Operation Modes

Dr.Web for UNIX Mail Servers can operate both in standalone mode and as a part of an anti-virus network managed by a central protection server. Operation in central protection mode does not require installation of additional software or Dr.Web for UNIX Mail Servers re-installation or removal.

•In Standalone mode, the protected computer is not connected to an anti-virus network and its operation is managed locally. In this mode, configuration and license key files are located on local disks and Dr.Web for UNIX Mail Servers is fully controlled from the protected computer. Updates to virus databases are received from Doctor Web update servers.

•In Central protection mode (Enterprise mode), protection of the computer is managed by the central protection server. In this mode, some functions and settings of Dr.Web for UNIX Mail Servers can be adjusted in accordance with the general (corporate) anti-virus protection policy implemented on the anti-virus network. The license key file used for operating in enterprise mode is received from the central protection server. The key file stored on the local computer, if any, is not used. Statistics on virus events is sent to the central protection server. Updates to virus databases are also received from the central protection server.

•In Mobile mode, Dr.Web for UNIX Mail Servers receives updates from Doctor Web update servers, but operation of the product is managed with the local settings. The used key file is received from the central protection server. You can switch to mobile mode only if it is allowed in the central protection server settings.

Doctor Web solutions for central protection use client-server model (see the figure below).

Workstations and servers are protected by local anti-virus components (herein, Dr.Web for UNIX Mail Servers) installed on them, which provides for anti-virus protection of remote computers and allows connection between the workstations and the central protection server.

	Central protection server		Network based on TCP, NetBIOS
	Anti-virus network administrator		Management via HTTP/HTTPS
	Protected local computer		Transmitting updates via HTTP
	Doctor Web update server

Local computers are updated and configured from the central protection server. The stream of instructions, data and statistics in the anti-virus network goes also through the central protection server. The volume of traffic between protected computers and the central server can be quite sizeable, therefore solutions provide options for traffic compression. To prevent leak of sensitive data or substitution of software downloaded onto protected computers, encryption is also supported.

All necessary updates are downloaded to the central protection server from Doctor Web update servers.

Local anti-virus components are configured and managed from the central protection server according to commands received from anti-virus network administrators. Administrators manage central protection servers and topology of anti-virus networks (for example, validate connections to the central protection server from remote computers) and configure operation of local anti-virus components when necessary.

Local anti-virus components are not compatible with anti-virus products of other companies or anti-virus solutions of Dr.Web if the latter do not support operation in central protection mode (for example, Dr.Web Anti-virus, version 5.0). Installation of two anti-virus programs on the same computer can cause a system crash and loss of important data.

Note that the current version of Dr.Web for UNIX Mail Servers does not fully implement the central protection mode: the central protection server cannot manage operation settings of the program components and cannot send scan tasks for the program.

Dr.Web for UNIX Mail Servers can be connected to the central protection server of an anti-virus network using the esconnect command of the Dr.Web Ctl command-line-based management tool.

Verification of central protection server requires use of public encryption keys, that is, each server is supplied with a unique public key. By default, the central protection agent Dr.Web ES Agent does not allow connection to the server unless you provide a file containing a public key for authentication of the used server. Such public key file should be obtained from the administrator of your anti-virus network serviced by the server to which you want to connect Dr.Web for UNIX Mail Servers.

If Dr.Web for UNIX Mail Servers is connected to the central protection server, you can switch the product into the Mobile mode or switch it back into the Central protection mode. Switching the Mobile mode on or off is accomplished with the help of the MobileMode configuration parameter of theDr.Web ES Agent component.

Operation can switch to Mobile mode only if it is allowed in the settings on the central protection server.

Dr.Web for UNIX Mail Servers can be disconnected from the central protection server of an anti-virus network using the esdisconnect command of the Dr.Web Ctl command-line-based management tool.