LogLevel
{logging level}
|
Logging level of the component.
If the parameter value is not specified, the DefaultLogLevel parameter value from the [Root] section is used.
Default value: Notice
|
Log
{log type}
|
Logging method of the component.
Default value: Auto
|
ExePath
{path to file}
|
Component executable path.
Default value: <opt_dir>/bin/drweb-spider.
•For GNU/Linux: /opt/drweb.com/bin/drweb-spider |
Start
{logical}
|
The component must be started by the Dr.Web ConfigD configuration daemon.
Setting this parameter to Yes instructs the configuration daemon to start the component immediately; and setting this parameter to No instructs the configuration daemon to terminate the component immediately.
Default value: Depends on the Dr.Web product in which the component is supplied and operates.
|
Mode
{FANOTIFY | AUTO}
|
Defines the SpIDer Guard operation mode.
Allowed values:
•FANOTIFY—use the fanotify monitoring interface;
•AUTO—select an optimal operation mode automatically.
Default value: AUTO
|
DebugAccess
{logical}
|
Log or do not log detailed information on access attempts to files at the debug level (when LogLevel = DEBUG).
Default value: No
|
ExcludedProc
{path to file}
|
List of processes that are excluded from file monitoring. If a file operation was initiated by one of the processes specified in the parameter value, the modified or created file will not be scanned.
Multiple values can be specified as a list. List values must be comma-separated and put in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Example: Add the wget and curl processes to the list.
1.Adding values to the configuration file.
•Two values per string:
[LinuxSpider]
ExcludedProc = "/usr/bin/wget", "/usr/bin/curl"
|
•Two strings (one value per string):
[LinuxSpider]
ExcludedProc = /usr/bin/wget
ExcludedProc = /usr/bin/curl
|
2.Adding values with the drweb-ctl cfset command:
# drweb-ctl cfset LinuxSpider.ExcludedProc -a /usr/bin/wget
# drweb-ctl cfset LinuxSpider.ExcludedProc -a /usr/bin/curl
|
Default value: (not specified)
|
ExcludedFilesystem
{file system name}
|
Exclude the specified file system from monitoring.
This option is available only in the FANOTIFY mode.
Multiple values can be specified as a list. List values must be comma-separated and put in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Example: Add the cifs and nfs file systems to the list.
1.Adding values to the configuration file.
•Two values per string:
[LinuxSpider]
ExcludedFilesystem = "cifs", "nfs"
|
•Two strings (one value per string):
[LinuxSpider]
ExcludedFilesystem = cifs
ExcludedFilesystem = nfs
|
2.Adding values with the drweb-ctl cfset command:
# drweb-ctl cfset LinuxSpider.ExcludedFilesystem -a cifs
# drweb-ctl cfset LinuxSpider.ExcludedFilesystem -a nfs
|
Default value: cifs
|
BlockBeforeScan
{Off | Executables | All}
|
Block files until they are scanned by the monitor (in the enhanced or “paranoid” monitoring mode).
Allowed values:
•Off—do not block access to files even if they were not scanned;
•Executables—block access to executable files (PE, ELF files and scripts that contain the #! preamble) not scanned by the monitor;
•All—block access to any files not scanned by the monitor.
Files are blocked only in the FANOTIFY mode.
Default value: Off
|
[*] ExcludedPath
{path to file or directory}
|
A path to an object (file or directory) to be excluded from file monitoring. Either a directory or a certain file can be specified. If a directory is specified, all files and subdirectories (including nested ones) will be skipped. You can use file masks (containing characters ? and *, as well as symbol classes [ ], [! ], [^ ]).
Multiple values can be specified as a list. List values must be comma-separated and put in quotation marks. The parameter can be specified more than once in the section (in this case, all its values are combined into one list).
Example: Add the /etc/file1 file and the /usr/bin directory to the list.
1.Adding values to the configuration file.
•Two values per string:
[LinuxSpider]
ExcludedPath = "/etc/file1", "/usr/bin"
|
•Two strings (one value per string):
[LinuxSpider]
ExcludedPath = /etc/file1
ExcludedPath = /usr/bin
|
2.Adding values with the drweb-ctl cfset command:
# drweb-ctl cfset LinuxSpider.ExcludedPath -a /etc/file1
# drweb-ctl cfset LinuxSpider.ExcludedPath -a /usr/bin
|
Note that symbolic links here have no effect as only a direct path to a file is analyzed when scanning.
Default value: /proc, /sys
|
[*] OnKnownVirus
{action}
|
Action to be applied upon detection of a known threat (a virus and so on) in the scanned file.
Allowed values: Report, Cure, Quarantine, Delete.
Default value: Report
|
[*] OnIncurable
{action}
|
Action to be applied upon detection of an incurable threat.
Allowed values: Quarantine, Delete.
Default value: Quarantine
|
[*] OnSuspicious
{action}
|
Action to be applied upon detection of an unknown threat (or a suspicious object) in the scanned file by using heuristic analysis.
Allowed values: Report, Quarantine, Delete.
Default value: Report
|
[*] OnAdware
{action}
|
Action to be applied upon detection of adware in the scanned file.
Allowed values: Report, Quarantine, Delete.
Default value: Report
|
[*] OnDialers
{action}
|
Action to be applied upon detection of a dialer in the scanned file.
Allowed values: Report, Quarantine, Delete.
Default value: Report
|
[*] OnJokes
{action}
|
Action to be applied upon detection of a joke program in the scanned file.
Allowed values: Report, Quarantine, Delete.
Default value: Report
|
[*] OnRiskware
{action}
|
Action to be applied upon detection of riskware in the scanned file.
Allowed values: Report, Quarantine, Delete.
Default value: Report
|
[*] OnHacktools
{action}
|
Action to be applied upon detection of a hacktool in the scanned file.
Allowed values: Report, Quarantine, Delete.
Default value: Report
|
[*] ScanTimeout
{time interval}
|
Timeout for scanning one file.
Allowed values: from 1 second (1s) to 1 hour (1h).
Default value: 30s
|
[*] HeuristicAnalysis
{On | Off}
|
Enable or disable the heuristic analysis for detection of unknown threats. The heuristic analysis provides higher detection reliability but increases the duration of scanning.
Action applied to threats detected by the heuristic analyzer is specified as the OnSuspicious parameter value.
Allowed values:
•On—enable the heuristic analysis while scanning;
•Off—disable the heuristic analysis.
Default value: On
|
[*] PackerMaxLevel
{integer}
|
Maximum nesting level for packed objects. A packed object is executable code compressed with special software (UPX, PELock, PECompact, Petite, ASPack, Morphine and so on). Such objects may include other packed objects which may also include packed objects and so on. The value of this parameter specifies the nesting limit beyond which packed objects inside other packed objects are not scanned.
The nesting level is not limited. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[*] ArchiveMaxLevel
{integer}
|
Maximum nesting level for archives (.zip, .rar, and so on) in which other archives may be enclosed (and these archives may also include other archives, and so on). The value of this parameter specifies the nesting limit beyond which archives enclosed in other archives are not scanned.
The nesting level is not limited. If the value is set to 0, nested objects are not scanned.
Default value: 0
|
[*] MailMaxLevel
{integer}
|
Maximum nesting level for files of mailers (.pst, .tbb and so on) in which other files may be enclosed (and these files may also include other files and so on). The value of this parameter specifies the nesting limit beyond which objects inside other objects are not scanned.
The nesting level is not limited. If the value is set to 0, nested objects are not scanned.
Default value: 0
|
[*] ContainerMaxLevel
{integer}
|
Maximum nesting level when scanning other types objects inside which other objects are enclosed (HTML pages, .jar files, etc.). The value of this parameter specifies the nesting limit beyond which objects inside other objects will not be scanned.
The nesting level is not limited. If the value is set to 0, nested objects are not scanned.
Default value: 8
|
[*] MaxCompressionRatio
{integer}
|
Maximum compression ratio of scanned objects (a ratio of an uncompressed size to a compressed size). If the ratio of an object exceeds the limit, this object is skipped while scanning.
The compression ratio must be no less than 2.
Default value: 500
|