Program Structure

Top  Previous  Next

Dr.Web for UNIX Internet Gateways is a product that consists of several components, each of which has its individual set of functions. The list of components included in Dr.Web for UNIX Internet Gateways are listed below.

Component

Description

Dr.Web ConfigD

Configuration daemon Dr.Web for UNIX Internet Gateways, which performs the following functions:

Starts and stops the product’s components depending on the settings. Automatically restarts components if a failure in their operation occurs. Starts components at the request of other components. Informs active components when another component starts or shuts down.

Stores information about present license keys and settings and provides this data to all components. Receives adjusted settings and license keys from the components of Dr.Web for UNIX Internet Gateways expected to provide such information. Notifies other components on changes in license keys and settings.


Executable file: drweb-configd

Internal name output to the log file: ConfigD

Dr.Web Virus-Finding Engine

Anti-virus engine. The main component of the anti-virus protection. Implements algorithms to detect viruses and malicious programs as well as algorithms to analyze suspicious behavior (by using signature and heuristic analysis).

Used by all Dr.Web for UNIX Internet Gateways components via Dr.Web Scanning Engine.


Executable file: drweb32.dll

Internal name output to the log file: CoreEngine

Dr.Web Scanning Engine

Scanning engine. The component responsible for loading the anti-virus engine Dr.Web Virus-Finding Engine and virus databases. It transmits the contents of files and disk boot records to the anti-virus engine for scanning at the request of other components of Dr.Web for UNIX Internet Gateways. It queues files that are waiting to be scanned. Cures the files that can be cured. From the point of view of other components of Dr.Web for UNIX Internet Gateways, this component provides the anti-virus scanning service. Can operate under the control of the Dr.Web ConfigD configuration daemon or in an autonomous mode (autonomously from other components).

Used by all Dr.Web for UNIX Internet Gateways components for the anti-virus scanning.


Executable file: drweb-se

The internal name, displayed in log: ScanEngine

Dr.Web virus database

Automatically updated database of these virus signatures and other threats, also algorithms of detection and neutralization of malicious software.

Used by the anti-virus engine Dr.Web Virus-Finding Engine and provided along with it.

Databases of web resource categories

Automatically updated database. The database contains information on web resources assigned to pre-defined categories. It is used for blocking access to web resources included to categories that are marked as unwanted.

Used by components that scan network activity of users and applications, such as SpIDer Gate, Dr.Web ICAPD, Dr.Web MailD.

Dr.Web File Checker

The component which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX Internet Gateways components and searches file system directories according to a received task, transmits files for scanning to Dr.Web Scanning Engine scanning engine and notifies components on scanning progress. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.

Used by components that scan file system objects.


Executable file: drweb-filecheck

The internal name, displayed in log: FileCheck

Dr.Web ICAPD

ICAP server analyzing requests and traffic which goes via HTTP proxy servers (such as Squid). It also prevents transmitting infected files and access to the network hosts belonging to the Internet resources categories and to black lists, created by the system administrator. If access to external servers must be forbidden, or transmitted data contains a threat, it instructs the proxy server to return to a user a special page informing that it is impossible to access the requested resource or that the transmitted file is infected.


Executable file: drweb-icapd

The internal name, displayed in log: ICAPD

Dr.Web ES Agent

Central protection agent. Makes it possible for the product to operate in centralized and mobile modes. Provides communication between the product and the central protection server, a license key file, updates to the virus databases and components. Sends to the server information on the components included in Dr.Web for UNIX Internet Gateways and their state as well as statistics of virus events.


Executable file: drweb-esagent

The internal name, displayed in log: ESAgent

SpIDer Gate

The component for monitoring network traffic and URLs. It is designed to check data downloaded from the network to the local host and transmitted from it to the external network for threats. The components also prevents connections with the network hosts, included not only to the unwanted categories of web resources, but also to black lists created by the system administrator.

It is included only in the distributions for GNU/Linux OS.


Executable file: drweb-gated

The internal name, displayed in log: GateD

Dr.Web Firewall for Linux

Connection manager. Used by SpIDer Gate and provides connection routing for applications that operate on the server for scanning of the transferred traffic.

It is included only in the distributions for GNU/Linux OS.


Executable file: drweb-firewall

The internal name, displayed in log: LinuxFirewall

Dr.Web Network Checker

An agent of the network data scanning. Used to send data to the scanning engine for actual scanning. The data is sent by components of the product via the network (such components as Dr.Web ClamD, SpIDer Gate, Dr.Web ICAPD).

Besides, it allows Dr.Web for UNIX Internet Gateways to arrange a distributed scanning of files: to receive/transmit files for scanning from/to remote hosts. For that purpose, remote hosts must feature an installed and running Dr.Web for UNIX-based operating systems. In the distributed scanning mode. it allows automatic distribution of scanning load among remote hosts by reducing load on hosts with a large number of scanning tasks (for example, on mail servers, file servers, Internet gateways).

For security reasons, files are transmitted over SSL.


Executable file: drweb-netcheck

The internal name, displayed in log: NetCheck

Dr.Web HTTPD

Web interface for managing Dr.Web for UNIX Internet Gateways components. It consists of management web interface (it should be installed separately) and service interface for operation of Dr.Web Link Checker(can be installed additionally) browser extension. You can access the interface via any browser on a local or remote host. In-built web interface enables the product to use neither third-party web servers (such as Apache HTTP Server) nor remote administration tools, such as Webmin.

For security reasons, web interface interacts with user over HTTPS.


Executable file: drweb-httpd

The internal name, displayed in log: HTTPD

Dr.Web Ctl

Tool for managing Dr.Web for UNIX Internet Gateways from the command line.

Allows the user to start file scanning, to view quarantined objects, to start a virus database update procedure, to connect the product to or to disconnect it from the central protection server, to view and to configure parameters.


Executable file: drweb-ctl

The internal name, displayed in log: Ctl

Dr.Web Updater

An update component. Downloads from Doctor Web servers updates of the virus databases and databases of web resource categories, anti-virus engine.

The updates can be downloaded automatically, according to a schedule, and on user’s demand (via Dr.Web Ctl or management web interface).


Executable file: drweb-update

The internal name, displayed in log: Update

Dr.Web SNMPD

An SNMP agent. Designed for integration of Dr.Web for UNIX Internet Gateways with external monitoring systems over SNMP. Such integration allows you to monitor the state of the product’s components and to collect statistics on threat detection and neutralization. Supports SNMP v2c and v3.


Executable file: drweb-snmpd

The internal name, displayed in log: SNMPD

Dr.Web ClamD

Component emulating interface of the anti-virus daemon clamd, which is a component of ClamAV® anti-virus. Allows all applications that support ClamAV® to transparently use Dr.Web for UNIX Internet Gateways for anti-virus scanning.


Executable file: drweb-clamd

The internal name, displayed in log: ClamD

Dr.Web CloudD

The component that sends the following information to the Dr.Web Cloud service: visited URLs and information about the scanned files, to check them for threats not yet described in virus databases.


Executable file: drweb-cloudd

The internal name, displayed in log: CloudD

Dr.Web LookupD

Component retrieving data from external data sources (directory services, such as Active Directory) using LDAP protocol. The data are used in rules of traffic monitoring.


Executable file: drweb-lookupd

The internal name, displayed in log: LookupD

The figure below shows the structure of Dr.Web for UNIX Internet Gateways and its operation with external applications.