SpIDer Gate

The component for monitoring network traffic and URLs SpIDer Gate is designed to check data (downloaded from the network to the local computer and to the network from the local host) for threats and to prevent connections with the network hosts, included to the unwanted categories of web resources and to the black lists defined by the administrator.

In the component settings there is an opportunity to indicate types of protocols for scanning. The component contains an analyzer of a protocol type used to send data via a checked connection. If it is determined that the protocol is a mail one, the analysis and search for threats use the Dr.Web MailD email message component for scanning.

To check whether an URL belongs to any of the categories (used for scanning of connections that utilize the HTTP/HTTPS protocol), the component not only uses the database of web resource categories, which is updated regularly from Doctor Web’s update servers, but also refers to the Dr.Web Cloud service. Doctor Web keeps track of the following web resources categories:

•InfectionSource—websites containing malicious software (“infection sources”).

•NotRecommended—fraudulent websites (that use “social engineering”) visiting which is not recommended.

•AdultContent—websites that contain pornographic or erotic materials, dating sites, etc.

•Violence—websites that encourage violence or contain materials about various fatal accidents, etc.

•Weapons—websites that describe weapons and explosives or provide information on their manufacturing.

•Gambling—websites that provide access to online games of chance, casinos, auctions, including sites for placing bets, etc.

•ObsceneLanguage—websites that contain the obscene language (in titles, articles, etc.).

•Terrorism—websites that contain aggressive and propaganda materials or terroristic attacks descriptions, etc.

•FreeEmail—websites that offer the possibility of free registration of a web mailbox.

•SocialNetworks—different social networking services: general, professional, corporate, interest-based; thematic dating sites.

•DueToCopyrightNotice—websites that were specified by the holders of copyrights pertaining to content or works protected by copyright law (movies, music, etc.).

System administrator can specify the hosts accessing which is unwanted, based on the categories to which the hosts belong. Additionally, a user can configure one’s own black lists to block the access to the necessary hosts, and white lists, to allow the access. The access to the hosts of white lists will be allowed, even if the hosts belong to the unwanted categories. If there is no information about URLs in the local black lists and database of web resources categories, the component can refer to Dr.Web Cloud service to check for the information whether these URLs are malicious, which is received from other Dr.Web products on a real-time basis.

One and the same website can belong simultaneously to several categories. Access to such website is blocked even if it belongs to any of the unwanted categories.

Even if the website is included to the white list, data (sent and downloaded from the website) is checked for threats.

In case of high intensity of the scanning of files transferred via the HTTP protocol, there is a possibility of having problems with scanning due to depletion of the number of available file descriptors by the Dr.Web Network Checker component. In this case, it is necessary to increase the limit of the number of file descriptors available to Dr.Web for UNIX Mail Servers.