Dr.Web Daemon testing and diagnostics

If no problems occurred during initialization, Dr.Web Daemon is ready to use. To ensure that the daemon is initialized correctly, use the following command:

$ netstat -a

and check whether required sockets are created.

TCP sockets:

. . .
Active Internet connections (servers and established)
Proto   Recv-Q   Send-Q   Local Address   Foreign Address   State
. . .
tcp     0        0        localhost:3000  *:*               LISTEN
. . .

Unix socket:

. . .
Active UNIX domain sockets (servers and established)
Proto   RefCnt   Flags   Type    State      I-Node   Path
. . .
unix    0       [ ACC ]  STREAM  LISTENING  1127     %var_dir/.daemon
. . .

Missing of the required sockets in the list indicates problems with Dr.Web Daemon initialization.

To perform a functional test and obtain service information, use Dr.Web Daemon console client (drwebdc).

TCP sockets:

$ drwebdc -nHOSTNAME -pPORTNUM -sv -sb

Unix socket:

$ drwebdc -uSOCKETFILE -sv -sb

Report, similar to the following example, is output to the console:

- Version: DrWeb Daemon 6.00
- Loaded bases:
Base /var/drweb/bases/drwtoday.vdb
contains 5 records.
Base /var/drweb/bases/drw60003.vdb
contains 409 records.
Base /var/drweb/bases/drw60002.vdb
contains 543 records.
Base /var/drweb/bases/drwebase.vdb
contains 51982 records.
Base /var/drweb/bases/drw60001.vdb
contains 364 records.
Total 53303 virus-finding records.

If the report was not output, run extended diagnostics.

For TCP socket:

$ drwebdc -nHOSTNAME -pPORTNUM -sv -sb -v        

For UNIX socket:

$ drwebdc -uSOCKETFILE -sv -sb -v

More detailed report can help to identify the problem:

dwlib: fd: connect() failed - Connection refused
dwlib: tcp: connecting to 127.0.0.1:3300 - failed
dwlib: cannot create connection with a DrWeb daemon
ERROR: cannot retrieve daemon version
Error -12

You can test Dr.Web Daemon with the special eicar.com program included in the installation package. Use any text editor to transform readme.eicar into eicar.com (see instructions within the file).

For TCP-socket:

$ drwebdc -n<HOST> -p<PORT> eicar.com

For UNIX socket:

$ drwebdc -u<SOCKETFILE> eicar.com

The following result are output:

Results: daemon return code 0x20
(known virus is found)

If the results were not output, check Dr.Web Daemon log file to see whether the file was scanned. If the file was not scanned, run extended diagnostic (see above).

If file was scanned successfully, Dr.Web Daemon is fully operational.