Scanner

A component which performs scanning of file system objects (files, directories and boot records) for threats on user demand or on schedule. The user can start scanning either in graphical mode or in command line mode.

SpIDer Guard

A resident mode component which tracks file operations (such as creating, opening, closing and starting). It sends requests to Scanner to scan the contents of new and modified files as well as executable files when programs are started. It interacts with the OS file system using the fanotify system mechanism or a custom Linux kernel module (LKM, or Loadable Kernel Module) developed by the Doctor Web company. When using the fanotify system mechanism, the monitor can operate in enhanced mode, blocking access to the files that have not been scanned yet (of all types or executables only) until the scan is complete. By default, the enhanced monitoring mode is disabled.

SpIDer Gate

A resident mode component which monitors all network connections.

•Checks whether a URL is present in databases of web resource categories or in user black lists. Blocks access to websites if URLs targeting them are included in a user black list or belong to categories marked as unwanted.

•Blocks sending email messages if they contain malicious objects or unwanted links.

•Sends files downloaded from the internet (from the servers access to which is not restricted) to Scanner and blocks downloading them if they contain threats.

•If allowed by the user, sends requested URLs to the Dr.Web Cloud service for scanning.

Scanning Engine

A core component of the anti-virus solution. It is used by Scanner to find and detect viruses and other malicious programs as well as to analyze suspicious behavior.

Dr.Web Anti-Spam

A component which performs scanning of email messages for signs of spam. This component is not included in versions for ARM64, E2K and IBM POWER (ppc64el) architectures.

Virus databases

An automatically updated database containing information about known threats and used by the scanning engine to detect and cure them.

Database of web resource categories

An automatically updated database containing a list of web resources separated into categories and used by SpIDer Gate to block access to unwanted websites.

Updating component

A component which automatically downloads updates of virus databases, databases of web resource categories and the scanning engine from Doctor Web update servers (either on schedule or on user demand).

Graphical management interface

A component which provides a window graphical interface for management of Dr.Web for Linux. It allows the user to run scanning of file system objects in graphical mode, manage operation of the SpIDer Guard and SpIDer Gate monitors, view quarantined objects, start receiving updates and also configure Dr.Web for Linux operation.

Notification agent

A component which operates in background mode. It displays pop-up notifications on events and the Dr.Web for Linux indicator in the notification area, runs scheduled scanning. By default it is started together with a user session in the desktop environment.

License manager

A component which facilitates managing licenses in graphical mode. It allows to activate a license or a demo period, view information about the current license, renew it, and install or remove a license key file.