protection

MSG.AdminName

administrator who initiated the action on a suspicious process

MSG.Denied

action on a suspicious process:

denied

allowed

MSG.HipsType

protected object type

MSG.IsShellGuard

dividing on types of the Preventive protection reactions:

blocking of unauthorized code

check the access to the protected objects

MSG.Path

path to the process with suspicious activity

MSG.Pid

identifier of the process with suspicious activity

MSG.ShellGuardType

reason of execution of unauthorized code blocking

MSG.StationTime

time of event occurrence on a station

MSG.Target

path to the protected object to which the access attempt was made

MSG.Total

number of denials in case of automatic reaction of the Preventive protection

MSG.User

user who launched the suspicious process

MSG.UserAction

initiator of the action on a suspicious process

user

automatic reaction of the Preventive protection

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Report of Preventive protection on threats detection by known hashes of threats

MSG.AdminName

administrator who initiated the action on a suspicious process

MSG.Denied

action on a suspicious process:

denied

allowed

MSG.Document

bulletin containing the hash of detected threat

MSG.HipsType

protected object type

MSG.IsShellGuard

dividing on types of the Preventive protection reactions:

blocking of unauthorized code

check the access to the protected objects

MSG.Path

path to the process with suspicious activity

MSG.Pid

identifier of the process with suspicious activity

MSG.SHA1

SHA-1 hash of detected object

MSG.SHA256

SHA-256 hash of detected object

MSG.ShellGuardType

reason of execution of unauthorized code blocking

MSG.StationTime

time of event occurrence on a station

MSG.Target

path to the protected object to which the access attempt was made

MSG.Total

number of denials in case of automatic reaction of the Preventive protection

MSG.User

user who launched the suspicious process

MSG.UserAction

initiator of the action on a suspicious process

user

automatic reaction of the Preventive protection

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Scan error

MSG.Component

component name

MSG.Error

error message

MSG.ObjectName

object name

MSG.ObjectOwner

object owner

MSG.RunBy

component is launched by this user

MSG.ServerTime

event receipt time, GMT

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Scan error at threat detection by known hashes of threats

MSG.Component

component name

MSG.Document

bulletin containing the hash of detected threat

MSG.Error

error message

MSG.ObjectName

object name

MSG.ObjectOwner

object owner

MSG.RunBy

component is launched by this user

MSG.SHA1

SHA-1 hash of detected object

MSG.SHA256

SHA-256 hash of detected object

MSG.ServerTime

event receipt time, GMT

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Scan statistics

MSG.Component

component name

MSG.Cured

number of cured objects

MSG.DeletedObjs

number of deleted objects

MSG.Errors

number of scan errors

MSG.Infected

number of infected objects

MSG.Locked

number of blocked objects

MSG.Modifications

number of objects infected with known modifications of viruses

MSG.Moved

number of moved objects

MSG.Renamed

number of renamed objects

MSG.RunBy

component is launched by this user

MSG.Scanned

number of scanned objects

MSG.ServerTime

event receipt time, GMT

MSG.Speed

processing speed in KB/s

MSG.Suspicious

number of suspicious objects

MSG.VirusActivity

 

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Security threat detected

MSG.Action

action upon a detection

MSG.Component

component name

MSG.InfectionType

threat type

MSG.ObjectName

infected object name

MSG.ObjectOwner

infected object owner

MSG.RunBy

component is launched by this user

MSG.ServerTime

event receipt time, GMT

MSG.Virus

threat name

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Security threat detected by known hashes of threats

MSG.Action

action upon a detection

MSG.Component

component name

MSG.Document

bulletin containing the hash of detected threat

MSG.InfectionType

threat type

MSG.ObjectName

infected object name

MSG.ObjectOwner

infected object owner

MSG.RunBy

component is launched by this user

MSG.SHA1

SHA-1 hash of detected object

MSG.SHA256

SHA-256 hash of detected object

MSG.ServerTime

event receipt time, GMT

MSG.Virus

threat name

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Station already logged in

Sent if the station is currently registered at this or another Server.

MSG.ID

station UUID

MSG.Server

ID of the Server at which the station is registered

MSG.StationName

name of the station

Station approved by administrator

MSG.AdminAddress

network address of the Control Center

MSG.AdminName

administrator name

Station authorization failed

MSG.ID

station UUID

MSG.Rejected

values:

rejected—access to a station is denied

newbie—there was an attempt to assign the "newbie" status to a station

MSG.StationName

station name

Station automatically approved

no variables are available

Station has not connected to the Server for a long time

Common variables for stations given above are not available.

MSG.DaysAgo

number of days since the last connection to the Server

MSG.LastSeenFrom

address of the station at the last connection to the Server

MSG.StationDescription

station description

MSG.StationID

station UUID

MSG.StationMAC

station MAC address

MSG.StationName

station name

MSG.StationSID

station security identifier

Station reboot required

MSG.Reason

reboot reason

the list of possible reboot reasons is given in the predefined template

Station reboot required to apply updates

MSG.Product

updated product

MSG.ServerTime

local time of receipt of a message by the Server

Unknown station

MSG.ID

UUID of unknown station

MSG.Rejected

values:

rejected—access for a station is denied

newbie—there was an attempt to assign the "newbie" status to a station

MSG.StationName

station name