Dr.Web ConfigD
|
Configuration daemon Dr.Web for UNIX Internet Gateways, which performs the following functions:
•Starts and stops the product’s components depending on the settings. Automatically restarts components if a failure in their operation occurs. Starts components at the request of other components. Informs active components when another component starts or shuts down. •Stores information about present license keys and settings and provides this data to all components. Receives adjusted settings and license keys from the components of Dr.Web for UNIX Internet Gateways expected to provide such information. Notifies other components on changes in license keys and settings.
Executable file: drweb-configd
Internal name output to the log file: ConfigD
|
Dr.Web Virus-Finding Engine
|
Anti-virus engine. The main component of the anti-virus protection. Implements algorithms to detect viruses and malicious programs as well as algorithms to analyze suspicious behavior (by using signature and heuristic analysis).
Used by all Dr.Web for UNIX Internet Gateways components via Dr.Web Scanning Engine.
Executable file: drweb32.dll
Internal name output to the log file: CoreEngine
|
Dr.Web Scanning Engine
|
Scanning engine. The component responsible for loading the anti-virus engine Dr.Web Virus-Finding Engine and virus databases. It transmits the contents of files and disk boot records to the anti-virus engine for scanning at the request of other components of Dr.Web for UNIX Internet Gateways. It queues files that are waiting to be scanned. Cures the files that can be cured. From the point of view of other components of Dr.Web for UNIX Internet Gateways, this component provides the anti-virus scanning service. Can operate under the control of the Dr.Web ConfigD configuration daemon or in an autonomous mode (autonomously from other components).
Used by all Dr.Web for UNIX Internet Gateways components for the anti-virus scanning.
Executable file: drweb-se
The internal name, displayed in log: ScanEngine
|
Dr.Web virus database
|
Automatically updated database of these virus signatures and other threats, also algorithms of detection and neutralization of malicious software.
Used by the anti-virus engine Dr.Web Virus-Finding Engine and provided along with it.
|
Databases of web resource categories
|
Automatically updated database. The database contains information on web resources assigned to pre-defined categories. It is used for blocking access to web resources included to categories that are marked as unwanted.
Used by components that scan network activity of users and applications, such as SpIDer Gate, Dr.Web ICAPD, Dr.Web MailD.
|
Dr.Web File Checker
|
The component which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX Internet Gateways components and searches file system directories according to a received task, transmits files for scanning to Dr.Web Scanning Engine scanning engine and notifies components on scanning progress. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.
Used by components that scan file system objects.
Executable file: drweb-filecheck
The internal name, displayed in log: FileCheck
|
Dr.Web ICAPD
|
ICAP server analyzing requests and traffic which goes via HTTP proxy servers (such as Squid). It also prevents transmitting infected files and access to the network hosts belonging to the Internet resources categories and to black lists, created by the system administrator. If access to external servers must be forbidden, or transmitted data contains a threat, it instructs the proxy server to return to a user a special page informing that it is impossible to access the requested resource or that the transmitted file is infected.
Executable file: drweb-icapd
The internal name, displayed in log: ICAPD
|
Dr.Web ES Agent
|
Central protection agent. Makes it possible for the product to operate in centralized and mobile modes. Provides communication between the product and the central protection server, a license key file, updates to the virus databases and components. Sends to the server information on the components included in Dr.Web for UNIX Internet Gateways and their state as well as statistics of virus events.
Executable file: drweb-esagent
The internal name, displayed in log: ESAgent
|
SpIDer Gate
|
The component for monitoring network traffic and URLs. It is designed to check data downloaded from the network to the local host and transmitted from it to the external network for threats. The components also prevents connections with the network hosts, included not only to the unwanted categories of web resources, but also to black lists created by the system administrator.
|
It is included only in the distributions for GNU/Linux OS.
|
Executable file: drweb-gated
The internal name, displayed in log: GateD
|
Dr.Web Firewall for Linux
|
Connection manager. Used by SpIDer Gate and provides connection routing for applications that operate on the server for scanning of the transferred traffic.
|
It is included only in the distributions for GNU/Linux OS.
|
Executable file: drweb-firewall
The internal name, displayed in log: LinuxFirewall
|
Dr.Web Network Checker
|
An agent of the network data scanning. Used to send data to the scanning engine for actual scanning. The data is sent by components of the product via the network (such components as Dr.Web ClamD, SpIDer Gate, Dr.Web ICAPD).
Besides, it allows Dr.Web for UNIX Internet Gateways to arrange a distributed scanning of files: to receive/transmit files for scanning from/to remote hosts. For that purpose, remote hosts must feature an installed and running Dr.Web for UNIX-based operating systems. In the distributed scanning mode. it allows automatic distribution of scanning load among remote hosts by reducing load on hosts with a large number of scanning tasks (for example, on mail servers, file servers, Internet gateways).
For security reasons, files are transmitted over SSL.
Executable file: drweb-netcheck
The internal name, displayed in log: NetCheck
|
Dr.Web HTTPD
|
Web interface for managing Dr.Web for UNIX Internet Gateways components. It consists of management web interface (it should be installed separately) and service interface for operation of Dr.Web Link Checker(can be installed additionally) browser extension. You can access the interface via any browser on a local or remote host. In-built web interface enables the product to use neither third-party web servers (such as Apache HTTP Server) nor remote administration tools, such as Webmin.
For security reasons, web interface interacts with user over HTTPS.
Executable file: drweb-httpd
The internal name, displayed in log: HTTPD
|
Dr.Web Ctl
|
Tool for managing Dr.Web for UNIX Internet Gateways from the command line.
Allows the user to start file scanning, to view quarantined objects, to start a virus database update procedure, to connect the product to or to disconnect it from the central protection server, to view and to configure parameters.
Executable file: drweb-ctl
The internal name, displayed in log: Ctl
|
Dr.Web Updater
|
An update component. Downloads from Doctor Web servers updates of the virus databases and databases of web resource categories, anti-virus engine.
The updates can be downloaded automatically, according to a schedule, and on user’s demand (via Dr.Web Ctl or management web interface).
Executable file: drweb-update
The internal name, displayed in log: Update
|
Dr.Web SNMPD
|
An SNMP agent. Designed for integration of Dr.Web for UNIX Internet Gateways with external monitoring systems over SNMP. Such integration allows you to monitor the state of the product’s components and to collect statistics on threat detection and neutralization. Supports SNMP v2c and v3.
Executable file: drweb-snmpd
The internal name, displayed in log: SNMPD
|
Dr.Web ClamD
|
Component emulating interface of the anti-virus daemon clamd, which is a component of ClamAV® anti-virus. Allows all applications that support ClamAV® to transparently use Dr.Web for UNIX Internet Gateways for anti-virus scanning.
Executable file: drweb-clamd
The internal name, displayed in log: ClamD
|
Dr.Web CloudD
|
The component that sends the following information to the Dr.Web Cloud service: visited URLs and information about the scanned files, to check them for threats not yet described in virus databases.
Executable file: drweb-cloudd
The internal name, displayed in log: CloudD
|
Dr.Web LookupD
|
Component retrieving data from external data sources (directory services, such as Active Directory) using LDAP protocol. The data are used in rules of traffic monitoring.
Executable file: drweb-lookupd
The internal name, displayed in log: LookupD
|
