Operating Principles |
The SpIDer Gate component monitors network connections established by user applications. The component checks whether the server which the client application is trying to connect to belongs to any of the web resources categories specified in the settings as unwanted. Moreover, the component can refer to Dr.Web Cloud service to check a URL. If the URL belongs to any of the unwanted categories (including that one which was returned by the request of Dr.Web Cloud service) or to a black list defined by the system administrator, the connection is interrupted, and the HTML page, containing the message that the access is not allowed, is shown (in case of HTTP/HTTPS connection). The HTML page is generated by SpIDer Gate according to the template supplied with the component. This page contains details upon the block. The similar page is displayed to the client if SpIDer Gate finds a threat that must be blocked in the contents of the server response. If the connection uses a protocol different from HTTP(S), the component scans only for permission to establish connection with this server. Auxiliary component Dr.Web Firewall for Linux redirects connections with remote servers, which are established by the client applications. The component performs dynamic control of the rules of system component. The operation scheme for the component of monitoring network traffic and URLs is shown in the figure below. Within Dr.Web for UNIX Internet Gateways server products a client application is a protected server resource of the company, (for example, a web server with public access), because by default the Dr.Web ICAPD component performs functions of managing access of the local network users user to the Internet. This component operates together with the proxy-server providing Internet access from the local network. Figure 12. Diagram of the components’ operation The Dr.Web Updater component is used to regularly and automatically update the databases of web resource categories from Doctor Web update servers. The same component is used to update virus databases for the Dr.Web Scanning Engine scanning engine. The Dr.Web CloudD component is used to refer to Dr.Web Cloud service (using of the cloud service is configured in Appendixes common settings and can be disabled, if necessary). To check transferred data, SpIDer Gate uses the Dr.Web Network Checker component. The latter one initiates scanning via the Dr.Web Scanning Engine scanning engine. |