|
The component uses configuration parameters which are specified in [SMBSpider] section of the integrated configuration file of Dr.Web for UNIX File Servers.
The section contains the following parameters:
LogLevel = {logging level}
|
Logging level for SMB directories monitor SpIDer Guard for SMB.
If the parameter is not specified, the DefaultLogLevel parameter value from [Root]section is used.
|
Default value:
LogLevel = Notice
|
Log = {log type}
|
Logging method for SMB directories monitor SpIDer Guard for SMB.
|
Default value:
Log = Auto
|
ExePath = {path to file}
|
Path to the executable of SpIDer Guard for SMB.
|
Default value:
ExePath = <opt_dir>/bin/drweb-smbspider-daemon
For Linux:
ExePath = /opt/drweb.com/bin/drweb-smbspider-daemon
For FreeBSD:
ExePath = /usr/local/libexec/drweb.com/bin/drweb-smbspider-daemon
For Solaris:
ExePath = /opt/drweb.com/bin/drweb-smbspider-daemon
|
Start = {boolean}
|
Indicates whether it is required to run SpIDer Guard for SMB on the suite startup.
|
Default value:
Start = Yes
|
SambaChrootDir = {path to directory}
|
Path to the root directory of SMB file storage (overrides by the file server via chroot).
Used as a prefix substituted at the beginning of all paths to files and directories residing in the file storage and describes the path relative to the root of the local file system.
If not specified, the path to the file system root / is used.
|
Default value:
SambaChrootDir =
|
[*] ExcludedPath = {path to file or directory}
|
Path to the object which must be skipped during scanning. You can specify a directory or file path. It is also possible to use file masks (which contain question marks ? and asterisks * as well as character classes [ ], [! ], [^ ]).
If a directory is specified, all directory content will be skipped.
You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
|
Default value:
ExcludedPath =
|
[*] IncludedPath = {path to file or directory}
|
Path to the object which must be scanned. You can specify a directory or file path. It is also possible to use file masks (that contain question marks ? and asterisks * as well as character classes [ ], [! ], [^ ]).
If a directory is specified, all directory content will be scanned.
Note that this parameter takes precedence over ExcludedPath parameter of the same section; that is, if the same object (file or directory) is specified in both parameter values, this object will be scanned.
You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
|
Default value:
IncludedPath =
|
[*] AlertFiles = {boolean}
|
Indicates whether a text file is created next to an object blocked by SMB directory monitor as malicious. The created file describes the reason why the object was block.
Created files are named as follows: <blocked_object_name>.drweb.alert.txt
Allowed values:
•Yes — Files are created. •No — Files are not created. |
Default value:
AlertFiles = Yes
|
[*] OnKnownVirus = {action}
|
Action applied by Dr.Web for UNIX File Servers to a known threat (virus, etc.) detected by using signature analysis during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Block, Cure, Quarantine, Delete
|
Default value:
OnKnownVirus = Cure
|
[*] OnIncurable = {action}
|
Action applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed) detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Block, Quarantine, Delete
|
Default value:
OnIncurable = Quarantine
|
[*] OnSuspicious = {action}
|
Action applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected by using heuristic analysis during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Pass, Block, Quarantine, Delete
|
Default value:
OnSuspicious = Quarantine
|
[*] OnAdware = {action}
|
Action applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Pass, Block, Quarantine, Delete
|
Default value:
OnAdware = Pass
|
[*] OnDialers = {action}
|
Action applied by Dr.Web for UNIX File Servers to a dialer program detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Pass, Block, Quarantine, Delete
|
Default value:
OnDialers = Pass
|
[*] OnJokes = {action}
|
Action applied by Dr.Web for UNIX File Servers to a joke program detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Pass, Block, Quarantine, Delete
|
Default value:
OnJokes = Pass
|
[*] OnRiskware = {action}
|
Action applied by Dr.Web for UNIX File Servers to riskware detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Pass, Block, Quarantine, Delete
|
Default value:
OnRiskware = Pass
|
[*] OnHacktools = {action}
|
Action applied by Dr.Web for UNIX File Servers to a hacktool detected during the scanning initiated by SpIDer Guard for SMB.
Allowed values:
Pass, Block, Quarantine, Delete
|
Default value:
OnHacktools = Pass
|
[*] BlockOnError = {boolean}
|
Indicates whether SpIDer Guard for SMB blocks access to a file if an attempt to cure it resulted in an error.
Allowed values:
•Yes — block access to a file. •No — access to a file is not blocked. |
Default value:
BlockOnError = Yes
|
[*] ScanTimeout = {time interval}
|
Timeout for scanning one file initiated by SpIDer Guard for SMB.
If the value is set to 0, time to scan a file is not limited.
|
Default value:
ScanTimeout = 30s
|
[*] HeuristicAnalysis = {On | Off}
|
Indicates whether heuristic analysis is used for detection of unknown threats during the scanning initiated by SpIDer Guard for SMB. Heuristic analysis provides higher detection reliability but, at the same time, it increases time of virus scanning.
Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value.
Allowed values:
•On — instructs to use heuristic analysis when scanning. •Off — instructs not to use heuristic analysis. |
Default value:
HeuristicAnalysis = On
|
[*] PackerMaxLevel = {integer}
|
Maximum nesting level when scanning packed objects. All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
If the value is set to 0, nested objects are not scanned.
|
Default value:
PackerMaxLevel = 8
|
[*] ArchiveMaxLevel = {integer}
|
Maximum nesting level when scanning archives. All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
If the value is set to 0, nested objects are not scanned.
|
Default value:
ArchiveMaxLevel = 0
|
[*] MailMaxLevel = {integer}
|
Maximum nesting level when scanning email messages and mailboxes. All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
If the value is set to 0, nested objects are not scanned.
|
Default value:
MailMaxLevel = 8
|
[*] ContainerMaxLevel = {integer}
|
Maximum nesting level when scanning other containers (for example, HTML pages). All objects at a deeper nesting level are skipped during the scanning initiated by SpIDer Guard for SMB.
If the value is set to 0, nested objects are not scanned.
|
Default value:
ContainerMaxLevel = 8
|
[*] MaxCompressionRatio = {integer}
|
Maximum compression ratio of scanned objects (ratio between the uncompressed size and compressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by SpIDer Guard for SMB.
The compression ratio must be at least equal to 2.
|
Default value:
MaxCompressionRatio = 500
|
SmbSocketPath = {path to file}
|
Path to the socket file which enables interatcion between SpIDer Guard for SMB and VFS SMB modules. The path is always relative and is a supplement for the path specified as the ChrootPath. parameter value.
|
Default value:
SmbSocketPath = var/run/.com.drweb.smb_spider_vfs
|
ActionDelay = {time interval}
|
Delay time between the moment when a threat is detected and the moment when SpIDer Guard for SMB applies the action specified for this threat type.
During this time period, the file is blocked.
|
Default value:
ActionDelay = 24h
|
MaxCacheSize = {size}
|
Size of cache used by VFS SMB modules to store data on scanned files in monitored shared Samba directories.
If 0 is specified, data is not cached.
|
Default value:
MaxCacheSize = 10mb
|
Customizing scanning settings
You can specify a different tag for each VFS SMB module which monitors each shared directory (storage). You can do it in the configuration file of SMB server Samba (typically, this is smb.conf file. Unique tags for VFS SMB modules in smb.conf file are specified as follows:
smb_spider:tag = <someTag>
where <someTag> is a unique tag assigned to a VFS SMB module by Samba SMB server for a shared directory.
If a VFS SMB module has a unique tag <someTag>, you can create a separate section in the configuration file of Dr.Web for UNIX File Servers in addition to [SMBSpider]. The created section will store all configuration parameters for scanning a particular storage protected by this VFS SMB module.
This section must be named as [SMBSpider.Share.<someTag>].
Sections created for VFS SMB modules can contain parameters indicated with asterisk "[*]" in the above mentioned table. Other parameters cannot be specified in such individual sections as the parameter values configure operation of all VFS SMB modules operating with SMB directories monitor SpIDer Guard for SMB.
VFS SMB module uses parameter values from the general section [SMBSpider] if these parameters are not specified in the individual section [SMBSpider.Share.<someTag>], created for this module. Thus, if no individual section, indicated with a tag, is created, all VFS SMB modules use the same parameters for monitoring shared directories. If you delete some parameter from the [SMBSpider.Share.<someTag>] section, the parameter value for this section (and for the corresponding shared directory with <someTag>) will be taken from the "parent" parameter with the same name from the general [SMBSpider] section; the default parameter value is not used in this case.
To add new section for the Samba shared directory with a tag <someTag> by command-line tool Dr.Web Ctl, it is necessary to use the command drweb-ctl cfset SmbSpider.Share.<someTag>.<parameter> <value>.
Example:
# drweb-ctl cfset SmbSpider.Share.DepartFiles.OnAdware Quarantine
This command adds to the configuration file the additional section [SMBSpider.Share.DepartFiles]. The section will contain all parameters for the shared directory, indicated with asterisk "[*]" in the above mentioned table. Values for the all parameters, beside OnAdware parameter, which is specified in the command, will equal to values of the corresponding parameters from the common [SMBSpider] section.
|