Dr.Web (R) Configuration file
$Revision: 1.16.2.7.2.8 $



+-------------------------------------------------------------------+
|                          SECTION: Daemon                          |
|                                                                   |
| Daemon general settings.                                          |
+-------------------------------------------------------------------+


EnginePath = {FilePath} (/opt/drweb/lib/drweb32.dll)
drweb32.dll (Engine) location. This parameter is also used by Updater.


VirusBase = {Lookups} (/var/drweb/bases/*.vdb)
Masks for downloaded virus bases. This parameter is also used by the updating
module for updating of antivirus bases. Listing of several masks is allowable.


UpdatePath = {FilePath} (/var/drweb/updates)
Path to directory, where files dowloaded by updating module are stored (except
for drweb32.dll and virus bases). Value of this parameter is mandatory.


TempPath = {FilePath} (/var/drweb/spool)
Path to directory used by antivirus module (Engine) for creating of temporary
files. During normal operation process this directory is not used. It is used
for unpacking archives, or when system lacks memory resources.


LngFileName = {FilePath} ("/opt/drweb/lib/ru_daemon.dwl")
Path to the language file.


Key = {FilePath} (/opt/drweb/drweb32.key)
Location of the key file (license or demo).


PleskPublicKey = {FilePath} (/etc/drweb/plesk.key)
Path to Plesk public RSA key file.


OutputMode = {Quiet|Terminal} (Terminal)
Information output mode at start. "Terminal" value outputs information to
console, "Quiet" value disables output.


RunForeground = {Boolean} (no)
Yes value of this parameter disables the daemon mode of the Dr.Web Daemon,
i.e. to operate in the background without the controlling terminal. This option
can be used by certain monitoring tools (or example, by daemontools).


User = {String} (drweb)
User account with appropriate rights to run Daemon. It's recommended to create
special user "drweb" which will be used by Daemon and filters. Running Daemon
with Administrator privileges is insecure and therefore undesirable. User
parameter value cannot be changed when reloading configuration using SIGHUP!


UserID = {Digital} ()
ID of a user with appropriate rights to run Daemon. This parameter is ignored
when User parameter value is set. Value of this parameter cannot be changed
when reloading configuration using SIGHUP!


GroupID = {Digital} ()
ID of a group with appropriate rights to run Daemon. This parameter is ignored
when User parameter value is set. Value of this parameter cannot be changed
when reloading configuration using SIGHUP!


PidFile = {FilePath} (/var/drweb/run/drwebd.pid)
Path to file where Daemon PID and socket or the port number will be written to
at start. If several Socket parameters are specified, this file will contain
information aboutn all sockets set (one address per line).


BusyFile = {FilePath} (/var/drweb/run/drwebd.bsy)
Path to Daemon busy file. This file is created by Daemon scanning copy and
removed after successful execution of corresponding command. Names of the files
created by each copy of the Daemon are appended with a point and ASCIIZ
representation of PID (e.g., /var/run/drwebd.bsy.123456).


MaxChildren = {Digital} (16)
Maximum number of simultaneously running child scanning processes. The main
Daemon process does not perform the scan, therefore the maximum number of
Daemon processes in the system will be 1 process greater than the specified
value. Recommended value range is from 3 to 16 processes per CPU.


PreFork = {Boolean} (yes)
If parameter value is set to "No", new child process will be created for each
scanned object. If parameter value is set to "Yes", Daemon will create as many
child processes, as equals to the MaxChildren parameter value immediately after
start. PreFork mode is faster in operation, but consumes more memory resources
(because child processes are memory-resident). Value of this parameter cannot
be changed when reloading configuration using SIGHUP!


MailCommand = {String} ("/usr/sbin/sendmail -i -bm -f drweb -- root")
Command used by Daemon and Updater to send notifications to a user
(administrator) via e-mail. Daemon uses this feature at every start (restart,
reboot), if less than two weeks left until the key file (one of key files)
expires. Updater uses this feature to send information bulletins by Doctor Web,
Ltd.


NotifyPeriod = {Digital} (14)
Number of days before license key expiration to start sending notifications
about license renewal. When parameter value is set to 0, notifications will be
sent only when license key is expired.


NotifyFile = {FilePath} (/var/drweb/.notify)
Path to file with a timestamp of last notification sent to Administrator about
license key expiration.


NotifyType = {Ever|Everyday|Once} (Ever)
Frequency of notifications dispatch. When parameter value is set to "Once",
notification will be sent only once. With "Everyday" value specified
notifications will be sent once a day. With "Ever" value specified
notifications will be sent at every reload of the Daemon and after every
update.


FileTimeout = {Digital} (30)
Maximum file scan time during single session.


StopOnFirstInfected = {Boolean} (no)
Termination of message scan after detection of the first virus. With "Yes"
value specified mail-server load and message check time can be reduced
considerably.


ScanPriority = {String} (0)
Daemon processes priority. The range of this parameter value must be within
-20 (highest priority) to 20 (lowest priority).


FilesTypes = {MultiString}
File types to be checked during "by type" scan, i.e. when ScanFiles parameter
has the ByType value. "*" and "?" symbols are accepted. Several lines can be
specified for this parameter, and in this case the specified lists are summed
up.


FilesTypesWarnings = {Boolean} (yes)
Unknown file types alert.


ScanFiles = {ByType|All} (All)
Additional restriction for files to be checked. When ByType value is being set,
file extensions set by default or specified in FilesTypes parameter are taken
into account. All value must be set for e-mail files. ByType value is used only
for local scan mode.


CheckArchives = {Boolean} (yes)
Whether to unpack ZIP (WinZip, InfoZIP...), RAR, ARJ, TAR, GZIP and CAB
archives, or not.


CheckEMailFiles = {Boolean} (yes)
Whether to scan files in e-mail formats, or not.


ExcludePaths = {Lookups} (/proc,/sys,/dev)
Masks for files to be excluded from scan by Daemon.


FollowLinks = {Boolean} (no)
Whether to follow symbolic links, or not.


RenameFilesTo = {String} (#??)
Mask for renaming files using custom file extension, if "Rename" action is
specified for infected or suspicious files. The first character of the file
extension is replaced with "#", and two subsequent characters will be
preserved. If a file has no extension, it will consist of only one "#" symbol.


MoveFilesTo = {DirPath} (/var/drweb/infected)
Path to quarantine directory.


BackupFilesTo = {DirPath} (/var/drweb/infected)
Path to directory used to store backups of infected files, which have been
cured.


LogFileName = {FilePath} (syslog)
Log filename. When "syslog" value is specified, report will be logged using
syslogd system service. Since syslog records information about various events
of different importance in several files, you can find out where information
about Scanner operation is stored using SyslogFacility and SyslogPriority
parameters and syslog configuration file (usually /etc/syslogd.conf).


SyslogFacility = {
   Mail|
   User|
   Kern|
   Local7|
   Local6|
   Local5|
   Local4|
   Local3|
   Local2|
   Local1|
   Local0|
   Daemon
} (Daemon)
Sets the log type when using syslogd system service.


SyslogPriority = {Error|Info|Notice|Warning|Alert} (Info)
Sets the log priority when using syslogd system service.


LimitLog = {Boolean} (no)
Specifies whether the log file size must be limited, or not. Parameter is
ignored when LogFileName parameter value is "syslog". When current log file
size exceeds the value set for MaxLogSize parameter, log file is erased and
started over from scratch.


MaxLogSize = {Digital} (512)
Maximum log file size. Can be used with LimitLog = Yes only.


LogScanned = {Boolean} (yes)
Whether to log or not information about all checked objects (infected and
clean).


LogPacked = {Boolean} (yes)
Whether to log or not additional information about files packed by DIET, PKLITE
and similar utilities.


LogArchived = {Boolean} (yes)
Whether to log or not additional information about files archived by RAR, ZIP,
TAR and similar archivers.


LogTime = {Boolean} (yes)
Whether to log or not the time for each record. This parameter is not used when
LogFileName is set to "syslog".


LogProcessInfo = {Boolean} (yes)
Whether to log or not clients address (hostname or IP) anp PID of every
scanning process.


RecodeNonprintable = {Boolean} (yes)
Output mode for nonprintable characters.


RecodeMode = {QuotedPrintable|Replace} (QuotedPrintable)
With RecodeNonprintable value set to "Yes" this parameter specifies decoding
method for nonprintable characters. If its value is set to "Replace", all such
characters are replaced with the RecodeChar parameter value. If its value is
set to "QuotedPrintable", Quoted Printable format is used for decoding.


RecodeChar = {Char} ("?")
Defines symbol to replace nonprintable characters if RecodeMode parameter value
is set to "Replace".


Socket = {MultiStringSimple}
Description of socket used for communication with Daemon. First string
describes TCP-socket: "PORT" - decimal port number, "interfaces" - list of
listening interface names or IP-addresses. Second string describes
unix-sockets: "FILE" - socket name, "access" - octal value of access rights.
Number of Socket parameters is not limited. Daemon will work with all correctly
described sockets.


SocketTimeout = {Digital} (10)
Timeout to receive/send all data through socket (not considering
scanning time).


ListeningQueue = {String} (128)
Maximum socket queue size. Value must be from 0 to SOMAXCONN (depends on OS).


MaxCompressionRatio = {String} (500)
Maximum compression ratio, i.e. ratio of the unpacked file length to the
length of packed file in archive. If the ratio exceeds value specified for this
parameter, file will not be extracted and therefore will not be checked.


CompressionCheckThreshold = {Digital} (1024)
Minimum size of a file inside archive beginning from which the compression
ratio check will be performed (if this is specified by the MaxCompressionRatio
parameter).


MaxFileSizeToExtract = {Digital} (40960)
Maximum size of a file to be extracted from archive. If the file size exceeds
this value specified in this parameter, it will be skipped.


MaxArchiveLevel = {Digital} (8)
Maximum archive nesting level (archive in archive in archive, etc.).


ScanEncodedHeaders = {Boolean} (no)
Whether to process or not message headers before decoding. For example, using
"Yes" value with rule RejectCondition Subject = "iso-8859-5" allows to filter
out all messages with "Subject" field in iso-8859-5 encoding. Please note that
with this parameter enabled headers of each message will be processed twice:
before decoding and after it.


Description of filtering rules. Rules consist of a header name and a regular
expression describing the given field value. Several rules can be combined by
round brackets and logical operators. Also "!=" operator (not equal) can be
used.
Special filtering rules include conditions "No HEADER" (means absence of this
field, e.g., following the rule "RejectCondition No From" the messages without
the "From" field will be filtered), HEADER = "8bit" (the field contains 8-bit
symbols).


+-------------------------------------------------------------------+
|                         SECTION: Updater                          |
|                                                                   |
| Updater general settings.                                         |
+-------------------------------------------------------------------+


UpdatePluginsOnly = {Boolean} (no)
"Yes" value enables updating of plug-ins only, without updating of Daemon and
Scanner at the same time.


Section = {Scanner|Daemon} (Daemon)
Defines which component must be updated. Information about files to be updated
is received from corresponding sections of configuration file. This value can
be overridden by command line parameter --what at startup.


ProgramPath = {FilePath} (/opt/drweb/drwebd)
Path to program files. Used by Updater to get product versions and API versions
for installed binaries.


SignedReader = {FilePath} (/opt/drweb/read_signed)
Path to program used by Updater to read signed files.


LzmaDecoderPath = {DirPath} (/opt/drweb)
Path to program used by Updater to unpack lzma-archives.


LockFile = {FilePath} (/var/drweb/run/update.lock)
Path to file used to prevent sharing of certain files during update.


CronSummary = {Boolean} (yes)
Enables output of update session log to stdout. It is used by cron daemon for
sending notifications to administrator.


DrlFile = {FilePath} (/var/drweb/bases/update.drl)
Path to file with list of currently available update servers. Updater randomly
selects server for each update session. This file is signed by Dr.Web. and
cannot be changed manually. It is updated automatically.


DrlDir = {DirPath} (/var/drweb/drl)
Path to directory containing signed *.drl files with lists of update servers
for Dr.Web plugins (e.g. VadeRetro antispam library) to be updated.


Timeout = {Digital} (90)
Timeout for updates to be downloaded. When this value is left empty, download
time is not limited.


Tries = {Digital} (3)
Number of attempts Updater makes to download updated files.


ProxyServer = {Address} ()
IP-address of a proxy server to be used during update process. If you do not
have proxy server, leave this value empty.


ProxyLogin = {String} ()
Proxy server authentication username. If you do not have proxy server, leave
this value empty.


ProxyPassword = {String} ()
Proxy server authentication password. If you do not have proxy server, leave
this value empty.


LogFileName = {FilePath} (syslog)
Log filename. When "syslog" value is specified, report will be logged using
syslogd system service. Since syslog records information about different events
of various importance to several files, you can find out where information
about Updater operation is stored using SyslogFacility and SyslogPriority
parameters and syslog configuration file (usually /etc/syslogd.conf).


LogLevel = {Quiet|Error|Alert|Info|Debug|Verbose} (Verbose)
Log verbosity level.


