Operating Principles |
By default, the component is run automatically upon Dr.Web for UNIX Internet Gateways startup. When run, the component structures data according to the structure described in MIB Dr.Web and waits for requests to receive data from external SNMP managers. The component receives information on the status of the program components and notifications on detected threats directly from the Dr.Web ConfigD configuration daemon, as shown in the figure below. Figure 20. Diagram of the components’ operation Threats can be detected by the scanning engine during scanning initiated by Dr.Web for UNIX Internet Gateways components; thus, the scheme contains an abstract “client scanning module”. On threat detection, the appropriate count (of this threat type) is incremented by one and all SNMP managers that can receive notifications get an SNMP trap notifying on the detected threat.
Integration with the System SNMP Agent To enable correct operation of Dr.Web SNMP agent if the main system SNMP agent (), already operates on the server, configure transmission of SNMP requests through the Dr.Web MIB branch from to Dr.Web SNMPD. For that purpose, edit the configuration file (usually for the file is as follows: /etc/snmp/snmpd.conf), by adding the following line in it:
Where: •<version> – SNMP version in use (2c, 3). •<community>—“community string” used by Dr.Web SNMPD. •<address>:<port>—network socket which is listened by Dr.Web SNMPD. •<MIB branch>—OID of the MIB branch containing descriptions of variables and SNMP notifications (trap) used by Dr.Web (the OID equals .1.3.6.1.4.1.29690). If you are using the default settings of Dr.Web SNMP agent, then the added line should look like this:
Note that since port 161 in this case will be used by the system’s standard , it is required to specify another port for Dr.Web SNMPD in the ListenAddress parameter (in this example, 50000). |