Program Structure

 Top  Previous  Next

Dr.Web for Linux consists of the following components:

Component

Description

Scanner

The component which performs scanning of file system objects (files, directories, boot records) at user’s request or as scheduled to detect threats. The user can start scans when operating in graphical mode or from the command line.

The file system monitor SpIDer Guard

The component which operates in resident mode and monitors file operations (creation, opening, closing, and running of a file). It sends Scanner tasks to scan new and modified files or executable files upon a program startup. It operates with the OS file system via the system mechanism fanotify or via the special kernel module (LKM – Linux Kernel Module) developed by Doctor Web.

The network connection monitor SpIDer Gate

The component which works in resident mode and monitors all network connections.

It checks whether the requested URL falls into the unwanted category of web resources or in the user’s black list, and, if so, blocks access to the resource.

Blocks transfer of email messages if they contain malicious objects or unwanted links.

The component also sends Scanner tasks to scan files downloaded from the Internet (from servers whose access is not restricted) and blocks their download if they contain threats.

Additionally, if it has the permission from the user, the component sends URL to Dr.Web Cloud service for a check.

Anti-virus Engine

The core component of the anti-virus protection. It is used by Scanner to detect viruses and malicious programs as well as algorithms to analyze suspicious behavior.

Virus database

Automatically updated database used by anti-virus engine. The database contains information for detection and curing of known threats.

Database of web resource categories

Automatically updated database. The database contains information on web resources assigned to pre-defined categories. SpIDer Gate uses them to block access to web resources of categories that are marked as unwanted.

Updating component

It automatically downloads updates of the virus databases, databases of web resource categories and anti-virus engine from Doctor Web servers (both scheduled and on demand).

Graphical management interface

The component that provides a window graphical interface for management of Dr.Web for Linux. It allows users to run scanning of file system objects in the graphical mode, manage operation of SpIDer Guard and SpIDer Gate, view the quarantine contents, launch receiving of updates, and also configure Dr.Web for Linux’s operation.

Notification agent

The component that works in a background mode. It displays pop-up notifications on events and Dr.Web for Linux’s indicator in the notification area, runs scheduled scanning. By default it is launched when user’s session starts in the desktop environment.

License Manager

The component simplifies work with licenses in graphical mode. It allows to activate license or demo period, view information about the current license, renew it, and install or remove the license key file.

Apart from the additional service components, Dr.Web for Linux also includes additional service components running in background. They do not require any user intervention.

SpIDer Guard, the file system monitor, can operate in one of the following modes:

FANOTIFY—using the fanotify monitoring interface (not all GNU/Linux-based OSes support this mode)

LKM—using the loadable Linux kernel module (compatible with any GNU/Linux-based OS with kernel 2.6.x and newer)

By default, the file system monitor automatically chooses the appropriate operation mode according to the environment. If SpIDer Guard cannot be started, build and install a loadable kernel module by using the supplied source codes.