Address = {addresses list}

List of socket addresses used for communication with Dr.Web Daemon.

Addresses in the list are separated by commas.

Cache = {logical}

Enables or disables cashing the IP address of the host where Dr.Web Daemon operates.

If the parameter value is set to No, the IP address is requested every time the files are sent for scanning.

This parameter is used only when communicating with Dr.Web Daemon  via TCP sockets (see the description of the previous parameter).

Timeout = {numerical value}

Timeout for one file to be scanned (in seconds).

If the parameter is set to 0, scanning time is not limited.

UseTcpNodelay = {logical}

Enables the TCP_NODELAY option to configure TCP socket for connection with Dr.Web Daemon.

Use this option only if network stability problems occur.

HeuristicAnalysis = {On | Off}

Enables or disables the heuristic analyzer mode.

The detection method used by the heuristics analyzer is based on certain knowledge about the attributes that characterize malicious code. Each attribute or characteristic has a weight coefficient that determines the level of its severity and reliability. Depending on the sum weight of a file, the heuristics analyzer calculates the probability of unknown virus infection. As with any system of hypothesis testing under uncertainty, the heuristics analyzer may commit type I or type II errors (i.e., it may omit viruses or raise false alarms).

StripPath = {numerical value}

Remove the specified number of segments from the beginning of the scanning path.

If the parameter value set to 0, a full path is used. If the value is set to 1, one segment, including the first forward slash character ( "/"), is removed from the beginning of the scanning path. If the value is set to 2, two segments, including the second forward slash character, are removed.

Example:

Let us assume that a scanning path is specified as:

path = /some/path/to/file.ext

If StripPath = 1, the path will be as follows:

path = some/path/to/file.ext

If StripPath = 2, the path will be as follows:

path = path/to/file.ext.

PrefixPath = {path to directory}

Specifies the path segment that is added to the beginning of the scanning path after it has been processed by the StripPath parameter.

Value of this parameter must not end with a slash ("/") character; the required slash character will be added automatically.

Example:

Let us assume that a scanning path is specified as:

path = /certain/path/to/file.ext

If StripPath = 2, the path will be as follows

path = path/to/file.ext

If PrefixPath = /quite/another, the final path will be as follows

path = /quite/another/path/to/file.ext

MaxFileSizeToScan = {numerical value}

Sets the maximum size of file to be for scanned, in KB.

If the value is set to 0, file size is unlimited.

ScanMode = {onWrite | onRead | onAccess}

You can specify the following parameter values:

•onAccess —  a file is scanned on attempt to open or run it as well as on close (after the file was created or modified).

•onRead —  a file is scanned only on attempt to open or run it. This mode allows to increase performance, but decreases the protection level as files are not scanned when copied to the server. Although an infected file can not be run by a remote user in this mode, the file can be run by a user with local access to the shared directory (that is, bypassing the Samba server).

•onWrite — a file is scanned only on close after it was created or modified. This mode allows to further increase performance, but significantly decreases the protection level as files are not scanned on execution. An infected file can be copied to the shared directory by a user with local access (that is, bypassing the Samba server) and then run by a remote user without scanning.

RewriteDataBase = {logical}

When the parameter value is set to Yes, databases of blocked (infected) and allowed (clean) files are overwritten every time a new user accesses a shared directory.

BlockedCacheSize = {numerical value}

Size (in bytes) of database that stores blocked (infected) files.

When the parameter value is set to 0, a database of blocked files is not created. Otherwise, md5 hash sum of files scanned by Dr.Web Daemon and detected as infected are saved to the database. On a subsequent attempt to open a file, its md5 hash sum is compared to sums stored in the database and if the match is found, the file is treated as infected without sending it to Dr.Web Daemon for repeated scanning.

AllowedCacheSize = {numerical value}

Size (in bytes) of database that stores allowed (cleaned) files.

When the parameter value is set to 0, a database of allowed files is not created. Otherwise, md5 hash sum of files scanned by Dr.Web Daemon and detected as clean are saved to the database. On a subsequent attempt to open a file, its md5 hash sum is compared to sums stored in the database and if the match is found, the file is treated as clean without sending it to Dr.Web Daemon for repeated scanning.

LocalScan = {logical}

Enables or disables the local scan mode.

If the parameter value is set to Yes, Dr.Web Daemon scans files in the local mode; that is, only paths to the files are transmitted to the component. Otherwise, it receives the file content.

LicenseLimit = {action}

Action applied to files during scanning of which a license error occurred (for example, license expired).

You can specify one of the following actions:

pass, reject.

Infected = {action}

Action applied to an infected object.

You can specify one of the following actions:

cure, rename, discard, quarantine, reject.

Suspicious = {action}

Action applied to a suspicious object

You can specify one of the following actions:

pass, rename, discard, quarantine, reject.

Incurable = {action}

Action applied to an incurable object.

You can specify one of the following actions:

rename, discard, quarantine, reject.

Adware = {action}

Action applied to an object containing an advertising program (adware).

You can specify one of the following actions:

pass, rename, discard, quarantine, reject.

Dialers = {action}

Action applied to a dialer program.

You can specify one of the following actions:

pass, rename, discard, quarantine, reject.

Jokes = {action}

Action applied to a joke program.

You can specify one of the following actions:

pass, rename, discard, quarantine, reject.

Riskware = {action}

Action applied to riskware.

You can specify one of the following actions:

pass, rename, discard, quarantine, reject.

Hacktools = {action}

Action applied to a program used for hacking.

You can specify one of the following actions:

pass, rename, discard, quarantine, reject.

Archives = {action}

Action applied to archives containing infected files.

You can specify one of the following actions:

rename, discard, quarantine, reject.

To enable removal of such archives, set EnableDeleteArchiveAction = Yes parameter in the main configuration file drweb32.ini.

SkipObject = {action}

Action applied to files which cannot be scanned by Dr.Web Daemon (for example, password protected or broken archives, symbolic links, non-regular files).

You can specify one of the following actions:

pass, reject.

ArchiveRestriction = {action}

Action applied to an archive that cannot be scanned by Dr.Web Daemon because a threshold value specified in the main configuration file is exceeded (for example, compression ratio, size of archived objects, nesting level).

You can specify one of the following actions:

pass, reject.

ScanningErrors = {action}

Action applied to files that caused errors during scanning (for example, Dr.Web Daemon is out of memory or does not have permissions required for further processing).

You can specify one of the following actions:

pass, reject.

ProcessingErrors = {action}

Action applied to files that caused errors during scanning (for example, Dr.Web Samba VFS SpIDer is not configured appropriately or cannot connect to Dr.Web Daemon).

Possible values are:

pass, reject.

ShellScriptForBlockedFile = {path to file}

Path to the shell script that is initialized when a file is blocked.

Dr.Web Samba VFS SpIDer passes the following parameters to the script:

•FileName — name of the infected file

•UserName — login name of the user who tried to access the blocked file

•UserHost — name of the host from which the user tried to open the blocked file

•DaemonReport — Dr.Web Daemon report.

Example of such a script (file smb_script.sh) is located in the following directory

%bin_dir/doc/samba/

Quarantine = {path to directory}

Path to the Quarantine directory.

QuarantineFilesMode = {access permissions}

Permissions to access files in Quarantine.

LogFileName = {syslog | path to file}

Log file name.

You can specify syslog to enable logging with the syslog service.

In this case, you must also specify values for SyslogFacility and SyslogPriority parameters.

Level = {log level}

Log verbosity level.

You can specify one of the following levels:

•Quiet

•Errors

•Alerts

•Info

•Debug

•Verbose

SyslogFacility = {syslog label}

Facility label for logging with the syslog service.

SyslogPriority = {log level}

Verbosity level for logging with the syslog service.

You can specify one of the following levels:

•Alert

•Info

•Notice

•Debug