Configuration Parameters

The component uses configuration parameters which are specified in [LinuxSpider] section of the integrated configuration file of Dr.Web for UNIX File Servers.

The section contains the following parameters:

LogLevel = {logging level}

Logging level for the file system monitor SpIDer Guard.

If the parameter is not specified, the DefaultLogLevel parameter value from [Root]section is used.

Default value:

LogLevel = Notice

Log = {log type}

Logging method for the file system monitor SpIDer Guard.

Default value:

Log = Auto

ExePath = {path to file}

Path to the executable of SpIDer Guard.

Default value:

ExePath = <opt_dir>/bin/drweb-spider

For Linux:

ExePath = /opt/drweb.com/bin/drweb-spider

Start = {boolean}

Indicates whether it is required to run SpIDer Guard on the Dr.Web for UNIX File Servers startup.

Default value:

Start = Yes

ExcludedPath = {path to file or directory}

Path to the object which must be excluded from monitoring. You can specify a directory or file path. If a directory is specified, all directory content will be excluded.

Note that symbolic links here have no effect as only the direct path to a file is analyzed when scanning.

You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Default value:

ExcludedPath = "/proc", "/sys"

IncludedPath = {path to file or directory}

Path to the object which must be monitored and scanned upon any file event. You can specify a directory or file path. If a directory is specified, all directory content will be scanned, if the paths are not specified in the ExcludedPath list.

Note that symbolic links here have no effect as only the direct path to a file is analyzed when scanning.

Note that this parameter takes precedence over ExcludedPath parameter of the same section; that is, if the same object (file or directory) is specified in both parameter values, this object will be scanned upon any file event.

You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Default value:

IncludedPath = /

ExcludedProc = {path to file}

List of processes that are excluded from monitoring. If a file operation was initiated by one of the processes specified here, the modified or created file will not be scanned.

You can specify a list as the parameter value. The values on the list must be separated with commas and enclosed in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Default value:

ExcludedProc =

Mode = {LKM|FANOTIFY|AUTO}

Operation mode of the file system monitor SpIDer Guard.

Allowed values:

LKM — Operation in operating system kernel mode (LKM for GNU/Linux)

FANOTIFY — Operation in user mode

AUTO — The best operation mode is set automatically.

Note that changing of this parameter value should be done with the highest caution as not all kernels of GNU/Linux operating systems work correctly with SpIDer Guard in different modes.

It is strongly recommended to set this parameter value to AUTO, as in this case the best mode will be selected for integration with the file system manager on startup. At that, the module will attempt to enable FANOTIFY mode and, on failure — LKM. If none of the modes can be set, the module exits.

Default value:

Mode = AUTO

OnKnownVirus = {action}

Action applied by Dr.Web for UNIX File Servers to a known threat (virus, etc.) detected by using signature analysis during the scanning initiated by SpIDer Guard.

Allowed values:

Cure, Quarantine, Delete

Default value:

OnKnownVirus = Cure

OnIncurable = {action}

Action applied by Dr.Web for UNIX File Servers to an incurable threat (that is, an attempt to apply Cure failed) detected during the scanning initiated by SpIDer Guard.

Allowed values:

Quarantine, Delete

Default value:

OnIncurable = Quarantine

OnSuspicious = {action}

Action applied by Dr.Web for UNIX File Servers to an unknown threat (or suspicious objects) detected by using heuristic analysis during the scanning initiated by SpIDer Guard.

Allowed values:

Report, Quarantine, Delete

Default value:

OnSuspicious = Quarantine

OnAdware = {action}

Action applied by Dr.Web for UNIX File Servers to adware detected during the scanning initiated by SpIDer Guard.

Allowed values:

Report, Quarantine, Delete

Default value:

OnAdware = Quarantine

OnDialers = {action}

Action applied by Dr.Web for UNIX File Servers to a dialer program detected during the scanning initiated by SpIDer Guard.

Allowed values:

Report, Quarantine, Delete

Default value:

OnDialers = Quarantine

OnJokes = {action}

Action applied by Dr.Web for UNIX File Servers to a joke program detected during the scanning initiated by SpIDer Guard.

Allowed values:

Report, Quarantine, Delete

Default value:

OnJokes = Report

OnRiskware = {action}

Action applied by Dr.Web for UNIX File Servers to riskware detected during the scanning initiated by SpIDer Guard.

Allowed values:

Report, Quarantine, Delete

Default value:

OnRiskware = Report

OnHacktools = {action}

Action applied by Dr.Web for UNIX File Servers to a hacktool detected during the scanning initiated by SpIDer Guard.

Allowed values:

Report, Quarantine, Delete

Default value:

OnHacktools = Report

ScanTimeout = {time interval}

Timeout for scanning of one file at request received from SpIDer Guard.

If the value is set to 0, time to scan a file is not limited.

Default value:

ScanTimeout = 30s

HeuristicAnalysis = {On | Off}

Indicates whether heuristic analysis is used for detection of unknown threats during the file scanning initiated by SpIDer Guard. Heuristic analysis provides higher detection reliability but, at the same time, it increases time of virus scanning.

Action applied to threats detected by heuristic analyzer is specified as the OnSuspicious parameter value.

Allowed values:

On — instructs to use heuristic analysis when scanning.

Off — instructs not to use heuristic analysis.

Default value:

HeuristicAnalysis = On

PackerMaxLevel = {integer}

Maximum nesting level when scanning packed objects. All objects at a deeper nesting level are skipped during the file scanning initiated by SpIDer Guard.

If the value is set to 0, nested objects are not scanned.

Default value:

PackerMaxLevel = 8

ArchiveMaxLevel = {integer}

Maximum nesting level when scanning archives. All objects at a deeper nesting level are skipped during the file scanning initiated by SpIDer Guard.

If the value is set to 0, nested objects are not scanned.

Default value:

ArchiveMaxLevel = 0

MailMaxLevel = {integer}

Maximum nesting level when scanning email messages and mailboxes. All objects at a deeper nesting level are skipped during the file scanning initiated by SpIDer Guard.

If the value is set to 0, nested objects are not scanned.

Default value:

MailMaxLevel = 0

ContainerMaxLevel = {integer}

Maximum nesting level when scanning other containers (for example, HTML pages). All objects at a deeper nesting level are skipped during the file scanning initiated by SpIDer Guard.

If the value is set to 0, nested objects are not scanned.

Default value:

ContainerMaxLevel = 8

MaxCompressionRatio = {integer}

Maximum compression ratio of scanned objects (ratio between the uncompressed size and compressed size). If the ratio of an object exceeds the limit, this object is skipped during the file scanning initiated by SpIDer Guard.

The compression ratio must be at least equal to 2.

Default value:

MaxCompressionRatio = 500