Running Dr.Web Scanner

You can run Dr.Web Scanner with the following command:

$ %bin_dir/drweb

If %bin_dir directory is added to the PATH environment variable, you can run Dr.Web Scanner from any directory. However, doing so (as well as making a symbolic link to Dr.Web Scanner executable file in directories like /bin/, /usr/bin/, etc.) is not recommended for security reasons.

Dr.Web Scanner can be run with either root or user privileges. In the latter case, virus scanning can be performed only in those directories, where the user has read access, and infected files will be cured only in directories, where the user has write access (usually it is the user home directory, $HOME). There are also other restrictions when Dr.Web Scanner is started with user privileges, for example, on moving and renaming infected files.

When Dr.Web Scanner is started, it displays the program name, platform name, program version number, release date and contact information. It also shows user registration information and statistics, list of virus databases and installed updates:

Dr.Web (R) Scanner for Linux, v6.0.1 (February 19, 2010)
Copyright (c) Igor Daniloff, 1992-2010
Support service: http://support.drweb.com/
To purchase: http://buy.drweb.com/
Program version: 6.0.0.10060 <API:2.2>
Engine version: 6.0.0.9170 <API:2.2>
Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 1533
Loading /var/drweb/bases/drw60012.vdb - Ok, virus records: 3511
--------------------------------------------
Loading /var/drweb/bases/drw60000.vdb - Ok, virus records: 1194
Loading /var/drweb/bases/dwn60001.vdb - Ok, virus records: 840
Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 78674
Loading /var/drweb/bases/drwrisky.vdb - Ok, virus records: 1271
Loading /var/drweb/bases/drwnasty.vdb - Ok, virus records: 4867
Total virus records: 538681
Key file: /opt/drweb/drweb32.key
Key file number: XXXXXXXXXX
Key file activation date: XXXX-XX-XX
Key file expiration date: XXXX-XX-XX

After displaying this report, Dr.Web Scanner terminates and command line prompt. To scan for viruses or neutralize detected threats, specify additional command line parameters.

By default, Dr.Web Scanner starts with the following parameters:

-ar -ha -fl- -ml -sd -al -ok

These parameters are optimal for thorough anti-virus protection and can be used in most typical cases. If any of the parameters is not required, disable it with "-" postfix as described above.

Disabling scan of archives and packed files will significantly decrease an anti-virus protection level, because viruses are often distributed in archives (especially, self-extracting archives) attached to an email message. Office documents (Word, Excel) dispatched within an archive or a container can also pose a threat to security of your computer as they are vulnerable to macro viruses.

When you start Dr.Web Scanner with default parameters, no cure actions and no actions for incurable and suspicious files are performed. To enable these actions, specify the corresponding command line parameter explicitly.

The following actions are recommended:

•cu – cure infected files and system areas without deleting, moving or renaming infected files;

•icd – delete incurable files;

•spm – move suspicious files;

•spr – rename suspicious files.

When Dr.Web Scanner is started with cu action specified, it tries to restore the original state of an infected object. It is possible only if a detected virus is a known virus, and cure instructions for it are available in virus database; even in this case a cure attempt may fail if the infected file is seriously damaged by a virus.

When an infected file is found within an archive, the file is not cured, deleted, moved or renamed. To cure such a file, manually unpack the archive to the separate directory and instruct Dr.Web Scanner to check it.

When Dr.Web Scanner is started with icd action specified, it removes all infected files from the disk. This option is suitable for incurable (irreversibly damaged by a virus) files.

The spr action instructs Dr.Web Scanner to replace a file extension with another one (*.#?? by default, that is the first extension character is replaced with the "#" character). Enable this parameter for files of other operating systems, detected heuristically as suspicious. Renaming helps to avoid accidental execution of such files in these operating systems and therefore prevents infection.

The spm action instructs Dr.Web Scanner to move infected or suspicious files to the Quarantine directory (%var_dir/infected/ by default). This option is of insignificant value since infected and suspicious files of other operating systems cannot infect or damage a UNIX system. Moving of suspicious files of a UNIX system may cause system malfunction or failure.

Thus, the following command is recommended for day-to-day scanning:

$ drweb <path> -cu -icd -spm -ar -ha -fl- -ml -sd

You can save this command to the text file and convert it into simple shell script with the following command:

# chmod a+x [filename]

Dr.Web Scanner default settings could be adjusted in the configuration file.