Operating Principles

 Top  Previous  Next

The SpIDer Gate component monitors network connections established by user applications. The component checks whether the host to which the client application is trying to connect belongs to any of the web resources categories specified in the settings as unwanted. Moreover, the component can refer to Dr.Web Cloud service to check a URL. If the URL belongs to any of the unwanted categories (including that one which was returned by the request of Dr.Web Cloud service) or to a black list defined by the system administrator, the connection is interrupted, and the HTML page, containing the message that the access is not allowed, is shown (in case of HTTP/HTTPS connection). The HTML page is generated by SpIDer Gate according to the template supplied with the component. This page contains details upon the block. The similar page is displayed to the client if SpIDer Gate finds a threat that must be blocked in the contents of the server response.

Dr.Web Firewall for Linux auxiliary component redirects connections with remote servers, which are established by the client applications. The component performs dynamic control of the NetFilter rules of GNU/Linux system component. The operation scheme for the component of monitoring network traffic and URLs is shown in the figure below.

Within Dr.Web for UNIX server products a client application is a protected server resource of the company, (for example, a web server with public access), because by default the component Dr.Web ICAPD performs functions of managing access of the local network users user to the Internet. This component operates together with the proxy-server providing Internet access from the local network.

Figure 1. Diagram of the components’ operation

In this scheme, the following notations are used:

 

— Dr.Web for UNIX as a whole and external Dr.Web applications together with systems which are not included in the solution.

 

— external to Dr.Web for UNIX programs and products for its integration.

 

— Components that are included in Dr.Web for UNIX engine. Other product components use the engine as a service that performs anti-virus checks.

 

— Service components designed to perform particular anti-virus protection functions (for example, scanning file system objects, updating virus databases, managing the operation of the product).

 

— Components that provide the user with the interface for Dr.Web for UNIX.

 

— Quarantine as a set of file system directories which store isolated malicious files.

Components marked with a dashed line can be missing depending on the distribution.

The same component is used to update virus databases for the Dr.Web Scanning Engine. The latter one initiates scanning via the scanning engine—<%SE_NAME%>.To check transferred data, <%ICAP_NAME%> uses the <%NCHECK_NAME%> distributed scanning agent. The same component is used to update virus databases for the scanning engine—<%SE_NAME%>. The <%CLOUD_NAME%> component is used to refer to the Dr.Web Cloud service (the use of the cloud service is configured in the main settings of <%PRODUCTNAME%> and can be disabled, if necessary). The Dr.Web CloudD component is used to refer to the Dr.Web Cloud service (the use of the cloud service is configured in the main settings of Dr.Web for UNIX and can be disabled, if necessary). To scan transferred data, SpIDer Gate uses the Dr.Web Network Checker distributed scanning agent. The latter one initiates scanning via the Dr.Web Scanning Engine.