Drweb Linuxcc 601 en

© 2010 Doctor Web. All rights reserved.
This document is the property of Doctor Web. No part of this

document may be reproduced, published or transmitted in any form
or by any means for any purpose other than the purchaser's personal
use without proper attribution.
TRADEMARKS
Dr.Web, the Dr.WEB logo, SpIDer Guard are trademarks and
registered trademarks of Doctor Web in Russia and/or other countries.
Other trademarks, registered trademarks and company names used in
this document are property of their respective owners.
DISCLAIMER
In no event shall Doctor Web and its resellers or distributors be liable
for errors or omissions, or any loss of profit or any other damage
caused or alleged to be caused directly or indirectly by this document,
the use of or inability to use information contained in this document.
Antivirus Dr.Web® for Linux

Version 6.0.0
User Manual
01.10.2010
Doctor Web Head Office
2-12A, 3rd str. Yamskogo polya
Moscow, Russia
125124
Web site: www.drweb.com

Phone: +7 (495) 789-45-87
Refer to the official web site for regional and international office
information.
Doctor Web
Doctor Web develops and distributes Dr.Web® information

security solutions which provide efficient protection from malicious
software and spam.
Doctor Web customers can be found among home users from all
over the world and in government enterprises, small companies
and nationwide corporations.
Dr.Web antivirus solutions are well known since 1992 for

continuing excellence in malware detection and compliance with
international information security standards. State certificates and
awards received by the Dr.Web solutions, as well as the globally
widespread use of our products are the best evidence of
exceptional trust to the company products.
We thank all our customers for their support and

devotion to the Dr.Web products!
4
Table of Contents
1. Introduction 6
1.1. Antivirus Dr.Web® for Linux 6
1.2. Document Conventions 8
2. Installation and Removal 9

2.1. System Requirements 10
2.1.1. OS protected by SELinux 11
2.2. Package files location 12
2.3. Installing Dr.Web for Linux 14
2.4. Removing Dr.Web for Linux 17
2.5. User interface of graphical installer 19
2.6. User interface of graphical uninstaller 22
2.7 Interactive console installer 25
2.8 Interactive console uninstaller 28
3. General information on operation of

Dr.Web for Linux solution. 31
3.1. Startup 31
3.2. Primary functions 34
3.3. Constant Anti-virus Protection 35
3.4. Performing a System Scan On Demand 36
3.4.1. Eliminate Threats 40
3.5. Updating the Program 43
3.6. Getting Help 43
4. Advanced Usage 45
4.1. Viewing the Results 45
User Manual
5
4.2. Managing the Quarantine 47

4.3. Adjusting Schedules 50
4.4. Adjusting Automatic Actions 52
4.5. Excluding Files from Scanning 54
4.6. Adjusting Notifications 55
4.7. Simultaneous use of Dr.Web for Linux by
several users 57
4.8. Central Anti-virus Protection 58
4.8.1. Configuring Central Protection Mode 60
4.8.2. Creating New Account on the Central
Protection Server 63
4.8.3. Configuring Components via Web Interface of
the Central Protection Server 65
4.8.4. Configuring Standalone Mode 66
4.8.5. Additional Settings for Standalone Mode 67
5. Using the License Manager 69

5.1. License Key File 71
5.2. Licensing Parameters 72
5.3. Receiving a key file 72
5.4. License Renewal 79
6. Command Line Parameters 86

6.1. Control Center Parameters 86
6.2. SpIDer Guard Parameters 86
6.3. Scanner Parameters 87
Technical Support 92
User Manual
1. Introduction 6
1. Introduction
1.1. Antivirus Dr.Web® for Linux

Thank you for purchasing Antivirus Dr.Web® for Linux. Dr.Web
for Linux anti-virus solution offers reliable protection of computers
running GNU/Linux OS from various types of computer threats using
the most advanced virus detection and neutralization technologies.
The core components of the program (anti-virus engine and virus

databases) are not only extremely effective and resource-sparing,
but also cross-platform, which allows specialists in Doctor Web to
create outstanding anti-virus solutions for different operating
systems. Components of Dr.Web for Linux are constantly updated
and Dr.Web virus databases are supplemented with new
signatures to assure up-to-date protection. Also, a heuristic analyzer
is used for additional protection against unknown viruses.
User-friendly interface of Dr.Web for Linux enables point-and-click

access to its major functions and settings of program components.
A quite intuitive arrangement of settings allows to adjust flexibly

program behaviour: exclude from scan files and folders, set
maximum size of the Quarantine, enable sound notifications for
various events, etc.
Dr.Web for Linux consists of the following components each

performing its own set of functions:
User Manual
1. Introduction 7
Component Description
This virus-detection component is used for:
· express, full and custom system scan on user
demand or according to schedule;
· neutralization of detected threats (Report,
Scanner Cure, Move, Delete, Ignore - the necessary
action is either selected by the user manually or
an action specified in the settings is applied
automatically for the corresponding type of
threat).
This is a resident anti-virus component. It checks all files

SpIDer Guard
which are being used in real time mode.
This is a special directory which is used for isolation of
Quarantine infected files and other threats so that they cannot
cause any damage to the system.
Automatic This component is used for updating Dr.Web virus
Updating Utility databases via the Internet on user demand or
(Updater) according to schedule.
This component is used to simplify management of key
License
files: it allows to receive demo and license key files, view
Manager
information about them and renew the license.
This component is required to perform system scanning
and updates of virus databases according to schedule.
Scheduler
The Scheduler remains active even when you quit Dr.
Web for Linux.
This Manual is designed to help users of computers running GNU/

Linux OS install and adjust Dr.Web for Linux software complex.
All screenshots and examples provided in this document were made

for Ubuntu 9.04. If you plan to install and use Dr.Web for Linux
on some other Linux-based operating system, remember that
software layout, location of icons and menu items may vary from
the provided screenshots.
User Manual
1. Introduction 8
1.2. Document Conventions

The following conventions and symbols are used in this manual:
Convention Description
Bold Names of buttons, other elements of the
graphical user interface (GUI), and required user
input that must be entered exactly as given in
the guide.
Green and bold Names of Dr.Web products and components.
Green and underlined Hyperlinks to topics and web pages.
Monospaced font Examples of code, command line input and

information, output to user by the application.
Italics Terms and placeholder text (it substitutes
information to be entered by the user). When
examples of the command line input are given,
then italics is used for parameter values.
CAPITAL LETTERS Names of keys and key sequences.
Plus symbol (+) Indicates a combination of keys. For example,
ALT+F1 means to hold down the ALT key while
pressing the F1 key.
Exclamation mark (!) A warning about potential errors or any other
important comment.
User Manual
2. Installation and Removal

Below you can find detailed description of Antivirus Dr.Web® for
Linux solution installation and deinstallation procedures for Linux.
Administrator (root) privileges are necessary to perform all these
operations.
You must carefully uninstall all other packages of earlier product

versions (delivered in rpm or deb formats) from previous installations.
Dr.Web for Linux solution distribution package for Linux OS is

delivered in EPM format (script-based distribution package with
installation and removal scripts and standard install/uninstall GUIs)
designed to use with ESP Package Manager (EPM). Please note,
that all these scripts belong only to EPM-package itself, not to any
of the components of Dr.Web software system.
Installation, deinstallation and upgrade procedures for Dr.Web for

Linux solution can be carried out in the following ways:
· via install/uninstall GUIs;
· via interactive install/uninstall console scripts.
In the process of setup dependencies are supported. For installation

of some components, other components must be previously
installed (for example, drweb-daemon requires drweb-common
and drweb-bases components to be already installed). With
dependencies such step-by-step installation will be performed
automatically.
In the process of deinstallation dependencies are also supported,

both for graphical uninstaller and console uninstaller.
User Manual
Please note, that if you install Dr.Web for Linux solution to the
computer, where some other Dr.Web products have been
previously installed from EPM-packages, then at every attempt to
remove some modules via uninstall GUI you will be prompted to
remove absolutely all Dr.Web modules, including those from other
products. Please, pay special attention to the actions you perform
and selections you make during deinstallation to avoid accidental
removal of some useful components.
2.1. System Requirements

This section provides system requirements for installation and proper
operation of Antivirus Dr.Web® for Linux on your computer:
Specification Requirement
CPU Fully compatible with the system of commands of
x86 processor in 32-bit and 64-bit modes. In 64-
bit systems a support of 32-bit applications must
be enabled.
Disk space At least 90 MB of free disk space (more capacity
may be required, depending on the amount and
size of objects in the Quarantine).
OS GNU/Linux distributions with kernel version 2.6.x.
Other requirements Connection to the Internet for update of Dr.Web
virus bases and Dr.Web for Linux software
components.
X server is required for successful operation of Dr.Web for Linux.
Also the following libraries and utilities must be installed on your

system to enable operation of Dr.Web for Linux :
· libglade2
· libgtk2
· libstdc++6
· base64
User Manual
· unzip
· crontab
2.1.1. OS protected by SELinux
If your operating system is protected by SELinux, you may

encounter the following error after an attempt to launch Dr.Web
Scanner and scan system for viruses:
Figure 1. Scanner error
To set up successful operation of Dr.Web Scanner and Dr.Web

Daemon components in OS protected by SELinux, you must
compile politics for operation with corresponding modules drweb-
scanner and drweb-daemon.
Please note, that templates used in compilation of modules for

politics may vary widely, depending on the type of Linux
distribution, its version, set of SELinux politics and user settings. To
receive more detailed information on compilation of politics you may
refer to corresponding documentation on your Linux distribution.
User Manual
To create necessary politics you may use policygentool

command, which takes two parameters: the name of the policy
module (interaction with which has to be adjusted) and the full
path to the corresponding executable.
Example:
# policygentool drweb-scanner /opt/drweb/drweb.

real - for Scanner.
# policygentool drweb-daemon /opt/drweb/drwebd.

real - for Daemon.
You will be prompted to enter a few common domain

characteristics, and for each module three files will be created:
[module_name].te, [module_name].fc and
[module_name].if.
To compile the [module_name].te file execute the following

command:
checkmodule -M -m -o module-name [module_name].
te
Please note, that for successful policy compilation a checkpolicy

package must be installed to the system.
To compile a required policy execute the following command:

semodule_package -o [module_name].pp -m module-
name
To install the new policy module into the module store execute the
following command:
semodule -i [module_name].pp
2.2. Package files location

Dr.Web for Linux solution is installed by default to /opt/
User Manual
drweb/, /etc/drweb/, /var/drweb/ and ~/.drweb/

directories. OS independent directory tree is created in these
directories:
· /opt/drweb/ - executable modules and updating package
Dr.Web Updater (perl script update.pl);
· /opt/drweb/lib/ - various service libraries for packages of
Dr.Web for Linux;
· /opt/drweb/lib/ru_scanner.dwl - language file for
Dr.Web Scanner package;
· /opt/drweb/doc/ - prototypes of user configuration files
and documentation. All documentation is presented in plain
text files in English and Russian (KOI8-R and UTF-8 encodings)
languages;
· /opt/drweb/man/ - MAN files for software components;
· /opt/drweb/epm/ - executable file, language file and
libraries for graphical uninstaller;
· /etc/drweb/ - original configuration files of various
components of the software complex: drweb32.ini,
drweb-spider.conf;
· /etc/drweb/drweb-spider/templates/ - templates
of notifications generated and dispatched to various types of
receivers when some malicious objects are detected or some
errors in operation of the daemon occur;
· /var/drweb/bases/*.vdb - databases of known viruses;
· /var/drweb/lib/ - antivirus engine as a loadable library (
drweb32.dll);
· ~/.drweb/ - anti-virus engine, user configuration files,
license key file, PID files of processes and log files;
· ~/.drweb/quarantine/ - user quarantine, where
infected files are moved, when such reaction is specified in
settings for infected or suspicious files;
· ~/.drweb/bases/*.vdb - databases of known viruses in
user home directory.
For 64-bit systems lib64 subdirectory is created in /opt/

drweb/. It contains libraries necessary for operation of 64-bit
modules.
User Manual
2.3. Installing Dr.Web for Linux

Dr.Web for Linux solution is distributed as a self-extracting
package drweb-workstations_[version number]
~linux_x86.run (for 32-bit systems) or drweb-
workstations_[version number]~linux_amd64.run
(for 64-bit systems).
The following components are included into this distribution:

· drweb-common: contains main configuration file drweb32.
ini, libraries, documentation and directory structure. During
installation of this component drweb user and drweb group
will be created;
· drweb-bases: contains antivirus search engine and virus
databases. It requires drweb-common package to be
previously installed;
· drweb-updater: contains update utility for antivirus search
engine and virus databases. It requires drweb-common and
drweb-libs packages to be previously installed;
· drweb-daemon: contains Dr.Web Daemon executable files
and its documentation. It requires drweb-bases and
· drweb-scanner: contains Dr.Web Scanner executable
files and its documentation. It requires drweb-bases and
· drweb-libs: contains libraries common for all software
components;
· drweb-epm6.0.0-libs: contains libraries for graphical
installer and uninstaller. It requires drweb-libs package to
be previously installed;
· drweb-epm6.0.0-uninst: contains files for
graphical uninstaller. It requires drweb-epm6.0.0-libs
package to be previously installed;
· drweb-cc: contains Dr.Web Control Center executable
files, necessary libraries and documentation. It requires
drweb-spider, drweb-scanner and drweb-updater
User Manual
packages to be previously installed;

· drweb-boost144: contains libraries used by Dr.Web
Control Center and Dr.Web Spider simultaneously. It
requires drweb-libs package to be previously installed;
· drweb-agent: contains Dr.Web Control Agent
executable files, necessary libraries and documentation. It
requires drweb-boost144 and drweb-common packages
to be previously installed;
· drweb-monitor: contains Dr.Web Monitor executable
files, necessary libraries and documentation. It requires
drweb-boost144 and drweb-common packages to be
previously installed;
· drweb-spider: contains Dr.Web Spider executable files,
necessary libraries and documentation. It requires drweb-
boost144 and drweb-daemon packages to be previously
installed.
In distributions for 64-bit systems two other packages are included:

drweb-libs and drweb-libs32. They contain libraries for 64-
bit components and 32-bit components correspondingly.
To install all the components of Dr.Web for Linux solution

automatically you may use either console (CLI) or the default file
manager of your GUI-based shell. In the first case allow the
execution of the corresponding self-extracting package with the
following command:
# chmod +x drweb-workstations_[version number]~linux_x86.run
and then run it:
# ./drweb-workstations_[version number]~linux_x86.run
As a result drweb-workstations_[version number]

~linux_x86 directory will be created, and install GUI will be
initialized. If startup has been performed without root privileges,
then install GUI will try to gain appropriate privileges by itself.
If the install GUI has failed to start, then interactive install script will

be automatically initialized in console.
User Manual
If you want only to extract the content of the package without

starting install GUI, use --noexec command line parameter:
# ./drweb-workstations_[version number]~linux_x86.run --noexec
After you extract the content, you may initialize install GUI and
continue setup using the following command:
# drweb-workstations_[version number]~linux_x86/install.sh
Or if you want to use console installer, you may run corresponding

script with the following command:
# drweb-workstations_[version number]~linux_x86/setup.sh
During the installation the following processes take place:

· original configuration files are recorded to the /etc/drweb/
software/conf/ directory with the following names:
<configuration_file_name>.N;
· operational copies of configuration files are placed to the
corresponding directories of the installing software;
· other files are installed. If in the corresponding directory file
with the same name already exists (e.g. after inaccurate
removal of previous versions of the packages), it will be
overwritten with the new file, and its copy will be saved as
<file_name>.O. If some <file_name>.O file already exists in
this directory, it will be replaced with the new file of the same
name.
After installation is finished in Applications menu a Dr.Web group

will appear, expanding to the submenu with options for startup and
removal of Dr.Web for Linux solution.
User Manual
Figure 2. Dr.Web group and submenu option for startup and

removal of Dr.Web for Linux.
2.4. Removing Dr.Web for Linux

To remove all the components of Dr.Web for Linux solution via
the uninstall GUI, select the Removal of Dr.Web for Linux option
from the Applications -> Dr.Web menu or initialize it with the
following command:
# /opt/drweb/remove.sh
If initialization has been performed without root privileges, then

uninstall GUI will try to gain appropriate privileges by itself.
If the uninstall GUI has failed to start, then interactive uninstall script

will be automatically initialized in console.
After deinstallation you can also remove drweb user and drweb
group from your system.
User Manual
During the deinstallation the following processes take place:

· original configuration files are removed from the /etc/
drweb/software/conf/ directory;
· if operational copies of configuration files were not modified
by the user, they are also removed. If the user has made any
changes to them, they will be preserved;
· other files are removed. If during the installation a
<file_name>.O copy of some old file has been created, this
file will be restored under the name it had before the
installation;
· license key files and log files are preserved in corresponding
directories;
· the contents of the ~/.drweb directory is also preserved
(the user may delete it manually).
For operation according to schedules Dr.Web for Linux turns to

user cron. At startup and after registration of Dr.Web for Linux
an entry is made into the user crontab about periodicity of
Updater operation. It looks like the following:
*/30 * * * * sh -c "(/home/user/.drweb/crontab-
check.sh /opt/drweb/scripts/drweb-cc/update.sh
2>&1)>>/home/user/.drweb/crontab-updater.log"
Scanner schedule entry to the crontab will made only after the
corresponding function is enabled in Settings section of Dr.Web
for Linux. It may look like the following:
0 9 * * * sh -c "(DISPLAY=:0.0 /home/user/.
drweb/crontab-check.sh /opt/drweb/scripts/
drweb-cc/start-scanning.sh 2>&1)>>/home/user/.
drweb/crontab-scan.log"
When you uninstall the Dr.Web for Linux, corresponding entries in

the user crontab are not removed automatically and have to be
deleted manually.
User Manual
2.5. User interface of graphical installer

1. When you run install GUI with the following command:
# drweb-workstations_[version number]~linux_x86/install.sh
setup program window appears.
Figure 3. Welcome screen
Navigation is performed with Back and Next buttons. Setup

can be aborted at any moment by clicking Cancel button.
2. In the current version of the program you can choose only
one installation type: typical configuration of Dr.Web for
Linux with all the components selected by default.
User Manual
Figure 4. Install Type screen
3. On the Confirm screen you will be offered to overview and

confirm your selection.
Figure 5. Confirm screen
4. On the next screen you will be offered to take notice of

Software License Agreement and accept it to continue
the installation. With Select Language menu you may
choose preferred display language (English or Russian) for the
Software License Agreement.
User Manual
Figure 6. License screen
5. On the Installing screen log of installation process is output

in real-time mode.
Figure 7. Installing screen
At the same time log of installation process is written to

install.log file in the drweb-workstations_
[version number]~linux_x86 directory.
6. The last Finish screen contains information about the results
of the installation process (whether it was successful or not).
User Manual
Figure 8. Finish screen
7. Click the Close button to close setup program window.
2.6. User interface of graphical

uninstaller
1. When you run uninstall GUI using the Applications -> Dr.
Web -> Removal of Dr.Web for Linux menu or from
console with the following command:
# /opt/drweb/remove.sh
deinstallation program window appears.
User Manual
Figure 9. Welcome screen
Navigation is performed with Back and Next buttons. You

can quit the program at any moment by clicking Cancel
button.
2. On the Select Software screen you will be offered to select
components for removal from the list. All corresponding
dependencies will be selected for deinstallation automatically.
If you installed Dr.Web for Linux solution to the computer,
where some other Dr.Web products have been previously
installed from EPM-packages, then absolutely all modules will
be included in the list of components available for removal,
including those from other products. Pay special attention to
the actions you perform and selections you make during
deinstallation to avoid accidental removal of some useful
components.
User Manual
Figure 10. Select Software screen
If you click Remove All button, all components will be

selected. If you click Remove None button, all selection
marks will be removed.
3. When you select everything you consider necessary, you will
be offered to overview and confirm all the choices made on
the Confirm screen.
Figure 11. Confirm screen
4. On the last Removing screen log of deinstallation process is

output in real-time mode.
User Manual
Figure 12. Removing screen
5. Click the Close button to close deinstallation program

window.
2.7 Interactive console installer

Console installer will be initialized automatically, if the install GUI fails
to start.
User Manual
After initialization a conversation with console installer will begin.
If you want to install Dr.Web for Linux, specify Y or Yes in the

input line (values are case insensitive) and press ENTER. Otherwise
enter N or No.
On the next screen you will be offered to take notice of Software

License Agreement. To browse through the text of the
Software License Agreement use the SPACEBAR key.
User Manual
To continue the installation you must accept the Software

License Agreement. Specify Y or Yes in the input line and press
ENTER. If you enter N or No, installation will be terminated.
After the acceptance of the Software License Agreement

installation process will be started. Installation log will be output to
console in real-time mode.
If console installer has failed to start automatically (for example,

because it was unable to gain appropriate privileges), then you may
try to start it manually with root privileges, using the following
command:
User Manual
# drweb-workstations_[version number]~linux_x86/setup.sh
2.8 Interactive console uninstaller

Console uninstaller will be initialized automatically, if the uninstall GUI
fails to start.
User Manual
A conversation with console uninstaller will begin.
You will be offered to select from list all the necessary components
for the subsequent deinstallation (follow the on-screen
instructions).
User Manual
To start the deinstallation procedure you must confirm the selection

made on the previous stage. Specify Y or Yes in the input line
(values are case insensitive) and press ENTER.
Deinstallation log will be output to console in real-time mode.
User Manual
3. General information on operation of Dr.Web for 31
Linux solution.
3. General information on operation

of Dr.Web for Linux solution.
This chapter contains information on how to start Dr.Web for
Linux and finish its operation, how to update the program, initialize
system scan and get help.
3.1. Startup
You may start Dr.Web for Linux solution using one of the
following procedures
· In Applications -> Dr.Web menu select Dr.Web for Linux
to initialize Dr.Web for Linux.
· In console run the following command:
$ drweb-сс
Immediately after start License Manager window opens for

registration of Dr.Web for Linux anti-virus solution:
User Manual
Linux solution.
Figure 13. License Manager window for registration of the

software.
Registration is required to confirm that you are a legitimate user of

the anti-virus. Select the necessary option and click Next.
Option Description
To receive a license key file you will be prompted to
enter a serial number for the purchased software
product. You may purchase any Dr.Web solution
Receive a license key
or only an electronic run-time license for any
file
product with the serial number in Dr.Web
online store or via any authorized partner of
Doctor Web company.
Demo key file is used for evaluation purposes and
Receive a demo key
has a limited period of validity. No serial number is
file
required.
Specify path to the
Select this option if you already have a valid key
available valid key
file.
file
If you select one of the first two options, you will be prompted to
enter your personal information (name, e-mail address, country and
city of residence). This information is used only by Doctor Web to
User Manual
Linux solution.
generate the key file and is not passed on to anyone else. Received
license key file will also contain this information for identification
purposes.
At start Dr.Web for Linux adds itself to the autoload list. So if

you shut down your system without exiting the Dr.Web for Linux,
then it will be started automatically after you power on your
system.
To quit Dr.Web for Linux right-click the icon in the tray and
choose Exit in the drop-down menu.
When you quit Dr.Web for Linux, the SpIDer Guard and
Scheduler components remain active. The former is a resident
anti-virus monitor which checks all files in real time mode each time
they are accessed, and the latter starts the scanning and updating
processes according to schedule (see Adjusting Schedules).
Each user can run and use its own copy of Dr.Web for Linux, and
all this copies will operate simultaneously and independently.
User Manual
Linux solution.
3.2. Primary functions

Figure 14. Main window of the Dr.Web Control Center.
All primary functions of Dr.Web for Linux can be performed via Dr.
Web Control Center. The main window of Control Center
consists of five sections. These sections are used to control and
access various components of the anti-virus:
· SpIDer Guard - in this section you may enable or disable the
resident anti-virus component of Dr.Web for Linux. Refer to
the Constant Anti-virus Protection page for more information.
· Scanner - from this section you may access the main anti-
virus scanning component which performs system scan in
order to detect threats to the information security. Refer to
the Performing a System Scan page for more information.
User Manual
Linux solution.
· Quarantine - from this section you may access the contents

of the Quarantine directory. Refer to the
Managing the Quarantine page for more information.
· Results - from this section you may access statistics on the
program's operation: check results with a summary of
detected threats and actions applied to these threats. Refer
to the Viewing the Results page for more information.
· Update - this section contains information about the last
update of the software and allows to start the Updater.
Refer to the Updating the Program page for more
information.
Also you can access primary and additional functions from menu bar
at the top of the window:
· Scanner option provides access to the corresponding section
of the Control Center, where you can scan your system for
viruses and other threats;
· Quarantine option provides access to the Quarantine
section, where you can work with suspicious and incurable
objects moved to the special directory after scan;
· Results option provides access to statistics on Dr.Web for
Linux operation.
· Tools menu provides access to program settings, logs and to
the License Manager;
· Help menu allows to send suspicious files to virus analytics of
the Doctor Web company, access Dr.Web forum and view
information about the functionality of Dr.Web for Linux
program.
3.3. Constant Anti-virus Protection

Constant anti-virus protection is carried out by SpIDer Guard file
monitor - the resident component which performs a real-time check
of all files accessed by the user or some program.This component is
started automatically immediately after the license key file is
received and installed. Whenever a threat is detected, SpIDer
Guard outputs a warning in a separate window and applies an
action specified in Settings section of the Tools menu.
User Manual
Linux solution.
Enabling and disabling the SpIDer Guard

· To enable (or disable) the SpIDer Guard file monitor select
Control Center option from the menu bar and in SpIDer
Guard section press Enable button (or Disable button).
· Also you may right-click the icon in the tray and choose
Enable SpIDer Guard (or Disable SpIDer Guard) in the
drop-down menu.
When you exit Dr.Web for Linux SpIDer Guard memorizes its last
state (whether it was enabled or disabled) and restores it at the
next start of Dr.Web for Linux. So if the user disables the SpIDer
Guard before exiting Dr.Web for Linux, then it will remain disabled
after the next start of the software complex and must be enabled
manually.
In Settings section of the Tools menu you can exclude certain

files and folders from scan performed by the SpIDer Guard, set up
the maximum time for scanning of one file and a maximum size of
file to scan, enable or disable scan of archives.
3.4. Performing a System Scan On

Demand
System scan is performed by the Scanner which checks objects in
the file system on user demand or according to schedule in order to
detect various threats to data security. By default Scanner in its
operation uses Dr.Web virus bases as well as the heuristic
analyzer (which allows to detect unknown viruses according to
well-known general principles of virus construction).
To ensure a reliable protection of your system you must perform a

system scan regularly. You can start the scanning process manually
or configure the Scheduler to scan the system according to a
specified schedule (see Adjusting Schedules).
User Manual
Linux solution.
Adjusting and initializing a system scan manually

1. To adjust and start a system scan select a Scanner option in
the menu bar or press a Switch to button in the Scanner
section of the Control Center window. A main window of
the Scanner will open.
Figure 15. Scanner main window.
2. Select a scan mode (refer to the panel with the file system
tree for more information):
· Express scan - quickly check only the most
vulnerable parts of the system;
· Full scan - perform a full scan of the entire file
system;
· Custom scan - manually specify files and folders
for check.
User Manual
Linux solution.
These three are the default scan modes (also called "scan
sets" because they contain information about the set of
objects to be scanned). If you try to change the Full and
Express sets, you will bel switched to the Custom set.
· User scan (if specified) - unlike Custom scan
mode User scan mode allows to save previously
selected for scan files and folders for further use.
In user defined scan mode all the settings available for the
Custom scan mode can be enabled. But it also allows to
save the current state of settings to use them later for
following scans.
To create a new set press New scanning mode

button under the list of scan sets and specify a name for it.
All the settings will be saved and restored, when you
choose this user mode next time.
To delete unnecessary scan set select it in the list and
press Remove scanning mode button.
To select objects for custom scan use Add path to the

object for scan to list and Remove path from
list buttons, located under the list of objects for scan.
To view and select for scan hidden files and folders use the
right-click menu (Show hidden files check box) in the
path selection section of the main Scanner window. Using
this menu you can also select objects for custom scan (Add
path and Remove path options).
3. By pressing the arrow button near the Begin the scan
button you may select the required mode

of threats processing:
· Actions are selected manually – manual
processing of threats, when the Scanner only
informs the user about detected threats,
providing a possibility to choose appropriate
User Manual
Linux solution.
actions manually;
· Actions are applied aunomatically –
automatic processing of threats, when the
Scanner applies actions specified in its settings
to all detected threats.
If you want to change the current processing mode, press an
arrow and select a new mode.
4. After finishing the adjustment press Start button.
Figure 16. Displaying results of the current check.
At any stage of scanning process you can perform one of the

following actions:
· pause check by pressing Pause button. To
continue check press Continue button;
· stop the check completely by pressing Stop
button.
5. If you have chosen manual processing mode on the previous
User Manual
Linux solution.
stage, then it will be necessary to select actions to be applied

to detected threats after scan.
6. To return to the Scanner main screen (and start a new scan,
if necessary) press New scanning button. If you press this
button before any actions are applied to detected threats,
then the list of these threats will be discarded.
You can view statistics on results of scanning sessions performed by

Scanner and SpIDer Guard file monitor in Results section.
3.4.1. Eliminate Threats
After scan is started, main Scanner window switches to display of

results of current scan.
Figure 17. Displaying results of the current check.
At the top of the window information about a degree of

completion of scanning process, name of the file being checked at
User Manual
Linux solution.
the moment and some statistical information are displayed.

Figure 18. Displaying detected threats.
In the middle of the window the table with the list of all detected
threats is displayed:
· In the File column paths to detected infected or suspicious
objects are specified.
· In the Details column information about the threat is
displayed (for example, type of a threat or a virus name).
· In the Action column information about the action applied to
a certain infected object is displayed (if the corresponding
field is empty, then no action was applied to this object).
· In the Time column the date when the threat was detected
is displayed.
In automatic processing mode Scanner applies to detected threats

actions specified in its settings.
User Manual
Linux solution.
In manual processing mode Scanner only informs the user about

detected threats. After scan is finished you may try to restore
proper functionality of infected object (cure it), or eliminate the
threat, if the object appears to be incurable (delete it).
Manual processing of threats

1. To apply some action to the threat (or to several threats of
the same type) select the object from the list.
2. Perform one of the following actions:
· press Cure button to make an attempt to cure infected
file;
· press an arrow near the Cure button and select some
other action from the list.
If target file is a virus, then it can be deleted in

consequence of successful application of Cure action.
There exist the following limitations on certain types of

actions:
· suspicious objects cannot be cured;

· moving, renaming or deletion of objects that are not
files (e.g. boot sectors) is not allowed;
· none of the actions can be applied to a separate file in
the archive or a container and to the part of mail
message. In this case action is applied to the whole
object (archive, container or mail message).
Suspicious files which were moved to Quarantine may be

sent to the Dr.Web anti-virus department for analysis.
You may use a special contact form at http://vms.drweb.
com/sendvirus for this purpose.
3. After action is applied, Dr.Web for Linux adds a

correspondent entry to the Action column about the
results of the operation.
4. To return to the main Scanner window press New
scanning button.
User Manual
Linux solution.
3.5. Updating the Program

For detection of viruses and other malicious objects all anti-virus
software of the Doctor Web company use special Dr.Web virus
databases which include information on all known computer
threats. New types of computer threats with new concealment
features are being constantly developed by malefactors all over the
world, that is why Dr.Web virus databases require regular
update. Updating the components and virus databases of Dr.Web
for Linux allows to detect and block new types of viruses, and in
some cases - successfully cure infected files, which were considered
unrecoverable on previous stages.
To provide constant up-to-date protection Doctor Web company

has implemented updating procedure via the Internet. Updater
module allows to download and install addons to virus databases
during the validity period of the license.
You can either start the Updater manually or configure the

Scheduler to update program components and virus databases
according to a specified schedule (see Adjusting Schedules).
To start the Updater manually

· Select Control Center option from the menu bar and in the
Updater section press the Update button.
· Also you may right-click the icon in the tray and choose
Update in the drop-down menu.
3.6. Getting Help

To get help about the program you can use Dr.Web Help.
To access Dr.Web Help

Click Help in the menu bar and then select your topic of
interest.
User Manual
Linux solution.
If you cannot find an answer or a solution to your problem, you may

contact technical support department of Doctor Web company
for assistance.
User Manual
4. Advanced Usage
This section is designed for experienced users and contains
information about some additional features of Dr.Web for Linux:
program settings and licensing procedure. To access these features
use Tools option from menu bar.
Using additional features you will be able to:

· process suspicious and incurable objects, moved to the special
Quarantine directory during anti-virus check;
· view anti-virus check results;
· specify a shedule for automatic scan and update of Dr.Web
virus databases;
· specify actions to be applied to detected threats during
regular automatic scan;
· specify exclusions for scan;
· set up notifications about system events.
4.1. Viewing the Results

Dr.Web for Linux collects statistics on malicious objects and other
threats, detected on your computed during regular check
performed by the Scanner or SpIDer Guard file monitor. In the
Results section you may view this statistics and delete old entries,
if necessary.
Viewing statistics
To view statistics on operation of Dr.Web for Linux, select
Results option in the menu bar.
User Manual
Figure 19. Results window.
At the top of the Results window general statistics is displayed.

In the middle of the Results window the table with the list of
all possible and obvious threats is displayed:
· In the File column paths to detected infected or
suspicious objects are specified.
· In the Details column information about the threat is
displayed (for example, type of a threat or a virus name)
.
· In the Action column information about the action
applied to a certain infected object is displayed (if the
corresponding field is empty, then no action was applied
to this object).
· In the Time column the date when the threat was
detected is displayed.
At the bottom of the Results window Clear button is located.
Using this button you can delete all data from the Results page.
User Manual
4.2. Managing the Quarantine

The Quarantine is a special directory where you can move
detected objects to isolate them from the rest of the system.
The following types of files are stored in Quarantine:

1. backup copies of infected and suspicious files, deleted
according to corresponding settings (Delete action). If
necessary deleted files can be restored from this copies;
2. infected and suspicious files moved to Quarantine according
to corresponding settings (Move action). As curing algorithms
improve constantly, these files can be successfully cured later.
Files of the first type are stored in Quarantine for a limited period
of time (it is specified in settings). When storage period expires,
they are removed from Quarantine and permanently deleted. Also
they are deleted (overwritten with new files), if there is no more
free space left in Quarantine..
Files of the first type will be deleted only when there is no available
space for new files in Quarantine (they will be also overwritten with
the new ones).
By default Quarantine is located at .drweb subdirectory of user

home directory.
You can view and manage the contents of the Quarantine

directory and adjust parameters of the Quarantine itself via the Dr.
Web for Linux GUI.
Viewing objects in Quarantine

To proceed to Quarantine window select Quarantine option
in the menu bar.
User Manual
Figure 20. Quarantine window.
At the top of the Quarantine window general statistics on

objects stored in Quarantine and amount of disc space
allocated to them is displayed.
In the middle of the Quarantine window the table with the list
of objects in the Quarantine is displayed:
· In the Quarantine column names of quarantined
objects are specified.
· In the Status column information about the reason
why the object was moved to Quarantine is displayed.
· In the Original path column path to the directory from
which the certain file was moved to Quarantine is
displayed.
· In the Size column size of the quarantined object is
specified.
· In the Time column the date and time when the object
was moved to the Quarantine are specified.
User Manual
Processing objects in Quarantine

1. To apply an action to one or several objects in Quarantine
select them from the list (hold the CTRL key to select
several objects).
2. Perform one of the following actions:
· press Restore button to move the quarantined file
back to the place in the file system where it was moved
from;
· press an arrow near the Restore button and select
Restore to action to move the file from Quarantine
to the directory of your choice;
· press an arrow near the Restore button and select
Remove action to delete the file from Quarantine.
Adjusting Quarantine parameters

1. To open a settings section of Dr.Web for Linux select
Setting item from the Tools menu.
Figure 21. Quarantine settings.
2. Select Quarantine tab.

3. Select a Save copies of deleted files check box to enable
preservation of deleted infected files in Quarantine.
Deselect this check box to allow permanent deletion of
infected objects and disable a possibility to restore them
User Manual
from Quarantine. Quarantined copies of deleted files have

icon.
4. Specify limits for a storage period for objects in Quarantine
and for a size of Quarantine itself.
When you specify a size of the Quarantine, it does not

reserve any disk space. So even if you allow Quarantine
to use 100% of free space on the partition, current size of
the Quarantine will be equal to the total size of
quarantined files.
4.3. Adjusting Schedules

The Scheduler component can be used to set up schedules for
automatic scanning and updating. It is adjusted in the Scanner and
Update sections of the Dr.Web for Linux settings.
To set up a scanning schedule

1. Open a settings section of Dr.Web for Linux by selecting
2. Select Scanner tab and then open a Schedule tab.
User Manual
Figure 22. "Schedule" tab for a Scanner.
3. Select the check box at the top and specify the time when
the next scanning session will be started, and interval
between regular scanning sessions.
4. Select objects for scan.
To set up an update schedule

2. Select Update tab.
User Manual
Figure 23. "Updates" tab.
3. Select one of the following options:

· automatic - update using the default interval
recommended by Doctor Web company;
· update every - specify custom update interval;
· disable updates - do not perform automatic updates
(remember to update manually).
4.4. Adjusting Automatic Actions

You can specify actions to be applied to various types of computer
threats automatically, if manual processing of detected malicious
objects appears to be disabled. Automatic actions for Scanner and
SpIDer Guard may vary.
By default for every type of threat (excluding infected files, which

Scanner tries to cure) move action is used. You can specify any
other available action:
· Cure (available only for infected files) - try to cure the object
infected with known virus. If it turns out to be impossible to
cure this file, then an action for incurable files is applied;
· Delete - delete infected or suspicious file;
· Move - move infected or suspicious file to the Quarantine
User Manual
directory.
· Report - notify the user about a detected threat. When this
action is selected, all operation with detected malicious
objects must be performed manually;
· Ignore (available for suspicious files and all types of riskware)
- pass the file (a notification will be output to log that a
certain file is infected).
Default settings specified on Actions tab provide optimal

protection for your system. It is not recommended to modify them
unless it is necessary.
To set up automatic actions

2. Select Scanner tab or SpIDer Guard tab. Adjustment of
automatic actions for both components is performed using
the same procedure.
3. On Actions tab specify an action for every type of threat.
Figure 24. "Actions" tab for a Scanner.
4. After editing all the necessary settings press OK button to

save the changes or Cancel button to discard all changes.
User Manual
4.5. Excluding Files from Scanning

You can make up a list of files and directories which should be
excluded from scanning. Exclusions can be adjusted both for the
Scanner and the SpIDer Guard using the same procedure.
The Quarantine directory (usually it is /.drweb subdirectory in

the user home directory) is in the exclusions list by default because
it is used to isolate detected threats and, as access to it is blocked,
there is no use scanning it.
Default settings in the Exclusions tab are considered optimal for a

perfect protection of your system, and it is not recommended to
change them unless it is necessary and you know what you are
doing.
To adjust exclusions
1. Open a settings section by selecting Settings item from the
Tools menu.
2. Select Scanner tab.
3. Open the Exclusions tab and specify there files of directories
to be excluded from scan.
User Manual
Figure 25. "Exclusions" tab for a Scanner.
Perform one of the following actions:

· specify the full path to file or directory to be excluded
from check and press Add button;
· press Choose button to select a file or directory

from the directory tree list;
· press Remove button to delete a file or directory

from the list of exclusions.
4. To include in check all types of archives select a Scan
archives check box.
5. If necessary, set up the maximum size of file to scan and the
maximum scanning time for one file (for example, to avoid
hang up of the program during check of corrupted files).
6. After editing all the necessary settings press OK button to
save the changes or Cancel button to discard all changes.
4.6. Adjusting Notifications

Dr.Web for Linux can notify the user about various events which
User Manual
may occur during its operation. There exist two types of

notifications:
· On-screen messages displayed by the SpIDer Guard file
monitor.
· Sound alerts which are used both by the Scanner and
SpIDer Guard.
To adjust sound alerts for the Scanner

Tools menu.
2. Select Notifications tab.
Figure 26. "Notifications" tab.
3. To adjust sound alerts perform one of the following actions:

· to enable or disable all sound alerts select or
deselect the Sound check box at the top of the
tab;
· to enable or disable alert for a specific occasion
select or deselect a corresponding check box in
the Sound column and specify a sound file to
play. You can either select this file from the
drop-down menu or specify a path to it. You can
also specify a special command for playback and a
User Manual
time interval during the day for which sound

alerts will be enabled. To playback the selected
file press Play sound button.
4. To adjust on-screen notification messages perform one of the

following actions:
· to enable or disable on-screen notification
messages select or deselect the Notify check
box at the top of the tab;
· to enable or disable on-screen notification
messages for a specific occasion select or
deselect a corresponding check box in the
Notify column;
· use the slider to set the duration for a message
to remain on the screen.
4.7. Simultaneous use of Dr.Web for

Linux by several users
On the same computer different users can start and use their
separate copies of Dr.Web for Linux, and all these copies will
operate simultaneously and independently.
When any user starts the Dr.Web for Linux for the first time, in
user home directory (in ~/.drweb) the following files and
directories are created:
· copy of the main configuration file drweb32.ini, where
user settings for Dr.Web Scanner will be stored;
· copies of configuration files for SpIDer Guard and Control
Center components (drweb-spider.conf and drweb-
cc.conf correspondingly), where their settings for a
specific user will be stored;
· symbolic link to the license key file /opt/drweb/drweb32.
key (whether there exists this file or not). If this file exists at
the specified location, it will be available for all users by
default, otherwise the user will be offered to get license key
file via the License Manager;
User Manual
· symbolic link to the Dr.Web Engine /var/drweb/lib/

drweb32.dll. Updater module may replace this symbolic
link with the real drweb32.dll file later on, after some
regular update;
· sockets for SpIDer Guard and Control Center;
· directories where user virus databases and temporary files will
be stored, and the Quarantine directory.
4.8. Central Anti-virus Protection

Solutions for central protection from Dr.Web help automate and
simplify configuring and managing information security of computers
within logical structures (for example, company computers that
access each other from both inside and outside of company's local
networks). Protected computers are united in an anti-virus network
which security is monitored and managed from central sever by
administrators. Connection to centralized anti-virus systems
guarantees high level of protection while requiring minimum efforts
from end-users.
Logical Structure of Anti-virus Networks
Solutions for central protection from Dr.Web use client-server

model.
Workstations and servers are protected by local anti-virus

components (agents, or clients; herein, Dr.Web for Linux)
installed on them, which provides for anti-virus protection of remote
computers and ensures easy connection to central protection
server.
Local computers are updated and configured from central server.

The stream of instructions, data and statistics in the anti-virus
network goes also through the central protection server. The
volume of traffic between protected computers and the central
server can be quite sizeable, therefore solutions provide options for
traffic compression. To prevent leak of sensitive data or substitution
of software downloaded onto protected computers, encryption is
also supported.
User Manual
All necessary updates are downloaded to central protection server

from Dr.Web Global Update System servers.
Local anti-virus components are configured and managed from

central protection server according to commands from anti-virus
network administrators. Administrators manage central protection
servers and topology of anti-virus networks (for example, validate
connections to central protection server from remote computers)
and configure operation of local anti-virus components when
necessary.
Figure 27. Logical structure of anti-virus networks.
User Manual
Central Protection Solutions
Dr.Web® Enterprise Suite
Dr.Web® Enterprise Suite is a complex solution for corporate

networks of any size that provides reliable protection of
workstations, mail and file servers form all types of modern
computer threats. This solution also provides diverse tools for anti-
virus network administrators that allow them to keep track and
manage operation of local anti-virus components including
components deployment and update, network status monitoring,
statistics gathering, and notification on virus events.
4.8.1. Configuring Central Protection Mode
If necessary, you can use your installed Dr.Web for Linux anti-virus
solution to connect to corporate networks protected with Dr.
Web® Enterprise Suite. To operate in such central protection
mode, you do not need to install additional software or uninstall Dr.
Web for Linux.
To use central protection mode

1. Contact an anti-virus network administrator for a public key
file and parameters of connection to the central protection
server.
Tools menu.
3. Select Mode tab.
User Manual
Figure 28. "Mode" tab.
4. To connect to central protection server of your company

select the Use central protection server checkbox.
5. On switching to the central protection mode Dr.Web for
Linux restores parameters of the previous connection. If
you are connecting to the server for the first time or
connection parameters have changed, do the following:
· Press the Connection Settings button to open a
window with parameter settings for establishing
connection with the central protection server.
User Manual
Figure 29. Adjusting connection settings.
· Enter the IP address of the central protection server.

· Enter the port number that is used to connect to the
server.
· Specify the public key file by double-clicking the public
key area and browsing to select the required file.
Please note, that administrative privileges are required to
change connection settings. In general, you will be prompted
to specify root password for su or user password for sudo
(if user sudo profile is set up correctly). In some operating
systems based on GNU/Linux other mode/password
combinations may be used: for example, root password may
be used for sudo.
User Manual
Figure 30. Selecting authentication method.
In the central protection mode, some features and settings

of Dr.Web for Linux may be modified and blocked for
compliance with the company security policy or according to
the list of purchased services. A key file for operation in this
mode is received from central protection server. Your
personal key file is not used.
4.8.2. Creating New Account on the Central

Protection Server
Interaction between Dr.Web for Linux anti-virus solution and

central protection server is performed via the Dr.Web Control
Agent component. When connection with the server is set up, all
corresponding changes are made to configuration file of the Agent
automatically.
According to the connection policy for new working stations, new

workstation can be connected to the central protection server in
two different ways:
· when new account is created by the server automatically;
· when corresponding account is created by administrator
manually.
User Manual
If new account is created automatically

1. When Agent is first started in central protection mode, it
sends a request for the account details (station ID and
password) to the server.
2. If central protection server is set to Approve access
manually mode, system administrator must confirm
registration of new station via web interface.
3. After first start Agent records hash of station ID and
password to the special file (default path is /var/drweb/
agent/pwd). Encryption key is made from the name of the
host where Agent is running.
4. Data from this file is used every time Dr.Web for Linux
solution connects to the central protection server.
5. If you delete password file, repeated registration request will
be made to the server after the next start of the Agent.
When new account is created manually

1. Create new account on the central protection server: station
ID is generated automatically and password must be specified
manually.
2. In corresponding fields of the window with
connection settings specify login (station ID) and password.
User Manual
Figure 31. Adjusting connection settings.
Agent records the hash of the station ID and password to the

special file (default path is /var/drweb/agent/pwd).
Encryption key is made from the name of the host, where
Agent is running.
3. Data from this file is used every time Dr.Web for Linux
solution connects to the central protection server.
4. If you delete password file, the registration must be
performed once again.
4.8.3. Configuring Components via Web

Interface of the Central Protection Server
Every time Dr.Web for Linux starts, Agent requests and receives
User Manual
configuration of Dr.Web Scanner and Dr.Web SpIDer Guard anti-

virus components from the central protection server. So,
configuration of this components can be performed via web
interface of the central protection server.
If the user have sufficient privileges to change settings of Dr.Web

Scanner and Dr.Web SpIDer Guard components, than all changes
made via the Dr.Web for Linux interface will be automatically
exported to the central protection server.
4.8.4. Configuring Standalone Mode
If necessary, you can disconnect Dr.Web for Linux from the

corporate networks protected with Dr.Web® Enterprise Suite by
switching Dr.Web for Linux to the standalone mode.
To use standalone mode

1. Contact an anti-virus network administrator of your company for a
permission to disconnect from the central protection server
(corresponding privileges must be granted to the user via the
web-interface of the server).
Tools menu.
3. Select Mode tab.
User Manual
Figure 32. "Mode" tab.
4. To switch to the standalone mode, clear the Use central

protection server checkbox.
5. On switching to this mode all settings of Dr.Web for Linux are
unlocked. You can once again access all features of anti-virus
including those of configuring and running updates manually and
managing SpIDer Guard.
Please note, that for correct operation in standalone mode, Dr.
Web for Linux requires a valid personal key file. The key files
received from central protection server cannot be used in this
mode. If necessary, you can receive or update a personal key file
with License Manager.
4.8.5. Additional Settings for Standalone Mode
When settings for establishing connection with the central

protection server are adjusted, configuration files of some Dr.Web
for Linux components (Dr.Web Monitor and Dr.Web Agent) are
modified. Corresponding files: monitor.conf and agent.conf -
are stored in the /etc/drweb/ directory.
For the Dr.Web Monitor:
In [Monitor] section of the configuration file value of
User Manual
RunAppList parameter is changed: Agent module is added to

the list of modules started by Monitor (AGENT value).
For the Dr.Web Agent:
In [EnterpriseMode] section of the configuration file

UseEnterpriseMode parameter value is changed to Yes, host
name of the central protection server is specified in ServerHost
parameter and port number is specified in ServerPort parameter.
So, when Dr.Web for Linux is switched to Standalone mode, it

may become necessary to change manually values of those
parameters. To restore default values specify RunAppList =
MAILD (or leave it empty), UseEnterpriseMode = No,
ServerHost = 127.0.0.1, ServerPort = 2193.
To disable Monitor change the value of ENABLE variable from 1

to 0 in the /etc/drweb/drweb-monitor.enable file.
User Manual
5. Using the License Manager

The License Manager is a component used to simplify the
management of your key files. You usually receive the key file
immediately after installation, because it is required for proper
operation of Dr.Web for Linux. If you did not receive a key file or
it has expired, you can use the License Manager to get a new
one.
In the main window of License Manager you may do the

following:
· view information about the current license;
· extend a term of validity of the current license;
· receive a new license key file.
User Manual
Figure 33. License Manager main window.
Using the License Manager

1. To open License Manager select the License Manager
item in Tools menu.
2. In the License Manager window you can view information
about the status of your current license.
3. You may also use one of the following options:
· press Get a new key button to receive a new license
key file;
· follow My Dr.Web link to extend a term of validity of
the current license;
· follow Technical support link to contact
technical support department of Doctor Web
company.
User Manual
4. Press Close button.
5.1. License Key File

Dr.Web for Linux user right to use this software is confirmed in
the license key file.
During operation of the program license key file must reside in the
default installation directory (/opt/drweb/ for Linux). The
program checks regularly the existence and autenticity of the key
file. Do not modify the key file in order to avoid its corruption.
License key file usually has the key extension and contains the
following information:
· list of the components licensed to user;
· license validity period, during which the user can enjoy the full
functionality of the program;
· any other restrictions (for example, the number of possible
users of the anti-virus).
License key file for Dr.Web for Linux stays valid as long as both
requirements described below are met:
· license validity period has not yet expired;
· the key file itself is not corrupted.
If any of these requirements is not met, license key file becomes

invalid, and from this point on effective exploitation of Dr.Web for
Linux becomes impossible.
Doctor Web company can block license key file, if it appears to be

illegally distributed. Block is performed on update servers, so the
user with blocked key file will not be able to receive updates.
If your license key file appears to be blocked, contact the

technical support department of Doctor Web company.
User Manual
It is also possible to receive a demo key file for evaluation purposes.

Demo key files provide full functionality of main anti-virus software
components, but have a limited period of use.
Additional information about licensing policy and key files can be

found at official web site of Doctor Web company at http://www.
drweb.com/.
5.2. Licensing Parameters

Use of Dr.Web for Linux is regulated by the license key file.
Parameters of the key file defining user privileges are set according
to the License Agreement.
To receive the license key file the user must register. Registration
information will be included into the key file.
The information shared by users during registration is kept in special

databases and is used for identification of users when they contact
Technical support service and also for license renewal. More
information on the Dr.Web privacy policy can be found on the web
site of the Doctor Web company: http://company.drweb.com/
policy.
Parameters of the current license are displayed at the main window

of the License Manager.
Obtaining information about the current license

To switch to the main window of the License Manager select
License Manager item in Tools menu.
5.3. Receiving a key file

After the first start of Dr.Web for Linux a License Manager
window opens for registration of the program. Registration is
User Manual
required to confirm that you are a legitimate user of the anti-virus.
To obtain a license key file a product's serial number is required. To

purchase any anti-virus software product of Dr.Web or only a
license for some Dr.Web product (with a serial number) you may
contact any certified partner of Dr.Web, or use the online store.
Without the serial number you may obtain only a demo key file for
evaluation purposes.
Obtaining a license key file

1. When Dr.Web for Linux is initialized without any key file
residing in the default operating directory, registration
process begins automatically. If you want to replace the old
key file with the new one, start the License Manager
manually by selecting the License Manager item in the
Tools menu.
User Manual
Figure 34. License Manager main screen
2. In the main window of the License Manager press

Obtain/Extend the License button to initialize user
registration procedure.
User Manual
Figure 35. Registration Type screen
3. On the first stage of the registration procedure you will be

offered to choose the required license type or specify a path
to the already obtained valid license key file.
Option Description
To receive a license key file you will be
prompted to enter a serial number for the
purchased software product. You may purchase
Receive a license
any Dr.Web solution or only an electronic run-
key file
time license for any product with the serial
number in Dr.Web online store or via any
authorized partner of Doctor Web company.
Demo key file is used for evaluation purposes
Receive a demo
and has a limited period of validity. No serial
key file
number is required.
Specify path to
Select this option if you already have a valid
the available
key file.
valid key file
Select the necessary option and click Next.

4. If you decided to specify path to the existing key file, you
User Manual
will be offered to select it from the directory tree list on the

logical drive or a removable media. After that it will be copied
to the .drweb subdirectory of the user home directory,
and registration process finishes.
Figure 36. Receive Key File screen
5. If you decided to register using a serial number, you will be

prompted to enter it.
User Manual
Figure 37. Enter Serial Number screen
Press Next button to continue registration.
6. After entering a serial number you will be prompted to

specify some personal information (full name and current
location: city and country of residence) and contact details.
This information is used only by Doctor Web company and
will never be passed to the third parties. The key file which
you will receive will contain your personal data for
authentication purposes.
User Manual
Figure 38. User Information screen
Press Next button to proceed to the next stage, where you

will receive the key file. This procedure usually doesn't require
any special attention from the user.
7. If you successfully receive your license key file, Dr.Web for
Linux will start to use it automatically.
User Manual
Figure 39. Finish Registration screen
Press OK button to finish the registration.
If the license key file was not received, check log for error
messages and repeat the procedure.
During operation of the Dr.Web for Linux software complex

license key file must always reside at ~/.drweb directory.
5.4. License Renewal

In some cases (for example, when current license is expired or
security requirements of the protected system are changed) you
may decide to purchase a new license for the Dr.Web for Linux
solution, or a license with some additional features (more computers
to protect, more tasks to perform).
License renewal procedure

1. To renew the license start the License Manager by
selecting the License Manager item in the Tools menu.
User Manual
2. Press My Dr.Web button in the appeared window. It will

take you to your Personal Cabinet webpage on Dr.Web
site, where you can extend the validity period of the current
license and download a new key file.
To extend the validity period of your license you may do the

following:
· by the new license (at the usual price)
· by the renewal serial number (it is cheaper because a
renewal rebate is already considered in the price).
If you buy renewal from certified partners of Doctor Web, please

clarify the terms and conditions for each type of renewal in
advance, because they may differ from terms and conditions
described in this manual.
In general license renewal is performed according to the

following algorithm
1. After you specify the serial number or upload the key file, the
Dr.Web license server determines if you are using new
license or renewal licence.
2. If you have bought a new license for renewal you would be
asked to take advantage of a renewal rebate.
User Manual
Figure 40. Selection of renewal method for new licence
3. To take advantage of renewal debate, you should specify the

previous serial number or upload your current license key file
during registration of your new license. In this case extra 100
days will be added to the formal validity period of the renewed
license.
User Manual
Figure 41. Current licence key file window
Figure 42. Previous serial number window
Click Next to continue the registration and enter the user
User Manual
information.
4. If you select do not specify previous licence number, the

warning window appears.
Figure 43. Warning window
Click Next to continue registration without any bonus or

Back to specify the previous serial number or upload the
current key file.
If you do not specify the previous serial number and do not

upload the current key file, then the Dr.Web license server
will not be able to determine that you are using your new
license exactly for renewal and qualify for a rebate. So you will
receive a key file with a formal validity period, without any
bonus.
5. If you have bought the renewal serial number, then a

renewal rebate was already considered in the price. So you
must specify the previous serial number or upload your current
license key file during registration of your renewal serial number
to confirm that you use it exactly for renewal. As a result you
User Manual
will receive a key file with a formal validity period.
Figure 44. Select renewal method window
6. If you select do not specify previous licence number

without specifying the previous serial number or uploading the
current key file, then the Dr.Web license server will not be
able to determine that you are using your renewal serial
number as intended, and 100 days will be subtracted from a
formal validity period of the received key file, to compensate
the differential cost.
User Manual
Figure 45. Warning window
Click Next to continue registration or Back to specify the

previous serial number or upload the current key file.
7. If your previous license key file is already expired, then Dr.
Web for Linux will start using the new key file automatically.
Otherwise a number of days left before expiration of the
previous key file will be added to the validity period of the
new license key file.
User Manual
6. Command Line Parameters

Dr.Web Scanner, SpIDer Guard and Control Center
components support numerous command line parameters. They are
separated from specified path by white space and are prefixed by
hyphen «-». To get complete list of parameters, start the
corresponding component (drweb, drweb-spider or drweb-
cc) with -h or --help parameters.
6.1. Control Center Parameters

To get complete list of parameters for Control Center start the
drweb-cc component with -h or --help parameters.
· -c, --conf=FILE - specify path to the configuration file;
· -d, --debug=LEVEL - set up log verbosity level (possible
values: Errors, Alerts, Info, Verbose, Debug);
· -s, --scan {PATH1 PATH2} - if paths for scan are specified,
then corresponding directories will be scanned. If paths for
scan are not specified, then directories listed in schedule will
be scanned. If the Scheduler is disabled or no directories are
selected in the schedule list for scan, then the Scanner will
initialize and immediately stop its operation (for lack of objects
for check);
· -v, --version - output component's version number;
· -h, --help - output help on the program;
· -t, --tray - hide to a tray;
· -g, --guard - start Dr.Web SpIDer Guard.
6.2. SpIDer Guard Parameters

To get complete list of parameters for SpIDer Guard, start the
drweb-spider component with -h or --help parameters.
User Manual
· -c, --conf=FILE - specify path to the configuration file;

· -r, --restart - restart SpIDer Guard, if it is already
running;
· -s, --stdout - do not enter the daemon mode and
continue output operation log to stdout;
· -d, --debug=LEVEL - set up log verbosity level. Possible
values are taken from an interval [0...10], where: 0 - quiet, 2
- error, 4 - alert, 6 - info, 8 - verbose, 10 - debug;
· -i, --idle - SpIDer Guard will not check files;
· -v, --version - output component's version number;
· -h, --help - output help on the program.
6.3. Scanner Parameters

To get complete list of Scanner parameters, start drweb
component with -?, -h or -help parameters.
Main program parameters can be classified in the following way:

· scan area parameters;
· diagnostics parameters;
· actions parameters;
· interface parameters.
Scan area parameters determine where the virus check must be

performed. They include:
· path - specify path for scan. Several paths can be specified
in one parameter;
· @[+]<file> - check objects listed in the specified file.
Plus «+» instructs Scanner not to delete list-file after scan is
completed. List file may contain paths to directories that must
be scanned regularly, or list of files to be checked only once;
· sd - recursive search and scan of files in subdirectories
starting from the current directory;
· fl - follow links, both to files and directories. Links causing
loops are ignored;
User Manual
· mask - ignore masks for file names.
Diagnostics parameters determining what types of objects must be

scanned for viruses:
· al - scan all files on specified drive or in specified directory;
· ar[d|m|r][n] - scan files in archives (ARJ, CAB, GZIP,
RAR, TAR, ZIP, etc.).
d - delete, m - move, r - rename archives containing infected
objects, n - archiver name output disabled.
Archives can be in simple (*.tar) or compressed forms (*.
tar.bz2, *.tbz);
· cn[d|m|r][n] - scan files in containers (HTML, RTF,
PowerPoint,..).
d - delete, m - move, r - rename containers containing
infected objects, n - container type output disabled;
· ml[d|m|r][n] - scan files in mailboxes.
d - delete, m - move, r - rename mailboxes, containing
infected objects; n - mailbox type output disabled;
· up[n] - scan executable files packed with LZEXE, DIET,
PKLITE, EXEPACK;
n - packer type output disabled;
· ex - diagnostics using file masks (see FilesTypes
parameter in configuration file);
· ha - heuristic analysis (search for unknown viruses).
Actions parameters determine what actions must be performed if

infected or suspicious files are detected. They include:
· cu[d|m|r] - cure infected files: d - delete, m - move, r -
rename infected files;
· ic[d|m|r] - actions for incurable files: d - delete, m -
move, r - rename incurable files;
· sp[d|m|r] - actions for suspicious files: d - delete, m -
move, r - rename suspicious files;
· adw[d|m|r|i] - actions for files containing adware: d -
delete, m - move, r - rename, i - ignore;
· dls[d|m|r|i] - actions for dialers: d - delete, m - move,
r - rename, i - ignore;
User Manual
· jok[d|m|r|i] - actions for joke programs: d - delete, m

- move, r - rename, i - ignore;
· rsk[d|m|r|i] - actions for potentially dangerous
programs: d - delete, m - move, r - rename, i - ignore;
· hck[d|m|r|i] - actions for hacktools: d - delete, m -
move, r - rename, i - ignore;
Interface parameters configure Scanner report output:

· v, version - output information about product and
Engine versions;
· ki - output information about key file and its owner (in
UTF8 encoding only);
· foreground[yes|no] - enable Scanner to run in
foreground or in background;
· ot - output information to standard output (stdout);
· oq - disable information output;
· ok - display «Ok» for not infected files;
· log=<path to file> - logging to specified file;
· ini=<path to file> - path to alternative
configuration file;
· lng=<path to file> - path to alternative language
file;
· -a=<Control Agent address> - running Scanner in
central protection mode;
· --only-key - nothing but key file is received from the
Control Agent at start.
You can use hyphen «-» postfix to disable the following parameters:
-ar -cu -ha -ic -fl -ml -ok -sd -sp
For example, if you start Scanner with the following command:

$ drweb -path <path> -ha-
heuristic analysis (enabled by default) will be disabled.
By default (if Scanner configuration was not customized and no
User Manual
parameters were specified) Scanner starts with the following

parameters:
-ar -ha -fl- -ml -sd
Default Scanner parameters (including scan of archives, packed files

and mailboxes, recursive search, heuristic analysis, etc.) is sufficient
for everyday diagnostics and can be used in typical cases. You can
also use hyphen «-» postfix to disable some parameters, as it was
explained above.
Disabling scan of archives and packed files will significantly decrease

antivirus protection level, because in archives (especially, self-
extracting) enclosed in e-mail attachments viruses are distributed.
Office documents potentially susceptible to infection with macro
viruses (Word, Excel) are also dispatched via e-mail in archives and
containers.
When you run Scanner with default parameters, no cure actions

and no actions for incurable and suspicious files are taken. For these
actions to be performed, you must specify corresponding command
line parameters explicitly.
Set of actions parameters may vary in particular cases. We

recommend the following:
· cu - cure infected files and system areas without deletion,
moving or renaming infected files;
· icd - delete incurable files;
· spm - move suspicious files;
· spr - rename suspicious files.
When Scanner is started with Cure action specified, it will try to

restore the previous state of infected object. It is possible only if
detected virus is known virus, and cure instructions for it are
available in virus database, though even in this case cure attempt
may fail if infected file is seriously damaged by virus.
If infected files are found inside archives they will not be cured,
deleted, moved or renamed. To cure such files you must manually
unpack archives to the separate directory and instruct Scanner to
check it.
User Manual
When Scanner is started with action Delete specified, it will delete

all infected files from disk. This option is suitable for incurable
(irreversibly damaged by virus) files.
Action Rename makes Scanner replace file extension with a

certain specified extension («*.#??» by default, i.e. first extension
symbol is replaced with «#» symbol). Enable this parameter for files
of other OS (e.g., DOS/Windows) detected heuristically as
suspicious. Renaming helps to avoid accidental startup of executable
files in these OS and therefore prevents infection by possible virus
and its further expansion.
With action Move enabled Scanner will move infected or suspicious

files to the quarantine directory.
User Manual
Technical Support 92
Technical Support
The Dr.Web technical support web page is located at http://
support.drweb.com/.
If you experienced some problems during installation or operation of

the company’s products you may try to find a solution by yourself
before contacting the technical support department:
· Read the latest versions of product's documentation available
at http://solutions.drweb.com/;
· Read the FAQ section at http://support.drweb.com/;
· Search through the knowledge base of Dr.Web at http://
wiki.drweb.com/;
· Visit the Dr.Web users forum at http://forum.drweb.com/.
If the problems still cannot be solved, then you can contact the
technical support department by filling out a special web-form at
http://support.drweb.com/.
You can find the nearest office of Doctor Web company and
contact details at http://company.drweb.com/.
User Manual
© 2010 Doctor Web

Drweb Linuxcc 601 en

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Drweb Linuxcc 601 en

Transféré par

Droits d'auteur :

Formats disponibles

© 2010 Doctor Web. All rights reserved.

This document is the property of Doctor Web. No part of this

Antivirus Dr.Web® for Linux

Web site: www.drweb.com

Doctor Web develops and distributes Dr.Web® information

Dr.Web antivirus solutions are well known since 1992 for

We thank all our customers for their support and

2. Installation and Removal 9

3. General information on operation of

4.2. Managing the Quarantine 47

5. Using the License Manager 69

6. Command Line Parameters 86

1.1. Antivirus Dr.Web® for Linux

The core components of the program (anti-virus engine and virus

User-friendly interface of Dr.Web for Linux enables point-and-click

A quite intuitive arrangement of settings allows to adjust flexibly

Dr.Web for Linux consists of the following components each

This is a resident anti-virus component. It checks all files

This Manual is designed to help users of computers running GNU/

All screenshots and examples provided in this document were made

1.2. Document Conventions

Monospaced font Examples of code, command line input and

2. Installation and Removal

You must carefully uninstall all other packages of earlier product

Dr.Web for Linux solution distribution package for Linux OS is

Installation, deinstallation and upgrade procedures for Dr.Web for

In the process of setup dependencies are supported. For installation

In the process of deinstallation dependencies are also supported,

2.1. System Requirements

X server is required for successful operation of Dr.Web for Linux.

Also the following libraries and utilities must be installed on your

2.1.1. OS protected by SELinux

If your operating system is protected by SELinux, you may

Figure 1. Scanner error

To set up successful operation of Dr.Web Scanner and Dr.Web

Please note, that templates used in compilation of modules for

To create necessary politics you may use policygentool

# policygentool drweb-scanner /opt/drweb/drweb.

# policygentool drweb-daemon /opt/drweb/drwebd.

You will be prompted to enter a few common domain

To compile the [module_name].te file execute the following

Please note, that for successful policy compilation a checkpolicy

To compile a required policy execute the following command:

2.2. Package files location

drweb/, /etc/drweb/, /var/drweb/ and ~/.drweb/

For 64-bit systems lib64 subdirectory is created in /opt/

2.3. Installing Dr.Web for Linux

The following components are included into this distribution:

packages to be previously installed;

In distributions for 64-bit systems two other packages are included:

To install all the components of Dr.Web for Linux solution

# chmod +x drweb-workstations_[version number]~linux_x86.run

and then run it:

As a result drweb-workstations_[version number]

If the install GUI has failed to start, then interactive install script will

If you want only to extract the content of the package without

# ./drweb-workstations_[version number]~linux_x86.run --noexec

Or if you want to use console installer, you may run corresponding

During the installation the following processes take place:

After installation is finished in Applications menu a Dr.Web group

Figure 2. Dr.Web group and submenu option for startup and

2.4. Removing Dr.Web for Linux

If initialization has been performed without root privileges, then