Operating Principles

Top  Previous  Next

The Dr.Web Network Checker component allows to arrange connection between Dr.Web for UNIX Internet Gateways and a set of other nodews which have Dr.Web for UNIX Internet Gateways (or other Dr.Web for UNIX solution version 10.1 or above) installed on them. This will organize a distributed data scanning for threats (for example, file content). With the component, you can create and configure a “scanning cluster”, specifying the set of connections between cluster nodes (an instance of the distributed scanning agent Dr.Web Network Checkershould be launched at each node).

On each node within the cluster, Dr.Web Network Checker agent constitutes the automatic distribution of scanning jobs by transmitting data for scanning to all available nodes. At that, the agent sets up the load balancing on nodes, caused by file scanning, depending on resources available on remote nodes (the number of child scanning processes of Dr.Web Scanning Engine on each node acts as an indicator for the number of nodes available). The agent also considers the queue of files waiting for scanning on each host. Data received for scanning over the network is transmitted to the Dr.Web Scanning Engine scanning engine, as shown on the figure below.

Figure 15. Diagram of the components’ operation

In this case, any network node included in the scanning cluster can act as a scanning client that transmits data to a remote scan as well as a scanning server that receives data from the specified network nodes for verification. If necessary, the distributed scanning agent can be configured so that the node acts only as a scanning server or only as a scanning client.

On a local host, sending data for scanning via Dr.Web Network Checker can be started both at user’s command specified via the Dr.Web Ctl command-line management tool and at requests received from some product components, for example, the Dr.Web ClamD component, which provides the interface of the clamd daemon included in ClamAV®. That is why the scheme contains an abstract “Client scanning module”.

Note that components marked as “Client scanning module” always use the Dr.Web Network Checker for transmitting files to be scanned by Dr.Web Scanning Engine, even if Dr.Web Scanning Engine is located on the local host. Thus, if Dr.Web Network Checker is unavailable, these components will not work correctly.

It is possible to create your own component (external application) which will use Dr.Web Network Checker to check the files (including distributing the scanning jobs to the nodes of the scanning cluster). For this, the Dr.Web Network Checker component provides a custom API based on the Google Protobuf technology. The Dr.Web Network Checker API , as well as client application sample code that uses Dr.Web Network Checker, are supplied as part of drweb-netcheck package.