Logfile = {path to file | syslog}

Log file name.

You can specify syslog to enable logging with the syslog service.

In this case, you must also specify SyslogFacility and SyslogPriority parameters.

SyslogFacility = {syslog label}

Facility label for logging with the syslog service.

SyslogPriority = {log level}

Verbosity level for logging with the syslog service.

You can specify one of the following levels:

•Alert

•Warning

•Info

•Notice

Loglevel = {numerical value}

Log verbosity level.

The value is a sum of an arbitrary set that can consist of the following values:

•0 - output information on errors and detected viruses

•1 - output information at the Info level: on checked clean files and other service information

•2 - output general messages

•4 - output results of chunk analysis

•8 - output extended messages on chunks

•16 - output activity log of the syntax analyzer

•32 - output other debugging messages

Example:

The value 18, which is a sum of the following values: 0 + 2 + 16, enables logging of information on errors and detected viruses as well as logging of general messages and messages of syntax analyzer.

Thus, maximum possible parameter value equals to 63.

Please note that Loglevel = -1 disables logging.

MaxLogSize = {size}

Maximum log file size.

Each time Dr.Web Daemon starts, size of the log file is checked. If it is greater than the MaxLogSize parameter value, log file is overwritten.

Set this parameter value to 0 to disable check of log file size at startup.

Hostmaster = {e-mail address}

Administrator's e-mail address.

Infected = {action}

Reaction to an infected object.

You can specify one of the following actions:

Cure, Move, Truncate, Report.

Incurable = {action}

Reaction to an incurable object (if Cure action was applied but failed).

You can specify one of the following actions:

Move, Truncate, Report.

Suspicious = {action}

Reaction to a suspicious object detected by the heuristic analyzer.

You can specify one of the following actions:

Pass, Move, Truncate, Report.

Adware = {action}

Reaction to an object containing an advertising program (adware).

You can specify one of the following actions:

Pass, Move, Truncate, Report.

Dialers = {action}

Reaction  to an object containing a dialer program.

You can specify one of the following actions:

Pass, Move, Truncate, Report.

Jokes = {action}

Reaction to an object containing a joke program.

You can specify one of the following actions:

Pass, Move, Truncate, Report.

Riskware = {action}

Reaction to riskware (programs that can be used to harm the system).

You can specify one of the following actions:

Pass, Move, Truncate, Report.

Hacktools = {action}

Reaction to a program used for hacking.

You can specify one of the following actions:

Pass, Move, Truncate, Report.

ArchiveRestriction = {action}

Reaction to an archive that cannot be scanned by Dr.Web Daemon because a threshold value specified in the main configuration file was exceeded.

You can specify one of the following actions:

Pass, Move, Truncate, Report.

DaemonError = {action}

Reaction to an object that caused errors during scanning (for example, Dr.Web Daemon is out of memory or does not have permissions required for further processing).

You can specify one of the following actions:

Pass, Move, Truncate, Report.

SkipObject = {action}

Reaction to an object that cannot be scanned by Dr.Web Daemon (for example, password protected or broken archive, symbolic link or non-regular files).

You can specify one of the following actions:

Pass, Move, Truncate, Report.

LicenseError = {action}

Reaction to an object during scanning of which a license error occurred (for example, license expired).

You can specify one of the following actions:

Pass, Move, Truncate, Report.

Heuristic = {logical}

Enables or disables the heuristic analyzer mode.

The detection method used by the heuristics analyzer is based on certain knowledge about the attributes that characterize malicious code. Each attribute or characteristic has a weight coefficient that determines the level of its severity and reliability. Depending on the sum weight of a file, the heuristics analyzer calculates the probability of unknown virus infection. As with any system of hypothesis testing under uncertainty, the heuristics analyzer may commit type I or type II errors (i.e., it may omit viruses or raise false alarms).

It is recommended to send copies of such files to the virus laboratory of Doctor Web for analysis at http://vms.drweb.com/sendvirus/.

Note that object detected by the heuristic analyzer are treated by suspicious.

BlockAdult = {logical}

Enables or disables blocking of Internet resources included in the Adult content-specific black list.

BlockViolence = {logical}

Enables or disables blocking of Internet resources included in the Violence content-specific black list.

BlockWeapon = {logical}

Enables or disables blocking of Internet resources included in the Weapon content-specific black list.

BlockGamble = {logical}

Enables or disables blocking of Internet resources included in the Gamble content-specific black list.

BlockDrugs = {logical}

Enables or disables blocking of Internet resources included in the Drugs content-specific black list.

BlockObscenity = {logical}

Enables or disables blocking of Internet resources included in the Obscenity content-specific black list.

BlockChats = {logical}

Enables or disables blocking of Internet resources included in the Chats content-specific black list.

BlockTerrorism = {logical}

Enables or disables blocking of Internet resources included in the Terrorism content-specific black list.

BlockEmail = {logical}

Enables or disables blocking of Internet resources included in the Email content-specific black list.

BlockSocialNetwork = {logical}

Enables or disables blocking of Internet resources included in the SocialNetwork content-specific black list.

BlockSocialEngineering = {logical}

Enables or disables blocking of Internet resources included in the SocialEngineering content-specific black list.

BlockMalwareLinks = {logical}

Enables or disables blocking of Internet resources included in the MalwareLinks content-specific black list.

BlockAll = {logical}

Enables or disables Internet access both to allowed and forbidden resources.

Note that effect of this parameter is not the same as assigning Yes or No value to all Block<NAME> parameters (where <NAME>  is the name of a corresponding content-specific black list).

•When this parameter is set to Yes, access to all Internet resources is blocked regardless whether or not they belong to a white or black list

•When this parameter is set to No, access is allowed only to the Internet resources that are not included in the content-specific black lists or are included in the user-defined white lists.

If it is required to allow access to all Internet resources regardless whether or not they belong to black lists,  set values of both the BlockAll and all Block<NAME> parameters to No. Moreover, clear the user-defined black list, specified in the BlackHosts parameter.

WhiteDwsFiles = {paths to files list}

Permissive user-defined white list.

The parameter value is a list of paths to text files, separated by commas. The specified files contain hosts which content is not to be checked for matching a black list category (of both content-specific and user-defined black lists). However, the content is to be scanned for viruses.

The parameter is necessary to allow access to those websites which are blocked due to being included in a black list.

Hosts are specified in files in the following ways:

host1

host2

...

You can also redefine access parameters with the use of rules to allow conditional access.

If it required to allow access to certain hosts without scanning traffic for viruses, add these hosts to the trusted white list (in the WhiteHosts parameter value).

WhiteHosts = {paths to files list}

Trusted user-defined white list.

The parameter value is a list of paths to text files, separated by commas. The specified files contain hosts which content is not to be scanned for viruses. However, the content is to be checked for matching a black list, both content-specific and user-defined lists.

In order to allow user access to a host, include it to the permissive white list (in the WhiteDwsFiles parameter value).

This parameter is used to prevent false alarms of Dr.Web Daemon. You can specify the host name or its IP addresses.

BlackHosts = {paths to files list}

User-defined black list.

The parameter value is a list of paths to text files, separated by commas. The specified files contain hosts access to which is to be blocked.

You can specify the host name or its IP addresses.

Note that if a host is included in this list, access to the host is blocked unconditionally; that is, this setting cannot be redefined with the use of rules.

SendUrlsWithViruses = {logical}

Enables or disables an option to send addresses of web pages containing viruses and names of detected viruses to Doctor Web company automatically.

Please note that this option requires Dr.Web Agent to be installed.

MaxBlocksize = {size}

Sets maximum size of the memory block which can be allocated by Dr.Web ICAPD at a time.

If random access memory is enough, this parameter value can be increased for better performance.

LocalScan = {logical}

Enables or disables the local scan mode.

If LocalScan = Yes, Dr.Web Daemon scans files in the local mode; that is, only paths to the files are transmitted to the component. Otherwise, it receives the content of files for scanning.

The parameter value can be set to Yes only if Dr.Web Daemon and Dr.Web ICAPD are operating on the same host.

User = {user name}

User whose privileges are used by Dr.Web ICAPD.

It is strongly recommended to create drweb user and enable Dr.Web ICAPD to use its privileges.

Cache = {path to directory}

Path to the directory where temporary files are created and stored.

DwsDirectory = {path to directory}

Path to the directory with predefined content-specific black lists (files with the .dws extension).

Templates = {path to directory}

Path to directory containing templates for report generation.

PidFile = {path to file}

Name of a file where information on the PID, Unix socket (if enabled with the Socket parameter) or port number (if enabled with the Socket parameter) is saved on the Dr.Web ICAPD startup.

If more than one Socket parameter is specified, this file contains information on all of the sockets (one per line).

This file is created every time Dr.Web ICAPD starts.

Key = {path to file}

Path to the key file (license or demo).

Usually a key file has the .key extension.

BindPort = {numerical value}

Number of the port to which ICAP clients (e.g. Squid) connect on attempt to establish connection with Dr.Web ICAPD.

Note that this value must be equal to corresponding value, specified for the used HTTP proxy server.

BindAddress = {host name | IP address}

Host where drweb-icapd operates.

Note that this value must be equal to corresponding value, specified for the used HTTP proxy server.

DrwebAddress = {addresses list}

List of sockets used for connection with Dr.Web Daemon.

Addresses in the list are separated by commas.

Examples:

DrwebAddress = inet:3000@localhost

DrwebAddress = local:%var_dir/.daemon

DrwebAddress = pid:/usr/local/drweb/run/drwebd.pid

Note that if the used Dr.Web Daemon is running on a remote machine, LocalScan parameter value must be set to No. If a socket address or path to Dr.Web Daemon PID file is specified first in the list, local scanning will be forced to terminate if connection to this address cannot be established.

If this list is empty, Dr.Web ICAPD operates without connection to Dr.Web Daemon and anti-virus check is not performed.

PathToQuarantine = {path to directory}

Path to the Quarantine directory.

QuarantineFilesMode = {access permissions}

Permissions to access files in Quarantine.

Timeout = {numerical value}

Timeout for a socket to wait for data to be received, in seconds.

When at least one byte is received/dispatched, the counter is reset.

If 0 is specified, the wait time is unlimited.

SendMail = {logical}

Enables or disables sending notifications to administrator on attempt to download a malicious object.

Notifications are sent to the address specified in the Hostmaster parameter.

SendMailDwsBlock = {logical}

Enables or disables sending notifications to administrator on attempt to open a web page blocked due to matching a black list category.

Notifications are sent to the address specified in the Hostmaster parameter.

MailCommand = {text}

Shell command executed to send a notification to administrator.

Placeholder %s in the command text is replaced with the Hostmaster parameter value.

MailCache = {numeric value}

Time period, in seconds, within which notifications on repeated attempts to open the same "bad" page are not sent to the administrator.

If the parameter value is set to 0, notification is sent every time a page is blocked.

AclList = {paths to files list}

The parameter value is a list of paths to text files, separated by commas. The specified files contain IP addresses and host names, for which access to Dr.Web ICAPD via the ICAP protocol is allowed.

If the list is empty or the specified files do not contain any address, access to Dr.Web ICAPD is allowed for all clients.

SendStat = {logical}

Enables or disables sending statistics on detected viruses to Dr.Web Agent.

KeepAlive = {logical}

Enables or disables maintenance of permanent connection with the proxy server.

UsePreview = {logical}

Enables or disables the ICAP preview mode.

If the proxy server does not work correctly in this mode, disable this option by specifying No.