What Is Dr.Web |
Dr.Web is an anti-virus plug-in designed to protect corporate mail systems against viruses and spam. It flexibly integrates into the system and processes each message and attachment dispatched to the server. All the messages are scanned before they are processed by the client part. Dr.Web can perform the following functions: •Scanning of all the incoming and outgoing messages in real-time •Filtering and blocking spam, using manually compiled black and white lists of addresses (if the anti-spam module is installed) •Isolating infected and suspicious objects to quarantine •Filtering email messages according to various criteria •Configuring groups of clients to simplify their management •Logging virus events in OS event log and support an internal event database, cmstracedb •Collecting statistics •Supporting the common application settings on a distributed system of firewalls, including those organized in clusters •Automatically updating virus databases and components of the program To facilitate working with the plug-in, it is launched fully automatically (at system startup) and uses convenient update procedures (once added to the Windows Task Scheduler). Dr.Web uses virus databases which are constantly supplemented with new records to assure up-to-date protection. Also, a heuristic analyzer is used for additional protection against unknown viruses. Dr.Web fully supports Microsoft Exchange Server installed in Database Availability Group mode (DAG), starting from Microsoft Exchange Server 2010 version. The plug-in operates on the Dr.Web CMS (Central Management Service), which supports the central configuration of application settings and components and remote administration via protected protocol HTTPS. Dr.Web CMS features an internal web server Dr.Web CMS Web Console with client authentication, thus, only the authorized administrators can access the application settings. The interaction between the components and their configuration is based on internal service protocols operating over TCP. Such service protocols allow Dr.Web CMS to connect the application components with the managing service database and with the internal event database cmstracedb located in the plug-in installation folder and based on the SQLite database. The interaction between the components and Dr.Web CMS platform is carried out in the following way: 1.The application component connects to Dr.Web CMS service via the service protocol over TCP on its start (if it is a service) or on its loading (if it a library). 2.Dr.Web CMS registers the application connection and creates a data structure related to the corresponding application component in the database. 3.Dr.Web CMS controls the operation of the application component by constantly monitoring the TCP session and the service messages exchange with the component. 4.In case the component's state changes, Dr.Web CMS modifies the corresponding variables in cmsdb database. Dr.Web CMS services installed on different servers can be organized in a hierarchy tree by the administrator, to support replication of database parameters with the attribute of the application working with Dr.Web CMS. The parameters are copied from the main server to a sub-server (see Organizing clusters), thus, the server tree parameters can be configured on the main host. |