Dr.Web Ctl

Top  Previous  Next

You can manage operation of Dr.Web for UNIX Internet Gateways from the command line with the help of a special command-line tool—Dr.Web Ctl (drweb-ctl).

You can do the following actions from the command line:

Start scanning file system objects including boot records

Launch of scanning of files on remote network hosts (see note below).

Start updating anti-virus components (virus databases, anti-virus engine, etc. depending on the distribution).

View and change parameters of Dr.Web for UNIX Internet Gateways configuration

View the status of the product's components and statistics on detected threats

View quarantine and manage quarantined objects (via the Dr.Web Ctlcomponent).

Connect to the central protection server or disconnect from it.

Commands entered by the user to control the product can have an effect only if the Dr.Web ConfigD configuration daemon is running (by default, it is automatically launched at the operating system’s startup).

Note that some control commands require superuser privileges.

To elevate privileges, use the su command (change the current user) or the sudo command (execute the specified command with other user privileges).

The Dr.Web Ctl tool supports auto-completion of commands for managing Anti-virus operation if this option is enabled in the used command shell. If the command shell does not allow auto-completion, you can configure this option. For that purpose, refer to the instruction manual for the used OS distribution.

When shutting down, the tool returns the exit code according to convention for the POSIX compliant systems: 0 (zero)—if an operation is successfully completed, non-zero—if otherwise.

Note that the tool returns a non-null exit code only in case of internal error (for example, the tool could not connect to a component, a requested operation could not be executed, etc.). If the tool detects (and possibly) neutralizes a threat, it returns the null exit code, because the requested operation (such as scan, etc.) is successfully competed. If it is necessary to define the list of detected threats and applied actions, analyze the messages displayed on the console.

Codes of all errors are listed in the Appendix F. Known Errors section.

Remote host scanning

Dr.Web for UNIX Internet Gateways allows to perform scanning for threats of files located on remote network hosts. Such hosts can be not only full computing machines (workstations and servers) but also routers, set-top boxes and other “smart” devices that form the so-called Internet of things. To perform the remote scanning, it is necessary for the remote host to provide a remote terminal access via SSH (Secure Shell). Besides, it is required to know an IP address and a domain name of the remote host, name and password of the user, who could remotely access the system via SSH. The indicated user must have access rights to the scanned files (at least the reading rights).

This function can be used only for detection of malicious and suspicious files on a remote host. Elimination of threats (i.e. isolation in the quarantine, removal and curing of malicious objects) using means of the remote scanning is impossible. To eliminate detected threats on the remote host, it is necessary to use administration tools provided directly by this host. For example, for routers and other “smart” devices, a mechanism for a firmware update can be used; for computing machines, it can be done via a connection to them (as an option, using a remote terminal mode) and respective operations in their file system (removal or moving of files, etc.), or via running an anti-virus software installed on them.

Remote scanning is performed only via the command-line tool Dr.Web Ctl (the remotescan command is used).

 

Details:

Command-Line Call Format

Usage Examples

Configuration Parameters