Main Functions |
Dr.Web for Linux main functions: 1. of malicious programs (for example, viruses, including those that infect mail files and boot records, trojans, mail worms) and unwanted software (for example, adware, joke programs, dialers, and so on). For details on methods used to neutralize threats, refer to Appendix A. Types of Computer Threats. The product uses several malware detection methods simultaneously: •Signature analysis, which allows detection of known threats from virus databases. •Heuristic analysis, which allows detection of threats that are not present in virus databases. •Cloud-based threat detection technologies, using the Dr.Web Cloud service that collects up-to-date information about recent threats and sends it to Dr.Web products. Note that the heuristics analyzer may raise false alarms on software activities which are not malicious. Thus, objects that contain threats detected by the analyzer are considered “suspicious”. It is recommended to quarantine such files and send them for analysis to Doctor Web anti-virus laboratory. For details on methods used to neutralize threats, refer to Appendix B. Neutralizing Computer Threats. File system scanning can be started in two ways: on demand and automatically, according to the schedule. There are two modes of scanning: full scan (scan of all file system objects) and custom scan (scan of selected objects: directories or files). Moreover, the user can start a separate scan of volume boot records and executable files that ran currently active processes. In the latter case, if a malicious executable file is detected, it is neutralized and all processes run by this file are forced to terminate. For operating systems with a graphical desktop environment, integration of file scanning with either the taskbar or a graphic file manager is available. For systems that implement mandatory access control with different access levels, files that are not available for a current level can be scanned as an offline copy. All objects containing threats detected in the file system are registered in the permanently stored threats registry, except those threats that were detected in the autonomous copy mode. The command-line tool included in Dr.Web for Linux, allows to scan for threats file systems of remote network hosts, that provide remote terminal access via SSH or Telnet.
2.. This mode tracks the access to data files and attempts to run executables. This allows you to detect and neutralize malware when it attempts to infect the computer. In addition to the standard monitoring mode, you can use the enhanced (or Paranoid) mode, so that the monitor blocks access to files until the scan is completed (this helps prevent access to files that contain a threat; however, the scan result only becomes known after the application manages to access the file). The enhanced monitoring mode increases security, but slows down the access to non-verified files for applications. 3.. All attempts to access internet servers (web servers, file servers) via the HTTP and FTP protocols are monitored to block access to websites or hosts of the unwanted categories, and to prevent downloading malicious files. 4. to prevent receiving and sending emails containing infected files and unwanted links, as well as emails classified as spam. Scan of email messages and files downloaded for viruses and other threats from the web is performed on the fly. Depending on the distribution, Dr.Web Anti-Spam could be unavailable in Dr.Web for Linux. In this case, email messages will not be scanned for signs of spam. To restrict access to unwanted websites, Dr.Web for Linux supports a database of web resource categories that is automatically updated, and black and white lists that are edited by the user. Dr.Web CloudD service is also used to check whether the requested web resource is marked malicious by other anti-virus products of Dr.Web.
5.. Such objects are moved to a special storage, quarantine, to prevent any harm to the system. When moved to quarantine, objects are renamed according to special rules and, if necessary, they can be restored to their original location only on demand. 6. of Dr.Web virus databases and of the scan engine to support a high level of protection against malware. 7. on virus events, logging threat detection events (available only via command line tool), as well as the sending of statistics on virus incidents to Dr.Web Cloud service. 8. (when connected to the centralized protection server, such as Dr.Web Enterprise Server or as a part of Dr.Web AV-Desk service). This mode allows implementation of a unified security policy on computers within the protected network. It can be a corporate network, a private network (VPN), or a network of a service provider (for example, an internet service provider).
|