The quarantine of Dr.Web for Linux is a system of directories designed to isolate files containing detected threats that cannot be currently cured for some reason. For example, a detected threat can be incurable because Dr.Web for Linux is still unaware of it (for example, the threat was detected by the heuristic analyzer, but the virus databases do not cover the threat signature and a method to cure) or curing causes errors. Moreover, a file can be quarantined on user demand if the user selected the corresponding action in the list of detected threats or specified this action in settings as a reaction of Scanner or the SpIDer Guard file system monitor to threats of a specific type.
When a file is quarantined, it is renamed according to special rules to prevent its identification by users and applications and inhibit accessing it without quarantine management tools implemented in Dr.Web for Linux. Moreover, when a file is quarantined, its execution bit is always reset to prevent running this file.
Quarantine directories are located in:
•a user home directory (if multiple user accounts exist on the computer, a separate quarantine directory can be created for each of the users);
•a root directory of each logical volume mounted on the file system.
Dr.Web for Linux quarantine directories are always named .com.drweb.quarantine and are not created until the “Quarantine” action is applied, that is, quarantine directories are not created until a threat is detected. At that, only a directory required for isolation of the file is created. When selecting the directory, the name of the file owner is used. Search is performed upwards from the directory containing the file to the file system root /; if the home directory of the owner is reached, the file is isolated in the quarantine directory under the home directory. Otherwise, the file is isolated in the quarantine directory created under the volume root directory (which is not always the same as the file system root directory). Thus, any infected file put in quarantine is always kept on the same volume, which provides for correct operation of quarantine in case there are removable data storage devices and other volumes that can be mounted in the file system occasionally and on different mount points.
A user can manage quarantine contents either in graphical mode or in command-line mode. At that, all currently available quarantine directories containing isolated objects are always processed as a single entity. From the point of view of a user who views the contents of the combined quarantine, the quarantine directory located in the home directory is a User quarantine, and all other quarantine directories are a System quarantine.
|
You can manage quarantine even if no active license was found; however, isolated objects cannot be cured in this case. |
