Updating Anti-Virus and Virus Databases

To provide reliable protection, Dr.Web for Novell Storage Services requires regular updates to virus databases.

Dr.Web for Novell Storage Services virus databases are stored as files with the *.vdb extension. Update servers of Dr.Web Global Updating System (Dr.Web GUS) can also store them within lzma-archives. When new viruses are discovered, small files (only several KBytes in size) with database segments describing these viruses are released to provide quick and effective countermeasures.

Updates are the same for all supported platforms. There are daily "hot" updates (drwtoday.vdb) and regular weekly updates (drwXXXYY.vdb),  where XXX is a version number of an anti-virus engine, and YY is a sequential number, starting with 00 (for example, the first regular update for version 6.0 is named drw60000.vdb).

"Hot" updates are issued daily or even several times a day to provide effective protection against new viruses. These updates are installed over the old ones: that is, a previous drwtoday.vdb file is overwritten. When a new regular update is released, all records from drwtoday.vdb are copied to drwXXXYY.vdb, and a new empty drwtoday.vdb file is issued.

If you want to update virus databases manually, you must install all missing regular updates first, and then overwrite drwtoday.vdb file.

To add an update to the main virus databases, place the corresponding file to the directory with Dr.Web for Novell Storage Services executable files (/var/drweb/bases/ by default) or to any other directory specified in the configuration file.

Signatures for virus-like malicious programs (adware, dialers, hacktools and others) are supplied in two additional files - drwrisky.vdb and drwnasty.vdb - with the structure similar to virus databases. These files are also regularly updated: dwrXXYYY.vdb and dwnXXYYY.vdb are for regular updates, and dwrtoday.vdb and dwntoday.vdb are for "hot" updates.

From time to time (as new anti-virus techniques are developed), new versions of the anti-virus package are released, containing the updated algorithms, implemented in the anti-virus engine Dr.Web Engine. At the same time, all released updates are brought together, and the new package version is completed with the updated main virus databases with descriptions of all known viruses. Usually after an upgrade of a package version, new databases can be linked to the old Dr.Web Engine. Please note that this does not guarantee detection or curing of new viruses, as it requires upgrading of algorithms in Dr.Web Engine.

Being regularly updated, virus databases have the following structure:

•drwebase.vdb – general virus database, received with the new version of the package;

•drwXXXYY.vdb – regular weekly updates;

•drwtoday.vdb – "hot" updates released daily or several times a day;

•drwnasty.vdb – general database of other malware, received with the new version of the package;

•dwnXXXYY.vdb – regular weekly updates for other malware;

•dwntoday.vdb – "hot" updates for other malware;

•drwrisky.vdb – general database of riskware, received with the new version of the package;

•dwrXXXYY.vdb – regular weekly updates for riskware;

•dwrtoday.vdb – "hot" updates for riskware.

Virus databases can be automatically updated with Dr.Web Updater module (%bin_dir/update.pl). After installation, a user crontab file (/etc/cron.d/drweb-update) is automatically created to run Updater every 30 minutes. That ensures regular updates and maximum protection. You can modify this file to change update period.