Monitoring of Network Connections

In this section:

General Information.

Managing Operation of the Network Connection Monitor.

Configuring SpIDer Gate.

Problems with SpIDer Gate Operation.

General Information

Continuous control of established network connections is performed by SpIDer Gate. It restricts access to websites added to user black lists or marked as unwanted for visiting. In addition, SpIDer Gate scans:

incoming and outgoing email messages;

files downloaded from the internet.

If SpIDer Gate detects a threat in the scanned object, SpIDer Gate blocks its receiving or sending.

The Dr.Web for Linux graphical management interface allows you to configure the operation of SpIDer Gate:

Start and stop the network connection monitor.

View the number of scanned and blocked objects and attempts to access websites.

Configure the following parameters of network connection monitoring:

oSelect a type of traffic to be scanned (web traffic, FTP traffic).

oList of websites and hosts access to which is restricted.

oPersonal black and white lists of websites and hosts.

oParameters of scanning files downloaded from the internet.

The threats in email messages can be detected by the enabled file system monitor SpIDer Guard at the moment of their saving by the mail client to the local file system.

Managing Operation of the Network Connection Monitor

You can start and stop the network connection monitor SpIDer Gate and view statistics on its operation on the special page of Dr.Web for Linux. To access the page, click SpIDer Gate on the main page.

Figure 14. SpIDer Gate management page

On the page for monitoring management, the following information is displayed:

State of the network connection monitor SpIDer Gate (enabled or disabled) and details on errors if they occurred during the component operation.

Monitoring statistics:

Average speed of scanning of email messages and files downloaded from the internet.

Number of scanned objects (email messages, files downloaded from the internet and URLs).

Number of blocked attempts to access websites and malicious objects.

To enable monitoring, if disabled, click Enable. To disable monitoring, if enabled, click Disable.

To disable the monitoring of network connections, the application must operate with elevated permissions. Refer to Managing Application Privileges section.

 

The option to enable and disable the SpIDer Gate network connection monitor when Dr.Web for Linux is operating under the centralized protection server can be blocked if disabled by the server.

State of the network connection monitor SpIDer Gate (enabled or disabled) is indicated as follows:

SpIDer Gate is enabled and is controlling network connections (and also email and internet access).

SpIDer Gate is not controlling network connections (access to websites is not restricted, email messages and downloaded files are not scanned) because either the user disabled the component or an error occurred.

If a mail client using IMAP for receiving messages (for instance, Mozilla Thunderbird) is running on your system, restart it after the antivirus is installed so that incoming email messages could be scanned.

To close the page, go to another page by using the buttons in the pane.

Configuring SpIDer Gate

Operation setting of the network connection monitor SpIDer Gate is performed in the settings window:

on the SpIDer Gate tab, you can specify the list of blocked website categories and reaction to the detected threats.

on the Exclusions tab, configure the black and white lists of websites and exclude application network activity from monitoring.

on the Network tab—managing the scan of protected connections (SSL/TLS).

Problems with SpIDer Gate Operation

If an error occurs in operation of the network connection monitor, the management page displays the error message. To solve the problem, refer to the description of known errors in Appendix D. Known Errors section.

Depending on the distribution, Dr.Web Anti-Spam could be unavailable in Dr.Web for Linux. In this case, email messages will not be scanned for signs of spam.

 

If any email messages are falsely detected by the email anti-spam component Dr.Web Anti-Spam, we recommend you to forward them to special addresses for analysis and improvement of spam filter quality. To do that, save each message to a separate .eml file. Then attach the files to an email message and forward it to the special address.

nonspam@drweb.com—if it contains email files, erroneously considered spam;

spam@drweb.com—if it contains spam email files, failed to be recognized as spam.