Operating Principles

The component is designed to check both the content of files in the local file system and the streams of data transmitted by an external application via a socket. Such checks are performed by the component at the request of an external application. Moreover, the component can check the content of those files for which an external application passed an open file descriptor via a socket.

File checks based on a passed file descriptor can be performed only if the descriptor was passed via a local UNIX socket.

If an external application has provided a path to a file in the local file system, the component sends the scanning task to the Dr.Web File Checker file checker component; otherwise, the component transmits data, received via the socket, to the Dr.Web Network Checker distributed scanning agent, as shown in the figure below.

Figure 13. Diagram of the components’ operation

By default, the component is not automatically launched upon the startup of Dr.Web for UNIX Internet Gateways. To enable starting of the component, it is necessary to set the Yes value for the Start parameter and to define at least one connection point for client applications. After that, the component starts waiting for external applications’ requests to scan files or data streams. In the component’s settings, you can configure several connection points for external applications and adjust different scanning settings for each of the points, if required.

The Figure above shows that external applications could be represented as HTTP proxy servers (such as Squid and HAVP), if they are equipped with the integration module with clamd. For details, see section Integration with External Applications.

Detected threats cannot be neutralized by Dr.Web for UNIX Internet Gateways; the external application receives only the results of the scanning. Thus, any detected threats should be neutralized by the external application.