LogLevel

{logging level}

Logging level of the component.

If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.

Default value: Notice

Log

{log type}

Logging method of the component.

Default value: Auto

LogProtocol

{logical}

Store or do not store protocol messages in the log file of NSS volume monitor SpIDer Guard for NSS.

Allowed values:

•Yes—store;

•No—do not store.

Default value: No

ExePath

{path to file}

Component executable path.

Default value: <opt_dir>/bin/drweb-nss.

•For GNU/Linux: /opt/drweb.com/bin/drweb-nss

Start

{logical}

The component must be started by the Dr.Web ConfigD configuration daemon.

Setting the value of this parameter to Yes instructs the configuration daemon to start the component immediately, and setting the value of this parameter to No—to terminate the component immediately.

Default value: No

ProtectedVolumes

{volume name}

Names of NSS file system volumes mounted on the NSS volume mounting point and protected by the suite. If no value is specified, all volumes at the NSS volume mounting point must be protected.

Accepts a list of values. The values in the list must be comma-separated (with each value put in quotation marks). The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: add volumes vol1 and vol2 to the list.

1.Adding values to the configuration file.

•Two values per string:

•Two strings (one value per string):

2.Adding values with the drweb-ctl cfset command:

Default value: (not specified)

ExcludedPath

{path to file or directory}

Path to the object (a directory or file) to be skipped during scanning. If a directory is specified, all directory contents including subdirectories and nested files will be skipped excluding objects which paths are specified in the IncludedPath parameter—such objects will be scanned.

Multiple values can be specified as a list. List values must be comma-separated and put in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: add the /etc/file1 file and the /usr/bin directory to the list.

1.Adding values to the configuration file.

•Two values per string:

•Two strings (one value per string):

2.Adding values with the drweb-ctl cfset command:

The parameter allows to use file masks (wildcards). Case sensitivity of the indicated paths is defined by NSS settings.

Paths in the list must be relative to a NSS volume mounting point.

Default value: (not specified)

IncludedPath

{path to file or directory}

Path to the object (a file or directory) to be scanned. If a directory is specified, all directory contents including nested files and directories will be scanned.

This parameter can be used only if you want to allow scanning of separate objects (files or subdirectories) paths to which is specified in the ExcludedPath parameter. If a path to an object is specified simultaneously in the IncludedPath and ExcludedPath parameters, this object will be scanned.

Multiple values can be specified as a list. List values must be comma-separated and put in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).

Example: add the /etc/file1 file and /usr/bin directory to the list.

1.Adding values to the configuration file.

•Two values per string:

•Two strings (one value per string):

2.Adding values with the drweb-ctl cfset command:

The parameter allows to use file masks (wildcards) and can be case-sensitive (depending on NSS settings).

Paths in the list must be relative to a NSS volume mounting point.

Default value: (not specified)

OnKnownVirus

{action}

Action to be applied on detection of a known threat.

Acceptable values: Cure, Quarantine, Delete.

Default value: Cure

OnIncurable

{action}

Action to be applied on detection of an incurable threat.

Acceptable values: Quarantine, Delete.

Default value: Quarantine

OnSuspicious

{action}

Action to be applied on detection of an unknown threat.

Acceptable values: Report, Quarantine, Delete.

Default value: Quarantine

OnAdware

{action}

Action to be applied on detection of adware.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnDialers

{action}

Action to be applied on detection of a dialer.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnJokes

{action}

Action to be applied on detection of a joke program.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnRiskware

{action}

Action to be applied on detection of riskware.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnHacktools

{action}

Action to be applied on detection of a hacktool.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

OnError

{action}

Action to be applied in case of a file scanning error.

Acceptable values: Report, Quarantine, Delete.

Default value: Report

ScanTimeout

{time interval}

Timeout for scanning one file initiated by the NSS volume monitor.

Allowed values: from 1 second (1s) to 1 hour (1h).

Default value: 30s

HeuristicAnalysis

{On | Off}

Enable or disable the heuristic analysis for detection of potential unknown threats during the scanning initiated by the NSS volume monitor. The heuristic analysis provides higher detection reliability but increases the duration of scanning.

Action applied to threats detected by the heuristic analyzer is specified as the OnSuspicious parameter value.

Allowed values:

•On—enable the heuristic analysis while scanning;

•Off—disable the heuristic analysis.

Default value: On

PackerMaxLevel

{integer}

Maximum nesting level for packed objects. A packed object is executable code compressed with special software (UPX, PELock, PECompact, Petite, ASPack, Morphine and so on). Such objects may include other packed objects which may also include packed objects and so on. The value of this parameter specifies the nesting limit beyond which packed objects inside other packed objects are not scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 8

ArchiveMaxLevel

{integer}

Maximum nesting level for archives (.zip, .rar, and so on) in which other archives may be enclosed (and these archives may also include other archives, and so on). The value of this parameter specifies the nesting limit beyond which archives enclosed in other archives are not scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 0

MailMaxLevel

{integer}

Maximum nesting level for files of mailers (.pst, .tbb and so on) in which other files may be enclosed (and these files may also include other files and so on). The value of this parameter specifies the nesting limit beyond which objects inside other objects are not scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 8

ContainerMaxLevel

{integer}

Maximum nesting level when scanning other types objects inside which other objects are enclosed (HTML pages, .jar files, etc.). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.

The nesting level is not limited. If the value is set to 0, nested objects are not scanned.

Default value: 8

MaxCompressionRatio

{integer}

Maximum compression ratio of scanned objects (ratio between the compressed size and uncompressed size). If the ratio of an object exceeds the limit, this object is skipped during the scanning initiated by the NSS volume monitor.

The compression ratio must be no less than 2.

Default value: 500