Configuration

Dr.Web Daemon can be run with default settings, but you can configure it according to your specific requirements. Daemon settings are stored in the [Daemon] section of the configuration file (drweb32.ini by default) which is located in %etc_dir directory. To use another configuration file, specify the full path to it as a command-line option.

[Daemon]

EnginePath = {path to file}

Location of drweb32.dll module (anti-virus engine Dr.Web Engine).

This parameter is also used by the Dr.Web Updater.

Default value:

EnginePath = %bin_dir/lib/drweb32.dll

VirusBase = {list of files (masks)}

Masks for virus databases.

This parameter is also used by Dr.Web Updater. Multiple values are allowed (separated by commas).

By default, virus databases files has the .vdb extension

Default value:

VirusBase = %var_dir/bases/*.vdb

UpdatePath = {path to directory}

Directory to store updates. The parameter is mandatory.

Default value:

UpdatePath = %var_dir/updates/

TempPath = {path to directory}

Directory where the Dr.Web Engine anti-virus engine puts temporary files.

It is used when system has insufficient memory or to unpack certain types of archives.

Default value:

TempPath = %var_dir/spool/

Key = {path to file}

Key file location (license or demo). By default, a key file has the .key extension.

Please note that Dr.Web Daemon and Dr.Web Scanner can have different license key files. In this case, change the value of this parameter correspondingly.

The parameter value can be set several times to specify several license key files.  In this case, Dr.Web Daemon tries to combine all license permissions from all available license key files.

Default value:

Key = %bin_dir/drweb32.key

OutputMode = {Terminal | Quiet}

Output mode:

Terminal - console output

Quiet - no output

Default value:

OutputMode = Terminal

RunForeground = {logical}

Allows to disable or enable daemon mode for Dr.Web Daemon.

With Yes value specified Dr.Web Daemon runs as a foreground process. This parameter can be used for certain monitoring utilities (for example, Dr.Web Monitor).

Default value:

RunForeground = No

User = {text value}

User under which Dr.Web Daemon operates.

It is strongly recommended to create a separate drweb user account, which will be used by Dr.Web Daemon and filters. It is not recommended to run Dr.Web Daemon with root privileges, even though it may take less time to configure.

This parameter cannot be changed when reloading configuration using SIGHUP.

Default value:

User = drweb

PidFile = {path to file}

File to store Dr.Web Daemon's PID and UNIX socket (if it is enabled by the Socket parameter) or port number (if TCP socket is enabled by the Socket parameter).

If more than one Socket parameter is specified, this file contains information on all the sockets (one per line).

This file is created every time Dr.Web Daemon starts.

Default value:

PidFile = %var_dir/run/drwebd.pid

BusyFile = {path to file}

File where Dr.Web Daemon busy flag is stored.

This file is created by a Dr.Web Daemon child process upon receipt of the scan command and is removed after successful command execution.

Filenames created by each Dr.Web Daemon child process are appended by a dot and ASCII representation of the PID (for example, /var/run/drwebd.bsy.123456).

Default value:

BusyFile = %var_dir/run/drwebd.bsy

ProcessesPool = {process pool settings}

Settings of dynamic process pool.

At first, specify the number of processes in the pool:

auto - number of processes is set automatically depending on system load;

N - nonnegative integer. Pool will have at least N active processes, additional processes will be created if necessary;

N-M - positive integer, M>=N. The pool will have at least N active processes, additional processes will be created if necessary, but maximum total number of processes cannot exceed M.

Then specify optional secondary parameters:

timeout = {time in seconds} timeout for closing an inactive process. This parameter does not affect the first N processes which wait for requests indefinitely.

stat = {yes|no} statistics on processes in a pool. If yes, it is saved to the log file each time SIGUSR1 system signal is received.

stop_timeout = {time in seconds} maximum time to wait for a running process to stop.

Default value:

ProcessesPool = auto,timeout = 120, stat = no, stop_timeout = 1

OnlyKey = {logical}

Enables receiving only a license key file from Dr.Web Agent, without configuration. At that, Dr.Web Scanner uses the local configuration file.

If the value is set to No and the address of a Dr.Web Agent socket is specified, Dr.Web Daemon sends operational statistics to Dr.Web Agent (information is sent after scanning of every file).

Default value:

OnlyKey = No

ControlAgent = {address}

Dr.Web Agent socket address.

Example:

ControlAgent = inet:4040@127.0.0.1,local:%var_dir/ipc/.agent

Dr.Web Daemon receives from Dr.Web Agent a license key file (and configuration if OnlyKey = No. Moreover, in this case the socket is used for sending statistics on Dr.Web Daemon operation to Dr.Web Agent).

Default value:

ControlAgent = local:%var_dir/ipc/.agent

MailCommand = {string}

Shell command used by Dr.Web Daemon and Dr.Web Updater for sending notifications on new updates to the user (administrator) via email.

If the period before the key file (or one of the key files) expiration is less than the period specified by the NotifyPeriod parameter, Dr.Web Daemon starts sending notifications upon every system startup, restart or reboot.

Default value:

MailCommand = "/usr/sbin/sendmail -i -bm -f drweb -- root"

NotifyPeriod = {numerical value}

This parameter value specifies the period (in days) before license key expiration date when Dr.Web Daemon starts prompting a user to renew the license.

If the parameter value is set to 0, Dr.Web Daemon starts sending out notifications immediately after the key file expires.

Default value:

NotifyPeriod = 14

NotifyFile = {path to file}

Path to the file with a timestamp of the last license expiration notification.

Default value:

NotifyFile = %var_dir/.notify

NotifyType = {Ever | Everyday | Once}

Frequency of sending license expiration notifications.

Once – notification is sent only once.

Everyday – notification is sent daily.

Ever – notification is sent upon every Dr.Web Daemon restart and every database update.

Default value:

NotifyType = Ever

FileTimeout = {numerical value}

Maximum time (in seconds) allowed for Dr.Web Daemon to perform scanning of one file.

If the parameter value is set to 0, time to scan of one file is unlimited.

Default value:

FileTimeout = 30

StopOnFirstInfected = {logical}

Enables or disables interruption of file scanning upon detection of the first virus.

If the value is set to yes, it can significantly reduce mail server load and scan time.

Default value:

StopOnFirstInfected = No

ScanPriority = {signed numerical value}

Priority of Dr.Web Daemon process.

Value must be in the following range: -20 (highest priority) to 19 (lowest priority for Linux) or 20 (lowest priority for FreeBSD and Solaris).

Default value:

ScanPriority = 0

FilesTypes = {list of file extensions}

Types of files to be checked "by type", that is, when the ScanFiles parameter value (described below) is set to ByType.

"*" and "?" wildcard characters are allowed.

Default value:

FilesTypes = EXE, COM, SYS, OV?, BAT, BIN, DRV, PRG, BOO, SCR, CMD, VXD, 386, DLL, FON, DO?, XL?, WIZ, RTF, CL*, HT*, VB*, JS*, INF, AR?, ZIP, R??, PP?, OBJ, LIB, HLP, MD?, INI, MBR, IMG, CSC, CPL, MBP, SHS, SHB, PIF, SO, CHM, REG, XML, PRC, ASP, LSP, MSO, OBD, THE*, NWS, SWF, BMP, MPP, OCX, DVB, CPY, MSG, EML

FilesTypesWarnings = {logical}

Notify on files of unknown types

Default value:

FilesTypesWarnings = Yes

ScanFiles = {All | ByType}

Scan only files with extensions specified in the FileTypes parameter (the ByType value) or all files (the All value).

This parameter can have the ByType value only in the local scan mode (in other modes, only the All value can be set).

In mailboxes, all files are always checked (regardless of the ScanFiles parameter value).

Default value:

ScanFiles = All

CheckArchives = {logical}

Enables or disables checking of files in archives.

The following formats are supported: ZIP (WinZip, InfoZIP, etc.), RAR, ARJ, TAR, GZIP, CAB and others.

Default value:

CheckArchives = Yes

CheckEMailFiles = {logical}

Enables or disables checking of email files.

Default value:

CheckEMailFiles = Yes

ExcludePaths = {list of path | file masks}

Masks for files to be skipped during scanning.

Default value:

ExcludePaths = /proc,/sys,/dev

FollowLinks = {logical}

Enables or disables Dr.Web Daemon to follow symbolic links during scanning.

Default value:

FollowLinks = No

RenameFilesTo = {mask}

Mask for renaming files when the Rename action is applied.

Default value:

RenameFilesTo = #??

MoveFilesTo = {path to directory}

Path to the Quarantine directory.

Default value:

MoveFilesTo = %var_dir/infected/

BackupFilesTo = {path to directory}

Directory for backup copies of cured files.

Default value:

BackupFilesTo = %var_dir/infected/

LogFileName = {syslog | file name}

Log file name.

You can specify syslog as a log file name and logging will be performed by syslogd system service.

In this case, also specify the SyslogFacility and SyslogPriority parameter values.

Default value:

LogFileName = syslog

SyslogFacility = {syslog label}

Log type label used by syslogd system service.

Default value:

SyslogFacility = Daemon

SyslogPriority = {log level}

Logging priority (log verbosity level) when syslogd system service is used.

There are the following levels allowed:

Error

Alert

Warning

Info

Notice

Default value:

SyslogPriority = Info

LimitLog = {logical}

Enables or disables limit for log file size (if LogFileName value is not specified to syslog).

If limit is enabled, Dr.Web Daemon checks the size of a log file on startup or on receipt of HUP signal. If the log file size is greater than MaxLogSizevalue,  the log file is overwritten with an empty file and logging starts from scratch.

Default value:

LimitLog = No

MaxLogSize = {numerical value}

Maximum log file size in Kbytes.

Used only with LimitLog = Yes.

Set this parameter value to 0 if you do not want a log file to be unexpectedly modified on startup.

Default value:

MaxLogSize = 512

LogScanned = {logical}

Enables or disables logging of information about all scanned objects regardless whether they are infected or not.

Default value:

LogScanned = Yes

LogPacked = {logical}

Enables or disables logging of additional information about files packed with DIET, PKLITE and other utilities.

Default value:

LogPacked = Yes

LogArchived = {logical}

Enables or disables logging of additional information about files archived with various archiving utilities.

Default value:

LogArchived = Yes

LogTime = {logical}

Enables or disables logging of time for each record. The parameter is not used if LogFileName = syslog.

Default value:

LogTime = Yes

LogProcessInfo = {logical}

Enables or disables logging PID of the scanning process and filter address (host name or IP address) from which scanning has been activated.

This data is logged before each record.

Default value:

LogProcessInfo = Yes

RecodeNonprintable = {logical}

Enables or disables transcoding of characters that are undisplayable on a given terminal (see also the description of the following two parameters).

Default value:

RecodeNonprintable = Yes

RecodeMode = {Replace | QuotedPrintable}

Decoding mode for non-printable characters (if RecodeNonprintable = Yes).

When RecodeMode = Replace, all non-printable characters are substituted with the RecodeChar parameter value (see below).

When RecodeMode = QuotedPrintable, all non-printable characters are converted to Quoted Printable encoding.

Default value:

RecodeMode = QuotedPrintable

RecodeChar = {"?" | "_" | ...}

Sets a character to replace all non-printable characters if RecodeMode = Replace.

Default value:

RecodeChar = "?"

Socket = {address list}

List of sockets to be used for communication with Dr.Web Daemon (separated by commas).

Example:

Socket = inet:3000@127.0.0.1,local:%var_dir/.daemon

You can also specify a socket address in the following format: PORT [interfaces] | FILE [access].

For a TCP socket, specify a decimal port number (PORT) and the list of interface names or IP addresses for incoming requests (interfaces).

Example:

Socket = 3000 127.0.0.1, 192.168.0.100

For UNIX sockets, specify a socket name (FILE) and access permissions in the octal form.

Example:

Socket = %var_dir/.daemon 0660

Number of Socket parameter values is not limited. Dr.Web Daemon will work with all sockets described correctly.

To enable connections on all available interfaces, set 3000 0.0.0.0 as a value of this parameter.

Default value:

Socket = %var_dir/run/.daemon

SocketTimeout = {numerical value}

Maximum time (in seconds) allowed for transferring data through socket (file scanning time is not included).

If the parameter value is set to 0, the time is unlimited.

Default value:

SocketTimeout = 10

 

ClientsLogs = {string list}

Enables splitting of log files.

If during communication with Dr.Web Daemon a client uses the option to transfer its ID, log file will be substituted with the file specified in this parameter. Descriptions of log files are separated by commas or spaces.

If more than six values are set, the configuration file is considered invalid.

Log files are defined in the following way:

<client name1>:<path to file>, <client name2>:<path to file>

Client name may be one of the following:

web Dr.Web ICAPD;

smb_spider Dr.Web Samba SpIDer;

mail Dr.Web MailD;

drwebdc console client for Dr.Web Daemon;

kerio Dr.Web for Kerio Internet Gateways;

lotus Dr.Web for IBM Lotus Domino.

Example:

drwebdc:/var/drweb/log/drwebdc.log,
smb:syslog,
mail:/var/drweb/log/drwebmail.log

Default value:

 

MaxBasesObsolescencePeriod = {numerical value}

Period, in hours, after last update, during which virus databases are considered up-to-date.

When this period is over, a message notifying that databases are obsolete is output.

If value is set to 0, database obsolescence is not checked.

Default value:

MaxBasesObsolescencePeriod = 24

 

The following parameters can be used to reduce scanning time in archived files (some objects in archives are not checked). Actions applied to skipped depend on the ArchiveRestriction parameter value of the corresponding modules.

MaxCompressionRatio = {numerical value}

Maximum compression ratio, that is a ratio between size of unpacked file and its size within an archive.

The parameter can have only natural values. If the ratio exceeds the specified value, file will not be extracted and therefore will not be checked.

Value of this parameter must be not less than 2.

Default value:

MaxCompressionRatio = 5000

CompressionCheckThreshold = {numerical value}

Minimum size of a file enclosed within an archive (in Kbytes) for which compression ratio check is performed (if such a check is enabled by the MaxCompressionRatio parameter). Value of this parameter must be greater than 0.

Default value:

CompressionCheckThreshold = 1024

MaxFileSizeToExtract = {numerical value}

Maximum size of a file enclosed in an archive, in Kbytes. If a file size exceeds the specified value, the file is skipped.

Default value:

MaxFileSizeToExtract = 40960

MaxArchiveLevel = {numerical value}

Maximum allowed archive nesting level.

If an archive nesting level exceeds the specified value, an archive is not scanned.

Default value:

MaxArchiveLevel = 8

 

MessagePatternFileName = {path to file}

Path to template for a license expiration message.

You can configure output of an expiration message according to your needs. To do this, use the following variables in the template. The specified variables are substituted with the corresponding values:

$EXPIRATIONDAYS number of days left until license expiration;

$KEYFILENAME path to license key file;

$KEYNUMBER license number;

$KEYACTIVATES license activation date;

$KEYEXPIRES license expiration date.

If there is no user-defined template, standard message in English is output.

Default value:

MessagePatternFileName = %etc_dir/templates/drwebd/msg.tmpl

MailTo = {email address}

Email address of an administrator where the following information is sent: messages about license expiration, virus databases obsolescence, etc.

Default value:

MailTo =