Dr.Web for Linux Functions

This Manual describes management aspects of Dr.Web for Linux anti-virus software designed for GNU/Linux . The manual is designed for a person responsible for anti-virus protection and security ("Administrator" hereinafter).

Dr.Web for Linux is an anti-virus solution designed to protect file servers running under GNU/Linux from viruses and other types of malicious software, and to prevent distribution of the threats designed for all popular operating systems including mobile platforms.

Dr.Web for Linux provides you with the following features:

1. Detection and neutralization of threats. Searches for malicious programs (for example, viruses, including those that infect mail files and boot records, Trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers).

The following methods are used for threat detection:

•Signature analysis, which allows detection of known threats

•Heuristic analysis, which allows detection of threats that are not present in virus databases

•Dr.Web Cloud service that collects up-to-date information about recent threats and sends it to Dr.Web products.

Note that the heuristic analyzer may raise false positive detections. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended that you choose to quarantine such files and send them for analysis to Doctor Web anti-virus laboratory.

Scanning at user’s request can be performed in two modes: full scan (scan of all file system objects) and custom scan (scan of selected objects: directories or files that satisfy specified criteria). Moreover, the user can start a separate scan of volume boot records and executables that ran processes that are currently active. In the latter case, if a malicious executable is detected, it is neutralized and all processes run by this file are forced to terminate.

2. Monitoring of file reference. File events and attempts to run executable files are monitored. This feature allows to detect and neutralize malware at its attempt to infect the computer.

3. Monitoring of access to the Internet. All attempts to access Internet servers (web servers, mail servers, file servers) are monitored in order to block access to the websites of the unwanted categories, and to prevent the transfer of email messages with infected files, unwanted links or spam. Checking email messages and files downloaded for viruses and other threats from the web is performed on the fly. To restrict access to unwanted websites, Dr.Web for Linux supports a database of web resource categories that is automatically updated, and black and white lists that are edited by the user. Dr.Web Cloud service is also used to check whether the requested web resource is marked malicious by other anti-virus products of Dr.Web.

4. Reliable isolation of infected or suspicious objects in the special storage called quarantine so that they could not cause any damage to the system. Quarantine objects are rename in a special way and can be restored (if necessary) upon the user's command.