Dr.Web ConfigD

Configuration daemon Dr.Web for UNIX Mail Servers, which performs the following functions:

•Starts and stops the product’s components depending on the settings. Automatically restarts components if a failure in their operation occurs. Starts components at the request of other components. Informs active components when another component starts or shuts down.

•Stores information about present license keys and settings and provides this data to all components. Receives adjusted settings and license keys from the components of Dr.Web for UNIX Mail Servers expected to provide such information. Notifies other components on changes in license keys and settings.

Executable file: drweb-configd

Internal name output to the log file: ConfigD

Dr.Web Virus-Finding Engine

Anti-virus engine. The main component of the anti-virus protection. Implements algorithms to detect viruses and malicious programs as well as algorithms to analyze suspicious behavior (by using signature and heuristic analysis).

Used by all Dr.Web for UNIX Mail Servers components via Dr.Web Scanning Engine.

Executable file: drweb32.dll

Internal name output to the log file: CoreEngine

Dr.Web Scanning Engine

Scanning engine. The component responsible for loading the anti-virus engine Dr.Web Virus-Finding Engine and virus databases. It transmits the contents of files and disk boot records to the anti-virus engine for scanning at the request of other components of Dr.Web for UNIX Mail Servers. It queues files that are waiting to be scanned. Cures the files that can be cured. From the point of view of other components of Dr.Web for UNIX Mail Servers, this component provides the anti-virus scanning service. Can operate under the control of the Dr.Web ConfigD configuration daemon or in an autonomous mode (autonomously from other components).

Used by all Dr.Web for UNIX Mail Servers components for the anti-virus scanning.

Executable file: drweb-se

The internal name, displayed in log: ScanEngine

Dr.Web virus database

Automatically updated database of these virus signatures and other threats, also algorithms of detection and neutralization of malicious software.

Used by the anti-virus engine Dr.Web Virus-Finding Engine and provided along with it.

Databases of web resource categories

Automatically updated database. The database contains information on web resources assigned to pre-defined categories. It is used for blocking access to web resources included to categories that are marked as unwanted.

Used by components that scan network activity of users and applications, such as SpIDer Gate, Dr.Web MailD.

Dr.Web File Checker

The component which scans file system objects and manages quarantined files. It receives scanning tasks from other Dr.Web for UNIX Mail Servers components and searches file system directories according to a received task, transmits files for scanning to Dr.Web Scanning Engine scanning engine and notifies components on scanning progress. It also removes infected files, moves them to quarantine, restores them from quarantine, and manages quarantine directories. The component creates and updates cache that stores information on scanned files to lessen the frequency of repeated file scanning.

Used by components that scan file system objects.

Executable file: drweb-filecheck

The internal name, displayed in log: FileCheck

Dr.Web ES Agent

Central protection agent. Makes it possible for the product to operate in centralized and mobile modes. Provides communication between the product and the central protection server, a license key file, updates to the virus databases and components. Sends to the server information on the components included in Dr.Web for UNIX Mail Servers and their state as well as statistics of virus events.

Executable file: drweb-esagent

The internal name, displayed in log: ESAgent

SpIDer Gate

The component for monitoring network traffic and URLs. It is designed to check data downloaded from the network to the local host and transmitted from it to the external network for threats. The components also prevents connections with the network hosts, included not only to the unwanted categories of web resources, but also to black lists created by the system administrator.

Used by the component Dr.Web MailD in the mode of the transparent proxy of email protocols (SMTP, POP3, IMAP).

Executable file: drweb-gated

The internal name, displayed in log: GateD

Dr.Web Firewall for Linux

Connection manager. Used by SpIDer Gate and provides connection routing for applications that operate on the server for scanning of the transferred traffic.

Executable file: drweb-firewall

The internal name, displayed in log: LinuxFirewall

Dr.Web MailD

The component for scanning of emails. Analyzes the messages of email protocols, sorts out emails and prepares them for scanning for threats. It can operate in two modes:

1)A filter for mail servers(Sendmail, Postfix, etc.) connected via the interface Milter, Spamd or Rspamd.

2)A transparent proxy of mail protocols (SMTP, POP3, IMAP). In this mode, it uses SpIDer Gate.

Executable component file: drweb-maild

The internal name, displayed in log: MailD

Dr.Web ASE

A component for scanning of email messages for signs of spam. It is used by Dr.Web MailD. It can be unavailable depending on a distribution. If it is unavailable, email scanning for sings of spam is not performed.

Executable file: drweb-ase

The internal name, displayed in log: Antispam

Dr.Web Network Checker

An agent of the network data scanning. Used to send data to the scanning engine for actual scanning. The data is sent by components of the product via the network (such components as Dr.Web ClamD, SpIDer Gate, Dr.Web MailD).

Besides, it allows Dr.Web for UNIX Mail Servers to arrange a distributed scanning of files: to receive/transmit files for scanning from/to remote hosts. For that purpose, remote hosts must feature an installed and running Dr.Web for UNIX-based operating systems. In the distributed scanning mode. it allows automatic distribution of scanning load among remote hosts by reducing load on hosts with a large number of scanning tasks (for example, on mail servers, file servers, Internet gateways).

For security reasons, files are transmitted over SSL.

Executable file: drweb-netcheck

The internal name, displayed in log: NetCheck

Dr.Web HTTPD

Web interface for managing Dr.Web for UNIX Mail Servers components. It consists of management web interface (it should be installed separately) and service interface for operation of Dr.Web Link Checker(can be installed additionally) browser extension. You can access the interface via any browser on a local or remote host. In-built web interface enables the product to use neither third-party web servers (such as Apache HTTP Server) nor remote administration tools, such as Webmin.

For security reasons, web interface interacts with user over HTTPS.

Executable file: drweb-httpd

The internal name, displayed in log: HTTPD

Dr.Web Ctl

Tool for managing Dr.Web for UNIX Mail Servers from the command line.

Allows the user to start file scanning, to view quarantined objects, to start a virus database update procedure, to connect the product to or to disconnect it from the central protection server, to view and to configure parameters.

Executable file: drweb-ctl

The internal name, displayed in log: Ctl

Dr.Web Updater

An update component. Downloads from Doctor Web servers updates of the virus databases and databases of web resource categories, anti-virus engine and a library for scanning of email messages for signs of spam.

The updates can be downloaded automatically, according to a schedule, and on user’s demand (via Dr.Web Ctl or management web interface).

Executable file: drweb-update

The internal name, displayed in log: Update

Dr.Web SNMPD

An SNMP agent. Designed for integration of Dr.Web for UNIX Mail Servers with external monitoring systems over SNMP. Such integration allows you to monitor the state of the product’s components and to collect statistics on threat detection and neutralization. Supports SNMP v2c and v3.

Executable file: drweb-snmpd

The internal name, displayed in log: SNMPD

Dr.Web ClamD

Component emulating interface of the anti-virus daemon clamd, which is a component of ClamAV® anti-virus. Allows all applications that support ClamAV® to transparently use Dr.Web for UNIX Mail Servers for anti-virus scanning.

Executable file: drweb-clamd

The internal name, displayed in log: ClamD

Dr.Web CloudD

The component that sends the following information to the Dr.Web Cloud service: visited URLs and information about the scanned files, to check them for threats not yet described in virus databases.

Executable file: drweb-cloudd

The internal name, displayed in log: CloudD

Dr.Web LookupD

Component retrieving data from external data sources (directory services, such as Active Directory) using LDAP protocol. The data are used in rules of traffic monitoring.

Executable file: drweb-lookupd

The internal name, displayed in log: LookupD

— Dr.Web for UNIX Mail Servers as a whole and external Dr.Web applications together with systems which are not included in the solution.

— external to Dr.Web for UNIX Mail Servers programs and products for its integration.

— Components that are included in Dr.Web for UNIX Mail Servers engine. Other product components use the engine as a service that performs anti-virus checks.

— Service components designed to perform particular anti-virus protection functions (for example, scanning file system objects, updating virus databases, establishing connection to central protection servers, managing the operation of the product).

— Components that provide the user with the interface for Dr.Web for UNIX Mail Servers.

— Quarantine as a set of file system directories which store isolated malicious files.