SpIDer Gate

Top  Previous  Next

This component is included only in the product distributions for GNU/Linux OSes.

The component for monitoring network traffic and URLs SpIDer Gate is designed to check data (downloaded from the network to the local computer and to the network from the local host) for threats and to prevent connections with the network hosts, included to the unwanted categories of web resources and to the black lists defined by the administrator.

In the component settings there is an opportunity to indicate types of protocols for scanning.

To check whether an URL belongs to any of the categories (used for scanning of connections that utilize the HTTP/HTTPS protocol), the component not only uses the database of web resource categories, which is updated regularly from Doctor Web’s update servers, but also refers to the Dr.Web Cloud service. Doctor Web keeps track of the following web resources categories:

InfectionSource—websites containing malicious software (“infection sources”).

NotRecommended—fraudulent websites (that use “social engineering”) visiting which is not recommended.

AdultContent—websites that contain pornographic or erotic materials, dating sites, etc.

Violence—websites that encourage violence or contain materials about various fatal accidents, etc.

Weapons—websites that describe weapons and explosives or provide information on their manufacturing.

Gambling—websites that provide access to online games of chance, casinos, auctions, including sites for placing bets, etc.

Drugs—websites that promote use, production or distribution of drugs, etc.

ObsceneLanguage—websites that contain the obscene language (in titles, articles, etc.).

Chats—websites that offer a real-time transmission of text messages.

Terrorism—websites that contain aggressive and propaganda materials or terroristic attacks descriptions, etc.

FreeEmail—websites that offer the possibility of free registration of a web mailbox.

SocialNetworks—different social networking services: general, professional, corporate, interest-based; thematic dating sites.

DueToCopyrightNotice—websites that were specified by the holders of copyrights pertaining to content or works protected by copyright law (movies, music, etc.).

System administrator can specify the hosts accessing which is unwanted, based on the categories to which the hosts belong. Additionally, a user can configure one’s own black lists to block the access to the necessary hosts, and white lists, to allow the access. The access to the hosts of white lists will be allowed, even if the hosts belong to the unwanted categories. If there is no information about URLs in the local black lists and database of web resources categories, the component can refer to Dr.Web Cloud service to check for the information whether these URLs are malicious, which is received from other Dr.Web products on a real-time basis.

One and the same website can belong simultaneously to several categories. Access to such website is blocked even if it belongs to any of the unwanted categories.

 

Even if the website is included to the white list, data (sent and downloaded from the website) is checked for threats.

 

In case of high intensity of the scanning of files transferred via the HTTP protocol, there is a possibility of having problems with scanning due to depletion of the number of available file descriptors by the Dr.Web Network Checker component. In this case, it is necessary to increase the limit of the number of file descriptors available to Dr.Web for UNIX Internet Gateways.

Within server products Dr.Web for UNIX Internet Gateways can be used in an organization to create a “wall” between the company’s server, for example, the web server with public access, and the Internet, an external network, because by default the Dr.Web ICAPD component that performs functions of controlling user access. This component operates together with the proxy server providing Internet access from the local network.

 

Details:

Operating Principles

Command Line Arguments

Configuration Parameters