Command-line management

 Top  Previous  Next

You can manage operation of Dr.Web for Linux from the command line with the help of a special command-line tool—drweb-ctl.

You can do the following actions from the command line:

Start scanning file system objects including boot records

Launch of scanning of files on remote network hosts (see note below).

Start updating virus databases

View and change parameters of Dr.Web for Linux configuration

View the status of the product's components and statistics on detected threats

View quarantine and manage quarantined objects

Connect to the central protection server or disconnect from it

User commands for Dr.Web for Linux management can have an effect only if Dr.Web for Linux service components are running (by default, they are automatically run on system startup).

Note that some control commands require superuser privileges. To elevate privileges, use the su command (change the current user) or the sudo command (execute the specified command with other user privileges).

The drweb-ctl tool supports auto-completion of commands for managing Dr.Web for Linux operation if this option is enabled in the used command shell. If the command shell does not allow auto-completion, you can configure this option. For that purpose, refer to the instruction manual for the used OS distribution.

When shutting down, the tool returns the exit code according to convention for the POSIX compliant systems: 0 (zero)—if an operation is successfully completed, non-zero—if otherwise.

Note that the tool returns a non-null exit code only in case of internal error (for example, the tool could not connect to a component, a requested operation could not be executed, etc.). If the tool detects (and possibly) neutralizes a threat, it returns the null exit code, because the requested operation (such as scan, etc.) is successfully competed. If it is necessary to define the list of detected threats and applied actions, analyze the messages displayed on the console.

Remote host scanning

Dr.Web for Linux allows to perform scanning for threats of files located on remote network hosts. Such hosts can be not only full computing machines (workstations and servers) but also routers, set-top boxes and other “smart” devices that form the so-called Internet of things. To perform the remote scanning, it is necessary for the remote host to provide a remote terminal access via SSH (Secure Shell). Besides, it is required to know an IP address and a domain name of the remote host, name and password of the user, who could remotely access the system via SSH. The indicated user must have access rights to the scanned files (at least the reading rights).

This function can be used only for detection of malicious and suspicious files on a remote host. Elimination of threats (i.e. isolation in the quarantine, removal and curing of malicious objects) using means of the remote scanning is impossible. To eliminate detected threats on the remote host, it is necessary to use administration tools provided directly by this host. For example, for routers and other “smart” devices, a mechanism for a firmware update can be used; for computing machines, it can be done via a connection to them (as an option, using a remote terminal mode) and respective operations in their file system (removal or moving of files, etc.), or via running an anti-virus software installed on them.

Remote scanning is performed only via the command-line tool drweb-ctl (the remotescan command is used).