Chapter 3. Dr.Web for UNIX Internet Gateways

This Manual describes management aspects of Dr.Web for UNIX Internet Gateways anti-virus software designed for GNU/Linux, FreeBSD. The manual is designed for a person responsible for anti-virus protection and security ("Administrator" hereinafter).

Dr.Web for UNIX Internet Gateways is an anti-virus solution designed to protect Internet gateways running under UNIX OSes (GNU/Linux and FreeBSD) from viruses and other types of malicious software, and to prevent distribution of the threats designed for all popular operating systems including mobile platforms.

Dr.Web for UNIX Internet Gateways provides you with the following features:

1.Detection and neutralization of threats. Searches for malicious programs (for example, viruses, including those that infect mail files and boot records, Trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers).

Threat detection methods:

•Signature analysis, which allows detection of known threats

•Heuristic analysis, which allows detection of threats that are not present in virus databases

•Dr.Web Cloud service that collects up-to-date information about recent threats and sends it to Dr.Web products.

Note that the heuristic analyzer may raise false positive detections. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you choose to quarantine such files and send them for analysis to Doctor Web anti-virus laboratory.

Scanning at user’s request can be performed in two modes: full scan (scan of all file system objects) and custom scan (scan of selected objects: directories or files that satisfy specified criteria). Moreover, the user can start a separate scan of volume boot records and executables that ran processes that are currently active. In the latter case, if a malicious executable is detected, it is neutralized and all processes run by this file are forced to terminate.

2.Analyzing data transmitted to the Internet. Not only user requests are monitored (i.e. attempts to connect to the web server and to transmit any file to it), but also data sent in response to users’ request. To analyze requests and sent data, the program connects via ICAP protocol as an external filter to the proxy server, processing HTTP connections of the local network users. Moreover, using the SpIDer Gate component, it is possible to perform barrier functions, which prevents receiving and transmitting infected files by the public server of the organization (this option is available only for GNU/Linux). To restrict access to unwanted websites, the product uses automatically updated databases of web resource categories, which are supplied together with Dr.Web for UNIX Internet Gateways; and white and black lists created by the system administrator manually. The product also refers to Dr.Web Cloud service to check for the information whether the Internet resource is marked as malicious by other Dr.Web.