The Scanning Server is a virtual machine with a special status and with special software for processing scanning requests from other VMs installed.
Stations interact with the Scanning server via the Agent operating in virtual mode. The Agent operates under the Central protection server and sends requests for scanning files and URLs to the Scanning Server.
For detailed information concerning the installation and the initial configuration of the Scanning Server refer to Dr.Web Enterprise Security Suite Installation Manual, in the chapter Installing Dr.Web Scanning Server.
|
Connecting stations to the Scanning Server is available only if it is permitted by the terms of your license.
|
To connect a station to the Scanning Server
1.Select Anti-virus Network item in the main menu of the Control center. 2.It the anti-virus network tree select a station or group of stations to be connected to the Scanning Server. 3.In the Configuration section select Virtual agent. 4.Select Use Scanning server and specify the address of the Scanning server in the field Scanning Server address.
|
For one Virtual agent only one address of the Scanning Server can be specified.
If you do not have to specify a particular address, use the default setting udp://18008, and the Scanning Server will be detected automatically irrespective of whether it has IPv4 or IPv6 address.
|
The address can be specified in one of the following formats:
•tcp://<IP address>:<port> (IPv4 and IPv6 addresses are allowed; IPv6 addresses must be specified in square brackets, e.g. tcp://[fd15:4ba5:5a2b:1008:edc8:733e:1dd7:789c]:7777); •udp://:<port> (in this format only the protocol and the port for Аgents to search the Scanning Server); •srv://service@<domain>(the address and the port are defined by searching the SRV-record of the <domain> DNS; if the domain is not specified, it will be taken from the field search or domain in the DNS settings, depending on which of them is the last in the configuration file). 5.Press the Save button. Additional Settings
The user should have sufficient permissions in order to work with the Scanning Server.
By default users of all stations have the permission to run the Scanning Server but do not have the permissions to stop it and to change its configuration. Additional permissions can be granted by the administrator of the anti-virus network if necessary. The administrator can also cancel all permissions and prohibit the usage of the Scanning Server for certain stations or groups.
For detailed information about permission refer to the section Permissions of Station Users.
On the Scanning Server as well on the UNIX stations connected to it you can also specify addition settings in the drweb.ini configuration file ([MeshD] section). You can edit the drweb.ini file via the Control center (select in the menu UNIX → Dr.Web Agent → Configuration).
The detailed description of these settings is given in the table below.
|
For stations running on Windows you can specify the Scanning Server address only. All other settings described in the table are not supported.
|
Parameter
|
Description
|
LogLevel
{logging level}
|
The level of detail for logs. The parameter can have one of the following values:
•DEBUG—the most detailed logging level. All messages and debug information are registered. •INFO—all messages are registered. •NOTICE—all error messages, warnings, and notifications are registered. •WARNING—all error messages and warnings are registered. •ERROR—only error messages are registered. Default value: Notice
|
Log
{logging method}
|
Logging method. The parameter can have one of the following values:
•Stderr[:ShowTimestamp]—messages are displayed in the stderr—standard error stream. This value can be used only in the settings of configuration daemon. At that, if it works in background mode (“daemonized”), i.e. it is launched with the parameter -d specified, this value cannot be used because components operating in background mode cannot access I/O streams of the terminal. The additional parameter ShowTimestamp instructs to add a time stamp to every message. •Auto—messages for logging are sent to the Dr.Web ConfigD configuration daemon, which saves them to one location according to its configuration. This value is specified for all components except for the configuration daemon and is used as a default value. •Syslog[:<facility>]—messages are transmitted to the system logging service syslog. •Additional option <facility> is used to specify a level at which syslog registers messages. The following values are possible: ▫DAEMON—messages of daemons. ▫USER—messages of user processes. ▫MAIL—messages of mail programs. ▫LOCAL0—messages of local processes 0. …
▫LOCAL7—messages of local processes 7. ▫<path>—Messages are to be saved directly to the specified log. Default value: Auto
|
IdleTimeLimit
{time interval}
|
Maximum idle time for the Scanning Server/Virtual Agent. When the specified time period expires, the Scanning Server/Virtual agent shuts down.
The parameter can be set both for the Scanning Server and the Virtual Agent.
If the None value is set, the Virtual Agent/Scanning Server will operate eternally, the SIGTERM signal will not be saved in case of inactivity.
Minimal—10s.
Default value: 30s
|
DebugSsh
{boolean}
|
Indicated whether it is necessary to log SSH event on station, if the LogLevel is set to Debug.
Default value: No
|
ListenAddress
{<IP address>:<port>}
|
The network socket (address and port) on which the Scanning Server awaits the connections from client stations.
The parameter can be specified for the Scanning Server only.
The parameter must be installed so that the Scanning Server listen on IPv6 and detect Virtual Agents via IPv6.
IPv6 address must be specified in square brackets.
If the value of this parameter is specified as an empty string, the Scanning Server stops operating.
To set the value of this parameter to ' ' (i.e. an empty string) you should simultaneously have the permissions to change the configuration of the Scanning Server and to stop it.
|
DnsResolverConfPath
{path}
|
Path to the subsystem configuration file of domain name permissions (DNS resolver).
The parameter is specified for the Virtual Agent in case an SRV-record is used as the address of Scanning Server.
Default value: /etc/resolv.conf
|
DiscoveryResponderPort
{port}
|
The port on which the Scanning Server responds to the requests of the clients set via UDP protocol.
Default value: 18008
|
EngineChannel
{On | Off}
|
Enable or disable an option that allows the server to provide scan engine services.
The parameter can be specified for the Scanning Server only.
Default value: On
To set the value of this parameter to Off, you should simultaneously have the permissions to change the configuration of the Scanning Server and to stop it.
|
EngineUplink
{address}
|
The address of the Scanning Server (specified in the same format as via the Control center).
The parameter can be specified for the Virtual Agent only.
Default value: Not set
|
EngineDebugIpc
{boolean}
|
Log the scanning service debug information if LogLevel is set to Debug.
Default value: No
|
UrlChannel
{On | Off}
|
Enable or disable an option that allows the server to provide URL check services.
Default values: On
To set the value of this parameter to Off, you should simultaneously have the permissions to change the configuration of the Scanning Server and to stop it.
|
UrlUplink
{address}
|
The address of a higher host used for checking URLs.
The parameter can be specified for the Virtual Agent only.
Default value: Not set
|
UrlDebugIpc
{boolean}
|
Log the URL check debug information if LogLevel is set to Debug.
Default value: No
|
|