Program Structure

Top  Previous  Next

Dr.Web for Linux consists of the following components:

Component

Description

Scanner

The component which performs scanning of file system objects (files, directories, boot records) at user’s request or as scheduled to detect threats. The user can start scans when operating in graphical mode or from the command line.

File system monitor SpIDer Guard

The component which operates in resident mode and monitors file operations (creation, opening, closing, and running of a file). It sends Scanner tasks to scan new and modified files or executable files upon a program startup.

Network connections monitor SpIDer Gate

The component which works in resident mode and monitors all network connections.

It checks whether the requested URL falls into the unwanted category of web resources or in the user’s black list, and, if so, blocks access to the resource.

Blocks transfer of email messages if they contain malicious objects or unwanted links.

The component also sends Scanner tasks to scan files downloaded from the Internet (from servers whose access is not restricted) and blocks their download if they contain threats.

Additionally, if it has the permission from the user, the component sends URL to Dr.Web Cloud service for a check.

Anti-virus Engine

The core component of the anti-virus protection. It is used by Scanner to detect viruses and malicious programs as well as algorithms to analyze suspicious behavior.

Virus database

Automatically updated database used by anti-virus engine. The database contains information for detection and curing of known threats.

Database of web resource categories

Automatically updated database used by SpIDer Gate. The database contains information on web resources assigned to pre-defined categories. It is used for blocking access to web resources included to categories that are marked as unwanted.

Updating component

It automatically downloads updates of the virus databases, databases of web resource categories and anti-virus engine from Doctor Web servers (both scheduled and on demand).

License Manager

The component simplifies work with licenses in graphical mode. It allows to activate license or demo period, view information about the current license, renew it, and install or remove the license key file.

Apart from the additional service components, Dr.Web for Linux also includes additional service components running in background. They do not require any user intervention.

SpIDer Guard, the file system monitor, can operate in one of the following modes:

FANOTIFY—using the fanotify monitoring interface (not all GNU/Linux-based OSes support this mode)

LKM—using the loadable Linux kernel module (compatible with any GNU/Linux-based OS with kernel 2.6.x and newer)

By default, the file system monitor automatically chooses the appropriate operation mode according to the environment. If SpIDer Guard cannot be started, build and install a loadable kernel module by using the supplied source codes.