Dr.Web Agent receives statistics on computer threats from the controlled modules and sends it either to the official Doctor Web statistics website: http://stat.drweb.com/ (if the Internet connection is available) or to Dr.Web ESS (if Dr.Web Agent is operating in the Enterprise mode).
Dr.Web Agent needs the unique user identifier (UUID) to connect to this website. By default, MD5 hash of the key file is used as a UUID. Also you can get a personal UUID from Doctor Web Technical Support. In this case, specify your UUID explicitly in the Dr.Web Agent configuration file (StandaloneMode] section).
|
Statistics is gathered only for those Dr.Web modules that receive settings from Dr.Web Agent. Instructions on how to set up interaction with Dr.Web Agent are given in the sections describing the modules. |
On the statistics website (at http://stat.drweb.com/), you can view aggregate statistics on computer threats both for a given server and for all servers supported by Dr.Web Anti-virus for UNIX or by Dr.Web for UNIX File Servers with an anti-virus plug-in. Dr.Web Agent can simultaneously process statistics on computer threats from several different Dr.Web products which are able to interact with Dr.Web Agent.
If Dr.Web Agent is operating in the Enterprise mode, you can view statistics on the special page of Dr.Web Control Center. In this case, statistics gathered by Dr.Web Enterprise Server is also sent to the Doctor Web statistics server as a summary of the Anti-virus network statistics.
Statistics is available in both HTML and XML formats. The second format is convenient if you plan to publish this statistics on another website, since data in the XML format can be transformed according to the website concept and design.
To view aggregate statistics on computer threats for all supported servers, visit http://stat.drweb.com/. You can view a list of detected threats for all supported servers (in descending order) with overall percentage of detections.
|
Appearance of the webpage can differ depending on the used browser. |
The following figure shows threats statistics page.
Figure 14. Computer threats statistics
You can change search options and repeat the search. To do this:
1.Select either Mail or Files check boxes to get statistics on computer threats detected in emails or files.
2.In the drop-down lists for Start date and End date, select start/end date and time for the required period.
3.In the Top field, enter the required number of rows in the statistics table (most frequently detected threats will be shown).
4.Click Query. The file with aggregate statistics in the XML format can be found at http://info.drweb.com/export/xml/top.
Example:
<drwebvirustop period="24" top="5"
vdbaseurl="http://info.drweb.com/virus_description/"
updatedutc="2009-06-09 09:32:02">
<item>
<vname>Win32.HLLM.Netsky</vname>
<dwvlid>62083</dwvlid>
<place>1</place>
<percents>34.201062139103</percents>
</item>
<item>
<vname>Win32.HLLM.MyDoom</vname>
<dwvlid>9353</dwvlid>
<place>2</place>
<percents>25.1303270912579</percents>
</item>
<item>
<vname>Win32.HLLM.Beagle</vname>
<dwvlid>26997</dwvlid>
<place>3</place>
<percents>13.4593034783378</percents>
</item>
<item>
<vname>Trojan.Botnetlog.9</vname>
<dwvlid>438003</dwvlid>
<place>4</place>
<percents>7.86446592583328</percents>
</item>
<item>
<vname>Trojan.DownLoad.36339</vname>
<dwvlid>435637</dwvlid>
<place>5</place>
<percents>7.31494163115527</percents>
</item>
</drwebvirustop>
In this file, the following XML attributes are used:
•period – duration (in hours) of the statistics collection process;
•top – number of the most frequently detected threats shown in the statistics table (number of rows);
•updatedutc – last statistics update time;
•vname – threat name;
•place – place of the virus in the statistics;
•percents – percentage of the total number of detections.
|
Value of the period parameter and size of the sample cannot be changed by user. |
To get personalized threat statistics
Visit one of the following webpages:
•For statistics in HTML format, go to http://stat.drweb.com/view/<UUID>. Page with the personalized statistics is similar to the aggregate statistics page.
•For the file with the personalized threat statistics in XML format, go to http://stat.drweb.com/xml/<UUID>.
The <UUID> in both cases stands for the MD5 hash of your license key file (unless you have a personal UUID received from Doctor Web Technical Support).
Example:
<drwebvirustop period="24" top="2" user="<UUID>"
lastdata="2005-04-12 07:00:00+04">
<item>
<caught>69</caught>
<percents>24.1258741258741</percents>
<place>1</place>
<vname>Win32.HLLM.Netsky.35328</vname>
</item>
<item>
<caught>57</caught>
<percents>19.9300699300699</percents>
<place>2</place>
<vname>Win32.HLLM.MyDoom.54464</vname>
</item>
</drwebvirustop>
In this file, the following XML attributes are used:
•period – duration (in hours) of the statistics collection process;
•top – number of the most frequently detected threats shown in the table (number of rows);
•user – user identifier;
•lastdata – time when user last sent data to the server;
•vname – threat name;
•place – threat place in the statistics;
•caught – number of detections of the certain threat;
•percents – percentage of the total number of detections.
|
Value of the period parameter and size of the sample cannot be changed by user. |