Operating Principles

The component is designed to check both the content of files in the local file system and the streams of data transmitted by a client application via a socket. Such checks are performed by the component at the request of a client application. Moreover, the component can check the content of those files for which a client application passed an open file descriptor via a socket.

File checks based on a passed file descriptor can be performed only if the descriptor was passed via a local UNIX socket.

If a client application has provided a path to a file, the component sends the scanning task to the component for file checking—Dr.Web File Checker; otherwise, the component transmits data, received via the socket, to the distributed scanning agent—Dr.Web Network Checker, as shown in the figure below.

Figure 1. Diagram of the components’ operation

By default, the component is not automatically launched upon the startup of Dr.Web for UNIX. To enable starting of the component, it is necessary to set the Yes value for the Start parameter and to define at least one connection point for client applications. After that, the component starts waiting for external applications’ requests to scan files or data streams. In the component’s settings, you can configure several connection points for client applications and adjust different scanning settings for each of the points, if required.

Detected threats cannot be neutralized by Dr.Web for UNIX; the client application receives only the results of the scanning. Thus, any detected threats should be neutralized by the client application.