Operating Principles

The component is designed to check both the content of files in the local file system and the streams of data transmitted by an external application via a socket. Such checks are performed by the component at the request of an external application. Moreover, the component can check the content of those files for which an external application passed an open file descriptor via a socket.

File checks based on a passed file descriptor can be performed only if the descriptor was passed via a local UNIX socket.

If an external application has provided a path to a file in the local file system, the component sends the scanning task to the Dr.Web File Checker file checker component; otherwise, the component transmits data, received via the socket, to the Dr.Web Network Checker distributed scanning agent, as shown in the figure below.

Figure 15. Diagram of the components’ operation

By default, the component is not automatically launched upon the startup of Dr.Web for UNIX Mail Servers. To enable starting of the component, it is necessary to set the Yes value for the

The Figure above shows that external applications could be represented as mail servers (such as Postfix and Exim), if they are equipped with the integration module with clamd. For details, see section Integration with External Applications.

Detected threats cannot be neutralized by Dr.Web for UNIX Mail Servers; the external application receives only the results of the scanning. Thus, any detected threats should be neutralized by the external application.