The component uses configuration parameters which are specified in [NSS] section of the integrated configuration file of Dr.Web for UNIX File Servers.
The section contains the following parameters:
LogLevel = {logging level} |
Logging level for SMB directories monitor SpIDer Guard for NSS. If the parameter is not specified, the DefaultLogLevel parameter value from [Root] section is used. |
Default value: LogLevel = Notice |
Log = {log type} |
Logging method for SMB directories monitor SpIDer Guard for NSS. |
Default value: Log = Auto |
LogProtocol = {boolean} |
Indicates whether protocol messages are registered in the log file of NSS volumes monitor SpIDer Guard for NSS. Allowed values: •Yes — messages are registered. •No — messages are not registered. |
Default value: LogProtocol = No |
ExePath = {path to file} |
Path to the executable of SpIDer Guard for NSS. |
Default value: ExePath = <opt_dir>/bin/drweb-nss For Linux: ExePath = /opt/drweb.com/bin/drweb-nss |
Start = {boolean} |
Indicates whether it is required to run SpIDer Guard for NSS on the Dr.Web for UNIX File Servers startup. |
Default value: Start = Yes |
NssVolumesMountDir = {path to directory} |
Path to the file system directory where NSS file system volumes are mounted. |
Default value: NssVolumesMountDir = /media/nss |
ProtectedVolumes = {volume name} |
Names of NSS file system volumes mounted on NssVolumesMountDir and protected by the suite. If no value is specified, all volumes in NssVolumesMountDir must be protected. You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list). |
Default value: ProtectedVolumes = |
ExcludedPath = {path to file or directory} |
Path to the object which must be skipped during scanning. You can specify a directory or file path. If a directory is specified, all directory content will be skipped. You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list). Paths in the list must be relative to NssVolumesMountDir path. |
Default value: ExcludedPath = |
IncludedPath = {path to file or directory} |
Path to the object which must be scanned. You can specify a directory or file path. If a directory is specified, all directory content will be scanned. Note that this parameter takes precedence over ExcludedPath parameter of the same section; that is, if the same object (file or directory) is specified in both parameter values, this object will be scanned. You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list). Paths in the list must be relative to NssVolumesMountDir path. |
Default value: IncludedPath = |
OnKnownVirus = {action} |
Action applied by Dr.Web for UNIX File Servers to a known threat (virus, etc.) detected by using signature analysis during the scanning initiated by NSS volumes monitor. Allowed values: Cure, Quarantine, Delete |
Default value: OnKnownVirus = Cure |
OnIncurable = {action} |
Action applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed) detected during the scanning initiated by NSS volumes monitor. Allowed values: Quarantine, Delete |
Default value: OnIncurable = Quarantine |
OnSuspicious = {action} |
Action applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected by using heuristic analysis during the scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnSuspicious = Quarantine |
OnAdware = {action} |
Action applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnAdware = Report |
OnDialers = {action} |
Action applied by Dr.Web for UNIX File Servers to a dialer detected during the scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnDialers = Report |
OnJokes = {action} |
Action applied by Dr.Web for UNIX File Servers to a joke program detected during the scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnJokes = Report |
OnRiskware = {action} |
Action applied by Dr.Web for UNIX File Servers to riskware detected during the scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnRiskware = Report |
OnHacktools = {action} |
Action applied by Dr.Web for UNIX File Servers to a hacktool (tool for remote administration, Trojan, etc.) detected during scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnHacktools = Report |
OnError = {action} |
Action applied by Dr.Web for UNIX File Servers to files that caused an error during the scanning initiated by NSS volumes monitor. Allowed values: Report, Quarantine, Delete |
Default value: OnError = Report |
ScanTimeout = {time interval} |
Timeout for scanning one file initiated by NSS volumes monitor. If the value is set to 0, time to scan a file is not limited. |
Default value: ScanTimeout = 30s |
HeuristicAnalysis = {On | Off} |
Indicates whether heuristic analysis is used for detection of unknown threats during the scanning initiated by NSS volumes monitor. Heuristic analysis provides higher detection reliability but, at the same time, it increases time of virus scanning. Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value. Allowed values: •On — instructs to use heuristic analysis when scanning. •Off — instructs not to use heuristic analysis. |
Default value: HeuristicAnalysis = On |
PackerMaxLevel = {integer} |
Maximum nesting level when scanning packed objects. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volumes monitor. If the value is set to 0, nested objects are not scanned. |
Default value: PackerMaxLevel = 8 |
ArchiveMaxLevel = {integer} |
Maximum nesting level when scanning archives. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volumes monitor. If the value is set to 0, nested objects are not scanned. |
Default value: ArchiveMaxLevel = 0 |
MailMaxLevel = {integer} |
Maximum nesting level when scanning email messages and mailboxes. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volumes monitor. If the value is set to 0, nested objects are not scanned. |
Default value: MailMaxLevel = 8 |
ContainerMaxLevel = {integer} |
Maximum nesting level when scanning nested objects. All objects at a deeper nesting level are skipped during the scanning initiated by NSS volumes monitor. If the value is set to 0, nested objects are not scanned. |
Default value: ContainerMaxLevel = 8 |
MaxCompressionRatio = {integer} |
Maximum compression ratio of scanned objects (ratio between the uncompressed size and compressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by NSS volumes monitor. The compression ratio must be at least equal to 2. |
Default value: MaxCompressionRatio = 500 |
|
If Quarantine action is specified for some threat type in NSS volumes monitor settings, the object containing a threat of this type will be placed to quarantine again on attempt to restore this object from quarantine to an NSS volume. For example, the following default settings NSS.OnKnownVirus = Cure NSS.OnIncurable = Quarantine move all incurable objects to quarantine. At that, when any incurable object is restored from quarantine to an NSS volume, this object is automatically returned to quarantine. |
