Administrator Manual
Contents
1.2. 2011 Doctor Web Ltg Confidentiality policy Figure 2 4 Download section for Dr Web Browser Plugin 3 In the plug in download section version of current browser and offered plug in bit rate x86 or x64 are represented For UNIX system based systems you can select distribution kit for corresponding OS from the drop down list 4 To download and save the plug in click Download After this you can install the plug in manually 49 Ta AN ys Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 5 To change the bit rate of the plug in click the link under download button after this you can download installer as described at step 4 To install the Dr Web Browser Plugin under Windows OS 1 Run the installation fie On the Welcome page of the InstallShield Wizard click Next 2 On the License Agreement page read the agreement To accept the agreement and proceed with the installation select I accept the terms of the license agreement and click Next To exit the wizard click Cancel 3 A window for changing the default installation folder will be opened If necessary click Change and specify the installation folder Click Next 4 Click Install The installation begins Further actions of the installation program do not require user intervention 5 When installation completes click Finish To install the Dr Web Browser Plugin under UNIX system based OS
3. 5 2 3 3 Installation of the Dr Web Enterprise Agent via the Network Installer 59 2 4 Remote Installation of the Dr Web Enterprise Agent under Windows OS 64 2 4 1 Installation of the Dr Web Enterprise Agent Software via the Dr Web Control Center 67 2 4 2 Installation of the Dr Web Enterprise Agent Software via Active Directory 71 2 5 Installation of NAP Validator 78 2 6 Installation of Proxy Server 79 2 7 Removing the Dr Web Enterprise Security Suite Components 82 2 7 1 Uninstalling the Dr Web ESS Software for Windows OS 82 2 7 2 Uninstalling the Dr Web Enterprise Agent Software through Active Directory 85 2 7 3 Uninstalling the Dr Web Enterprise Server Software for UNIX System Based OS 85 Chapter 3 Components of an Anti Virus Network and Their Interface 88 3 1 Dr Web Enterprise Server 88 3 2 Dr Web Enterprise Agent 91 3 3 Dr Web Control Center 96 3 3 1 Administration 101 3 3 2 Anti Virus Network 103 3 3 3 Preferences 108 3 3 4 Neighborhood 113 3 3 5 Help 114 3 4 Dr Web Control Center Components 115 3 4 1 Network Scanner 115 Aq P aN A v 3 4 2 License Manager 3 5 The Interaction Scheme of an Anti Virus Network Components Chapter 4 Getting Started General Information 4 1 Establishing a Simple Anti Virus Network 4 2 Setting the Network Connections Chapter 5 Anti Virus Network Administrators 5 1 Authentication of Administrators 5 2 Types of Administrators 5 3 Management o
4. 6 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components keys refuse to create a new DB type no press ENTER and specify the full path to the existing keys If you do not have saved keys press ENTER to create new encryption keys In case you are installing via the deb packages you will be asked to specify the administrative password login admin You can leave the default password root If you set you own password for safety reasons the typed password is not displayed on the screen You must type the password twice if specified passwords are differ you will have to repeat the procedure follow the instructions in appearing messages The password should not be less than 4 characters e For other cases you will be asked to specify the administrative password login admin During password setting for safety reasons the typed password is not displayed on the screen You must type the password twice if specified passwords are differ you will have to repeat the procedure follow the instructions in appearing messages The password should not be less than 8 characters It is not allowed to use national characters in administrator password After upgrade and manual initialization of DB administration password is reset to default value For reasons of security policy it is strongly recommended do not leave default registration data Registration data login and password are
5. Chapter 1 Welcome to Dr Web Enterprise Security Suite Optional components SplDer Guard a file monitor constantly resides in the main memory and checks all opened files on removable media and files opened for writing on hard drives on access Besides the guard constantly monitors running processes for virus like activity and if they are detected blocks these processes and informs the user about it e SplDer Mail a mail monitor also constantly resides in the memory The program intercepts all calls from your mail clients to mail servers via POP3 SMTPIMAP4 NNTP protocols and scans incoming or out going mail messages before they are received or sent by the mail client SplDer Gate an HTTP guard constantly resides in the computer memory and intercepts addresses to web sites The guard neutralizes malicious software in http traffic for example viruses in uploaded and downloaded files and blocks access to suspicious or incorrect resources Dr Web Office Control resides in the computer memory and with the respective settings control access to network resources and specified local resources In particular allows you to limit access to specific web sites which helps you control access to inappropriate web content The component helps you ensure integrity of important files and protect them from threats as well as limit access to inappropriate web sites for your employees Dr Web FireWall protects your computer
6. Stop and restart via the Control Center e In the Administration section use buttons to restart to stop e Using the console commands run from the bin subfolder of the Server installation folder see also Appendix H5 Dr Web Enterprise Server e drwcsd start start the Server e drwcsd restart total restart of the Server service e drwcsd stop normal shutdown of the Server 3 2 Dr Web Enterprise Agent Principle of Operation Workstations are protected from virus threats by the Dr Web anti Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface virus packages designed for correspondent OS The packages operate by Enterprise Agents which is installed and constantly resided in the memory of protected workstations They maintain connection to Enterprise Server thus enabling administrators to centralized configure anti virus packages on workstations from the Dr Web Control Center schedule anti virus checks see the statistics of anti virus components operation and other information start and stop remotely anti virus scanning etc Enterprise Servers opportunely download updates and distribute them to the Agents connected to them Thus due to Enterprise Agents antivirus protection is implemented maintained and adjusted automatically without user intervention and irregardless of user s computer skills In case an anti virus station is outside the anti virus network
7. installation folder By default it is Program Files DrWeb Enterprise Suite on the system drive id lt station_id gt sets identifier for the station on which Agent will be installed log lt log_file gt the folder for the installation and deinstallation logs Full path to the installation log file it is set for the Agent installation or deinstallation log file it is set for the Agent unistallation By default installation logs are saved to the 1ogs subfolder set by home for installation By default deinstallation logs are saved to the folder selected by the user for storage of temporary files w If the log switch is not set log file names are generated automatically using the GUID and the computer name verbosity lt details_level gt level of detail of the log similar to the Agent The default value is ALL This key defines the log level of detail set by the subsequent log key read above One instruction can contain several switches of this type Ta J N aX Appendices 359 The verbosity and log switches are position relative In case of using these keys simultaneously the verbosity switch must be set before the log switch the verbosity switch redefines detail level of logs that reside in folder specified in the following switch regagent register the Agent in the list Add or Remove Programs platforms pl p2 p3 platforms load
8. 10 11 12 13 14 15 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components When the Agent software is installed on several computers at the same time you can specify several IP addresses or computer names with a hyphen for example 10 4 0 1 10 4 0 10 separated by a comma with a whitespace for example 10 4 0 1 10 4 0 10 10 4 0 35 10 4 0 90 e with a network prefix for example 10 4 0 0 24 Besides you can enter computer domain names instead of the IP addresses By default the Agent software is installed to C Program Files DrWeb Enterprise Suite If necessary specify another location in the Install path field By default in the Server field the IP address or the DNS name of Enterprise Server to which the Dr Web Control Center is connected are given If necessary specify the Server address from which the anti virus software will be installed In the Installer executable field the full name of the network installer is specified If necessary edit it and reselect the public key in the Public key field The paths to the public key and the executable file must be specified in the network address format If necessary type the network installer command line parameters in the Additional parameters field read more in Appendix H4 Network Installer In the Log level field specify the level of detail In the Log level drop down list select the level
9. 2193 means a TCP protocol port 2193 on an IPv6 interface 0000 0000 0000 0000 0000 0000 0000 0000 3 localhost 2193 the same 4 tcp 9999 Ta AN ax Appendices 320 value for the Server the default interface depending on the application usually all available interfaces port 9999 value for client the default connection to the host depending on the application usually localhost port 9999 5 tcp TCP protocol default port 6 spx 00000000 000000000001 2193 means socket SPX loopback 0 x2193 UDS Addresses Connection oriented protocol unx lt file_name gt Datagram oriented protocol udx lt file_name gt Examples 1 unx tmp drwcsd stream 2 unx tmp drwcsd datagram Connection Oriented Protocol lt protocol gt lt socket address gt where lt socket address gt sets the local address of the socket for the Server or a remote server for the client Datagram Oriented Protocol lt protocol gt lt endpoint socket address gt lt interface gt Ta 2 i ax Appendices 321 Examples 1 udp 231 0 0 1 2193 means using a multicast group 231 0 0 1 2193 on an interface depending on the application by default 2 udp EFIS 231 0 0 1 2193 means using a multicast group f f 18 231 0 0 1 on an interface depending on the application by default 3 udp application dependent interface and endpoint 4 udp 255 255 255 255 9999
10. 8 5 4 Using Several Dr Web Enterprise Servers with One Database For creation of the anti virus network with several Servers and one DB the following prescriptions must be implemented 1 All Servers must have the same drwcsd pub drwcsd pri encryption keys certificate pem private key pem certificates and the agent key Agent key file In the webmin conf Server configuration file the same DNS name of the Server must be specified in the ServerName parameter for all Servers At the network DNS server the common cluster name must be registered for each Server and load balancing must be set Each Server must have its own enterprise key key file with the ID1 unique identifier In the drwcsd conf Servers configuration files the same external DB must be specified for all Servers 256 Ta AN ys 6 Chapter 8 Configuring the Dr Web Enterprise Server In the Server schedule the Purge Old Data Prepare and send fiscal report periodic job Backup sensitive data Purge old stations Purge expired stations Purge old data Purge unsent IS events tasks must be specified only for one Server the most productive if the configuration is differ 257 Ta J N ax Chapter 9 Updating the Dr Web Enterprise 258 Security Suite Software and Its Components Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components Before updating Dr Web ESS and its components ensure A
11. Appendices 376 Possible switches help show help message on switches for Proxy server setting daemon for UNIX system based OS only run the Proxy server as daemon control lt arg gt for Windows OS only specify parameters for service configuration Allowed parameters e run by default run the Proxy server in a background mode as a Windows OS service e install install the Proxy server e uninstall uninstall the Proxy server cfg lt path gt path to the Proxy server configuration file pool size lt N gt pool size for clients connections Default is 2 trace enable detailed logging of Proxy server calls Available only if the Proxy server supports calls stack tracing use console log write Proxy server log to console use file log lt file gt write Proxy server log to a file where the lt file gt is a path to log file rotate lt N gt lt f gt lt M gt lt u gt Proxy server log rotation mode where e lt N gt total number of log files including current log file e lt f gt log files storage format possible values z gzip compress file uses by default or p plain do not compress files e lt Mp gt file size e lt u gt unit measure possible values k kilo m mega g giga By default it is 10 10m which means storing of 10 files 10 megabytes each use compression Ta J N ax Appendice
12. HTML format XML format Ta J N ax Chapter 7 Administration of Workstations 7 7 Setting Some of Anti Virus Components The set of the components parameters and recommendations to their configuring are described in the manual Dr Web Anti Virus for Windows User Manual and Dr Web Agent for Windows User Manual Sections below describe settings of some anti virus components which are differ from settings available at the station 7 7 1 Configuring Office Control for Access to Resources and Web Sites under Windows OS You can centralized restrict access to certain local resources and Web sites For this the Dr Web Office Control component is used To adjust Office control via the Dr Web Control Center 1 To open the settings window select the Network item in the main menu then click the name of the station or group in the hierarchical list and select Dr Web Office Control in the control menu panel on the left 2 Select the blocking settings in the General tab and specify resources files and folders access to which you wish to restrict Set the Enable blocking flag to activate blocking of local resources and removable devices Set the Block removable devices flag to restrict access to removable devices 212 A N T A A A yy vV Chapter 7 Administration of Workstations 213 Set the Protect files and folders flag to restrict access to spe
13. Message text Dear users The Dr Web Firewall component was installed on you computer Details on functionality of this component you can find link Sincerely Administration URL http drweb com Text here Show delivery status set the flag to be notified of message delivery to the user Logo File Format A file with graphics logo inserted in a message should comply with the following requirements 1 File graphic format bmp 2 Bit depth any 8 24 bit 3 Maximum size of the visible part of a logo 120x90 px width x height Additional 2x2 px are allowed for a border of transparency pixels see p 4 i e the full maximum size of an image makes up 122x92 px see figure7 2 Chapter 7 Administration of Workstations x a So Transparency Image a border pje 1 px Max 120 px Figure 7 2 Logo file format 4 Logo file size may not exceed 512 KB 5 In case the Use transparency option was selected when sending a message the first pixel in the position 0 0 is declared transparent All pixels of the same color as the initial color of this pixel will become transparent the window background will be displayed instead If you enable the Use transparency option for a rectangular logo it is recommended to make a rectangular border to avoid erroneous transparency of the pixels of the image itself Enabling the Use transparency option will be useful in case of a nonstandard
14. 1 Stop the Enterprise Server if it is running see Start_and Stop the Dr Web Enterprise Server 2 Import the content of the database from the correspondent backup file The command line will look as follows 431 Ta J N ax Frequently Asked Questions 432 C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all importdb lt path_to_the_backup_file gt database dz The command must be entered in a single line It is presumed that Enterprise Server is installed to the C Program Files DrWeb Enterprise Server folder 3 Start the Enterprise Server see Start_and_ Stop the Dr Web Enterprise Server To restore DB from backup in case of changing the Dr Web Enterprise Server version or corruption of the previous DB version 1 Stop the Enterprise Server if it is running see Start_and Stop the Dr Web Enterprise Server 2 Remove the current DB To do this 2 1 For the internal DB a Remove dbinternal dbs file b Initialize a new database In Windows the command line will look as follows C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all initdb D Keys agent key lt password gt The command must b
15. Chapter 7 Administration of Workstations The Use disk to make swap file flag instructs to use the hard drive for swap creation in case of RAM misplace while scanning large files such as large archives and etc The Restore access date flag instructs to restore the last date of access to the file after scanning replace the date on the one before scanning The Auto save settings flag instructs to save Scanner configuration settings after current session automatically e In the Scan priority list sets thread priorities in the scan process Select one of the referred e idle it is not recommended to set this priority level to avoid slowing down the Scanner operating and considerable increasing of scanning time e lowest e below normal e normal recommended scan priority e above normal e highest e time critical it is not recommended to set this priority level to avoid intense loading of operating system by the Scanner during scan Log Control At the Log control tab you can set the parameters of Scanner log file To do this set the Write report to file flag and configure necessary parameters Sound Control for setting parameters via the item of the control menu At the Sound Control tab you can set the sound files for events of certain types To do this set the Play sounds flag and specify the names of the sound files for listed events 201 Ta J N ax Chapter 7 Administration of Work
16. In the Body entry field the text of the message can be edited To add variables use drop down lists in the message header 3 To save edited template click Save If you use an external editor for editing templates A remember that the text of the templates requires UTF 8 encoding We do not recommend you to use Notepad or other editors which insert a byte order mark BOM to indicate that the text is encoded in UTF 8 UTF 16 or UTF 32 8 2 Dr Web Enterprise Server Logging Enterprise Server logs the events connected with its operation Its name is drwcsd log The log file resides by default Under UNIX OS e for Linux var opt drwces log drwcsd log Ta J N ax Chapter 8 Configuring the Dr Web Enterprise 236 Server e for FreeBSD and Solaris var drwcs log drwcsd log e Under Windows OS in the var subfolder of the Server installation folder It is a plain text file see Appendix L Log Files Format The Server log helps to detect the problem in case of an abnormal operation of the Dr Web ESS anti virus 8 3 Setting the Dr Web Enterprise Server Schedule To schedule tasks for the Dr Web Enterprise Server via the Dr Web Control Center 1 Select the Administration item in the main menu and click Dr Web Enterprise Server Schedule in the control menu The list with the current tasks of the Server will be opened 2 To remove a task from the list set the flag against it and click ix Remove
17. Programs menu for the Windows 2000 Server OS select Administrative Tools Active Directory Users and Computers when you install Agent in the graphic mode this window displays automatically In the domain containing the computers on which Enterprise Agents are to be installed create an organizational unit hereinafter OU name it for example ESS To do this in the domain context menu select New Organizational unit In the opened window type the new unit name and click OK Include the computers on which the Agent is to be installed into this unit Open the group policy editor To do this a for Windows 2000 2003 Server OS on the OU context menu select Properties In the opened window go to the Group Policy tab b for Windows 2008 Server OS select Start Administrative tools gt Group Policy management For the created OU set the group policy To do this a for Windows 2000 2003 Server OS click Add and create an element named ESS policy Double click it 75 Ta AN ax 10 11 12 13 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components b for Windows 2008 Server OS on the OU context menu select Create a GPO in this domain and Link it here In the opened window specify the name of the new group policy object and click OK In the new group policy context menu select Edit In the Group Policy Object Editor window specify the setti
18. groups only on the toolbar in H Tree settings clear the All groups membership flag 161 Ta 2 AN ax Chapter 6 Groups Integrated Workstations Management Setting the Primary Group There are several ways how to set a new primary group for a workstation or a group of workstations To set primary group for station 1 2 3 4 In the main menu select Network then click the name of a workstation in the hierarchical list In the control pane left pane select Properties In the Station Properties window select the Groups tab In necessary click a group in the Membership in list to set the group as primary Click Save To set primary group for several stations 1 In the main menu select Network In the hierarchical list click the name of the workstations or groups of workstations for which you want to set a primary group To select several workstations press and hold CTRL or SHIFT during selection On the toolbar click General H Set a primary group for the stations This opens the window listing the groups which can be set as primary for the selected workstations In the window click the name of a group you want to set as primary for the workstations You can also make a group primary for all workstations included into it To do this select the necessary group in the catalog and on the toolbar click General M Become primary 6 4 2 Propagation of Settings to
19. sequence number 1 2 etc For example the log file name is set to file log see the log switch above then e file log current log file e file 1 log previous log file e file 2 log and so on the greater the number the older the version of the log verbosity lt details_level gt log level of detail INFO is by default Allowed values are ALL DEBUG3 DEBUG2 DEBUG1 DEBUG TRACE3 TRACE2 TRACEI TRACE INFO NOTICE WARNING ERROR CRIT The ALL and DEBUG3 values are synonyms see also Appendix L Log Files Format This switch defines the log level of detail set by the subsequent log switch read above One instruction can contain several switches of this type The verbosity and log switches are position relative In case of using these keys simultaneously the verbosity switch must be set before the log switch the verbosity switch redefines detail level of logs that reside in folder specified in the following switch trace to log in detail the location of error origin retry lt quantity gt the number of attempts to locate the Server by sending multicast requests if Server search is used before the failure is reported 3 is set by default Ta J N s Appendices timeout lt time gt the waiting limit of each reply in seconds for Server searching Reply messages reception will be active while the reply
20. 220 220 229 231 233 235 236 239 239 241 241 244 245 247 254 256 258 258 258 8 Ta AN ax 9 1 2 Upgrading Dr Web Enterprise Server for UNIX System Based OS 9 1 3 Upgrading Dr Web Browser Plugin 9 1 4 Upgrading Dr Web Enterprise Agent 9 2 Manual Updating of the Dr Web ESS Components 9 3 Scheduled Updates 9 4 Updating the Repository of a Server not Connected to the Internet 9 5 Update Restrictions for Workstations 9 6 Updating Mobile Dr Web Enterprise Agents 9 7 Replacing Old Key Files with New Ones Chapter 10 Configuring the Additional Components 10 1 Proxy Server 10 2 NAP Validator Appendices Appendix A The Complete List of Supported OS Versions Appendix B The Description of the DBMS Settings The Parameters of the DBMS Driver Appendix B1 Setting Up the ODBC driver Appendix B2 Setting Up the Database Driver for Oracle Appendix B3 Setting Up the Database Driver for SQL CE Appendix B4 Using the PostgreSQL DBMS Appendix C The Description of the Notification System Parameters 263 268 268 269 271 272 274 276 277 280 280 284 288 288 294 296 299 302 305 309 9 Ta AN ax Appendix D The Parameters of the Notification System Templates Appendix E The Specification of Network Addresses E1 The General Format of Address E2 The Addresses of Dr Web Enterprise Server E3 The Addresses of Dr W
21. AUXILIARY see Figure 8 7 A fee Bs Be Ik Dr Web Enterprise Server Children 0 E Offline 0 r Online 13 H MAIN Parents 1 ig MAIN gy Peers 0 Figure 8 7 You may not connect two Servers installed with the same license key enterprise key You may not connect several Servers with the same pare of parameters password and the drwcsd pub public key Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server Hy For peer to peer connections between Servers it is recommended to set Server address in the settings for one of them only It will not take effect on the Servers interconnection but alows to avoid messages like Link with the same key id is already activated in the Servers log files Connection between two Dr Web Enterprise Servers can be failed because of e Network problems Wrong address of the main Server was set during connection setup Wrong drwcsd pub encryption public key at one of connecting Servers Wrong access password at one of connecting Servers passwords on connecting Servers are not matched The same enterprise key license key on both Servers License key enterprise key of connecting child Server matches with the license key of the child Server already connected to the main Server While creating connections between Servers you can specify update restrictions for the connected Servers To do this click in the Update rest
22. Ta 2 N ax 450 Index GUS see also manual updating 269 I icons Agent 93 hierarchical list 104 network scanner 68 116 installing Agent 51 53 Agent Active Directory 71 Agent remote 67 71 anti virus Server 32 44 Dr Web Browser Plugin 48 NAP Validator 78 proxy Server 79 interface Agent 91 93 anti virus Server 90 K key files 26 demo 28 encryption generating 373 receiving 26 see also registration 26 updating 277 L language Control Center 109 147 licensing 26 localschedule 187 M manual updating 269 metacharacters 387 mobile mode of the Agent 276 N NAP Validator 284 installing 78 setting 286 Network Installer 357 Scanner 67 network addresses 318 Enterprise Agent Installer 322 Enterprise Server 321 Network Scanner 115 165 179 notifications newbie parameters 309 repository updating 241 sending tothe users 215 templates parameters 310 O Office Control 212 Ta 2 N ax 451 Index P permissions Administrators 144 users 174 preinstalled groups 150 primary groups 160 proxy server configuration fie 347 functionality 280 installing 79 start stop 283 R registration Dr Web product 26 stations at the Server 165 regular expressions 383 385 removing groups 155 stations froma group 157 repository 239 simple editor 241 updating 272 restoring anti virus Server 437 DB database 430 rights Administrators 144 users 174 S
23. ax Appendices 383 Appendix K Regular Expressions Used in Dr Web Enterprise Security Suite Some parameters of Dr Web ESS are specified in the form of regular expressions Processing of regular expressions is performed via the Perl Compatible Regular Expressions PCRE library Detailed description of the PCRE library syntax is available at http www pcre org This appendix contains only a brief description of the most common examples for using regular expressions Ki Options Used in Regular Expressions Regular expressions are used in the configuration file and in the Dr Web Control Center when objects to be excluded from scanning in the Scanner settings are specified Regular expressions are written as follows qr EXP options where EXP is the expression itself options stands for the sequence of options a string of letters and qr is literal metacharacters The whole construction looks as follows qr pagefile sys i Windows NT OS swap file Below goes the description of options and regular expressions For more details visit http www pcre org pcre txt Option a is equivalent to PCRE_ ANCHORED If this option is set the pattern is forced to be anchored that is it is constrained to match only at the first matching point in the string that is being searched the subject string The same result can also be achieved by appropriate Ta J N ax Appendices constructs in t
24. lt user dn expr gt defines rules for translation of name to Ta J N ax Appendices the DN using regular expressions For example the same rule in different variants lt user dn user example com dn CN 1 DC example DC com gt lt user dn expr user example com dn CN 1 DC example DC com gt 1 9 defined the substitution place for values of the symbol or expression in brackets at the template According to this principle if the user name is specified as login example com after translation you will get DN CN lLogin DC example DC com lt user dn extension enabled gt allows the 1dap user dn translate ds from the extensions folder Lua script execution for translation usernames to DN This script runs after attempts of using the user dn user dn expr rules if appropriate rule is not found Script has one parameter specified username Script returns the string that contains DN or nothing If appropriate rule is not found and script is disabled or returns nothing specified username is used as it is Attributes of LDAP object for DN determined as a result of translation and their possible values can be defined by tags default values are presented lt DrWebAdmin attribute equivalent OID 1 3 6 lt admin attribute name value DrWebAdmin true v lt DrWebAdminGroupOnly attribute equivalent q lt readonly admin attribute name value DrWebAdmir lt DrWebAdminGr
25. Introduction Command line parameters have a higher priority than the default settings or other constant settings set in the Server configuration file Windows OS registry etc In some cases the parameters specified at launch also predetermine the constant parameters Such cases are described below Some command line parameters have a form of a switch they begin with a hyphen Such parameters are also called switches or options Many switches can be expressed in various equivalent forms Thus the switches which imply a logical value yes no disable enable have a negative variant for example the admin rights switch has a pair no admin rights with the opposite meaning They can also be specified with an explicit value for example admin rights yes and admin rights no Ta J N ax Appendices The synonyms of yes are on true OK The synonyms of no are off false If a switch value contains spaces or tabs the whole parameter should be put in quotation marks for example home c Program Files DrWeb Enterprise Suite When describing the syntax of parameters of separate programs optional parts are enclosed in brackets The names of switches can be abbreviated by omitting the last letters unless the abbreviated name is to coincide with the beginning of any other switch H2 Dr Web Enterprise Agent Interface Module The Agent interface module is run for each user who logs in to a comput
26. J N ax Appendices 417 Algorithm of attributes handling during authorization is the following 1 User attributes are read 2 If the DrWebAdmin attribute is set to TRUE when 2 1 If some attributes are missing and the DrWebInheritPermissions attribute is set to TRUE missing attributes are read from groups As soon as all attributes are set procedure of groups bypass stops Thus the sooner attributes are read the bigger priority they have Administrator access is confirmed 2 2 If some attributes are missing and the DrWebInheritPermissions attribute is set to FALSE or undefined administrator access is forbidden 2 3 If all attributes are set administrator access is confirmed 3 If the DrWebAdmin attribute is set to FALSI administrator access is forbidden 4 If the DrWebAdmin attribute is undefined when El 4 1 If the DrWebInheritPermissions attribute is set to TRUE attributes from groups are read Further similar to step 2 4 2 If the DrWebInheritPermissions attribute is set to FALSE or undefined similar to step 3 LDAP Authentication Settings are stored in the auth ldap xml configuration file General tags of the configuration file lt enabled gt and lt order gt similar to the Active Directory lt server gt specifies the LDAP server address lt user dn gt defines rules for translation of name to the DN Distinguished Name using DOS like masks
27. The Proxy server listens specified ports for incoming connections via given protocols according to the configuration file For each incoming connection from the Agent or Enterprise Server the Proxy server establishes a connection with Enterprise Server or Agent Network scanner which is launched from an external network in respect to the Agents is unable to locate the installed Agents network contains the Proxy server when for all stations connected to the Server via the Proxy server in the Dr Web Control Center the name of computer on which the Proxy server is installed will be shown instead of stations names w If the Replace NetBios name flag is set and anti virus Traffic Encryption and Compression Proxy server supports traffic compression Transferred data is processed regardless of whether traffic is compressed or not Proxy server does not support traffic encryption It analyzes transferred data and if traffic between Enterprise Server and Agent is encrypted Proxy server switches to the transparent mode i e transfers all traffic between Server and Agent without any data analyzing If encryption between Server and Agent is enabled Proxy server do not caching updates Caching Proxy server supports traffic caching 282 Ta J N ax Chapter 10 Configuring the Additional Components Products are cached by revisions Each revision stores in separate directory Directories with all next revi
28. The product status file is a text file in which the Server logs the revisions numbers of the product Usually the file contains a single number the current revision number The product will be synchronized if only the revision number on the GUS server is more than the current number The synchronization is performed in four stages 1 Two numbers are written to the id file lt new_revision gt lt previous_revision gt Thus it is marked that the product is in an incomplete transaction from lt previous_revision gt to lt new_revision gt 2 All changed files are received via HTTP and placed to the 332 Ta J N ax Appendices 333 respective subcatalogs with files of the following type lt original file name gt lt new_revision gt 3 The result of the transaction is written to the id file This can be a normal state but with a new number or a frozen state frozen if the sync delay rule has worked lt new_revision gt lt previous_revision gt frozen 4 If the state is not frozen new files replace the original files When the Server is rebooted after the id_ file is analyzed incomplete transactions roll back otherwise step 4 is performed F4 Examples of Administrating the Repository with a Modification of the Status File Full synchronization of a product stop the Server delete the content of the product folder except for the id and the config files e write
29. This service facilitates all basic operations necessary to assure anti virus protection of your network in the automatic mode To edit centralized schedule 1 Open the window for editing the schedule select the Network item in the main menu then select a group or workstation in the hierarchical list and click the Schedule item in the control menu panel on the left 2 You can add remove and edit tasks in the schedule You can also enable or disable any existing tasks this is described below By default for stations operated under Windows and Windows Mobile OS two tasks are available Startup scan enabled by default Daily scan disabled by default 3 After editing click Save in the Dr Web Control Center to save changes or a newly created tasks 184 Ta J N ax Chapter 7 Administration of Workstations If when edited the schedule is empty without any task the Dr Web Control Center will offer you to use either the schedule inherited from groups or the empty schedule Use empty schedule to override the schedule inherided fromthe groups To add a new task 1 To create a new task click New job on the toolbar Values of fields marked by the sign must be obligatory specified 2 On the General tab Give a name to the task in the Name entry field To enable the job set the flag Enable execution To disable the job clear the flag The job will remain on the list but will not be exe
30. alpha letters ascii character codes 0 127 blank space or tab only cntrl control characters e digit decimal digits same as qd graph printing characters excluding space 393 Ta J N ax Appendices lower lower case letters print printing characters including space punct printing characters excluding letters and digits space white space not quite the same as s upper upper case letters word word characters same as w xdigit hexadecimal digits Vertical bar Vertical bar characters are used to separate alternative patterns For example the pattern gilbert sullivan matches either gilbert or sullivan Any number of alternatives may appear and an empty alternative is permitted matching the empty string The matching process tries each alternative in turn from left to right and the first one that succeeds is used If the alternatives are within a subpattern defined below succeeds means matching the rest of the main pattern as well as the alternative in the subpattern Internal option setting The settings of the PCRE_CASELESS PCRE MULTILINE and PCRE EXTENDED options can be changed from within the pattern by a sequence of Perl option letters enclosed between 2 and The option letters are CI CI i for PCRE_CASELESS mforPCRE MULTILINE x forPCRE EXTENDED For example im sets
31. could redefine some variables but if they are not exported using the export command they will not take any effect To set variables do the following 1 Add variable definition to the etc init d drwcsd script file 2 Export this variable using the export command at the same place 3 When one more process will be run from this script this process will read values that have been set For Example To change log details level to maximum for the Server 1 Add the following lines to the etc init d drwcsd DRWCS LEV ALL export DRWCS LEV 2 Start the Server if it has been stopped etc init d drwesd start or service drwcsd start Or restart the Server if it has been run etc init d drwesd restart or service drwesd restart 3 The log details level will possess the ALL value Ta J N ax Appendices 372 H5 10 Configuring the Dr Web Enterprise Server Under UNIX System Based OS During Server installation under UNIX system based OS you will be prompt to configure some Server settings You can initiate the configuration of Server settings manualy the perl environment must be installed To do this run the configure pl script that can be found in following directories usr local drwcs bin for FreeBSD OS opt drwces bin for Linux and Solaris OS The start instruction format configure pl lt options gt Possible switches proxy server lt proxy_server
32. include it into the TCP Deny or TCPv6 Deny list To edit the address list 1 Specify the address in the corresponding field and click Save To add a new field click the ma button in the corresponding section To delete a field click fam The network address is specified as lt P address gt lt prefix gt Jila Lists for TCPv6 addresses will be available if the IPv6 interface is installed on the computer Examples 1 Prefix 24 stands for a network with a network mask 255 255 255 0 Containing 254 addresses Host addresses look like 195 136 12 226 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server 2 Prefix 8 stands for a network with a network mask 2550 00 Containing up to 16387064 addresses 256 256 256 Host addresses look like 125 The addresses not included into any of the lists are allowed or denied depending on whether the Deny priority flag is set If the flag is set the addresses not included into any of the lists or included into both of them are denied otherwise such addresses are allowed Restrictions for IPX addresses can be set similarly Database Tab On the Database tab a DBMS for storage of the centralized log of the Dr Web ESS anti virus and for its setting is selected For more read p Setting the Mode of Operation with Databases Alerts Tab The parameters in the Alerts tab allow to set up the mode of notifying the anti virus
33. locally accessible resource the folder should be accessible from the target stations Examples msiexec a ESSERVERADD Before administrative installation the destination directory for the Agent image see the TARGETDIR parameter should not contain the Enterprise Agent Installer for networks with Active Directory lt package_name gt msi After deployment the administrative package in the lt destination_dir gt Program Files DrWeb Enterprise Suite directory only the README txt file must resides ESS Agent msi qn RESS s rvername net ESSERVERPATH win_serv drwcs_inst drwcsd pub TARGETDIR comp share 73 Xa ZO Chapter 2 Installation and Removal of Dr Web 74 h d Enterprise Security Suite Components msiexec a ESS_Agent msi qn ESSERVERADDRESS 192 168 14 1 ESSERVERPATH C Program Files DrWeb Enterpris Server Installer drwcsd pub TARGETDIR comp share These parameters can alternatively be set in the graphic mode of the installer Next on a local network server where Active Directory administrative tools are installed appoint installation of the package see procedure below B To Set All Necessary Installation Parameters in the Graphic Mode Before administrative installation make sure that the A destination directory for the Agent image does not contain the Enterprise Agent I
34. lt Server_Address gt 9080 or https lt Server_Address gt 9081 where lt Server_Address gt is the IP address or domain name for the computer on which Enterprise Server is installed In the authorization dialog window specify the user name and password of the administrator by default administrator name is Ta J i ax Chapter 4 Getting Started General Information admin and the password is the same as was specified during Server installation see Installing the Dr Web Enterprise Server If registration at the Server is successful the main Dr Web Control Center window will be opened In this window information on the anti virus network managed from this Server can be viewed for details see p Dr Web Control Center Anti virus Network Managing Now you can administer the Server and the anti virus network create anti virus stations see Installing the Dr Web Enterprise Agent Software via the Dr Web Control Center e approve stations edit configure and remove anti virus stations see Administration of Anti Virus Stations configure and edit connections with neighbour Enterprise Servers see Peculiarities of a Network with Several Dr Web Enterprise Servers view logs of current and neighbour Servers and other data Main controls are placed on the main menu the control menu and the toolbar see Dr Web Control Center Connecting of Dr Web Enterprise Agent After the Agent has
35. non rectangular form of the logo helping to remove the undesirable background which supplements the informative part of the image to a rectangular shape For example if the image shown in figure 7 3 is used as a logo the purple background will be removed become transparent 218 Ta J 1 ax Chapter 7 Administration of Workstations 219 Figure 7 3 Nonstandard form Logo Before sending a message to user s especially to multiple users it is recommended to send it first to any computer with an installed Agent to check the adequacy of the result Ta J N ys Chapter 8 Configuring the Dr Web Enterprise Server Chapter 8 Configuring the Dr Web Enterprise Server 8 1 Setting the Dr Web Enterprise Server Configuration To set the configuration parameters of the Dr Web Enterprise Server 1 Select the Administration item in the main menu 2 Click Dr Web Enterprise Server Configuration in the control menu 3 A window for setting the Server configuration wil be opened Hy Values of fields marked by the sign must be obligatory specified General Tab The Name parameter sets the name of the Server If it is not specified the name of the computer where Enterprise Server software is installed is used The Threads parameter sets number of Server threads which are serving Agents Change the default setting on advice of the technical support only The DB connections parameter sets numbe
36. packages Therefore when you create a new account via the Control Center make sure that the Control Center connects to the Server using the IP address of the domain for which you create an account Otherwise you will not be able to connect to the Server when installing the Agent When you setting a connection between the Control Center and the Server make sure that the Server address is not a loopback 127 0 0 1 To create a new user via the Dr Web Control Center do the following 1 Select the Network item in the main menu of the Control Center 2 In the toolbar click ar Add a station or a group In the opened submenu select the a Add a station option A pane for the new user account creation will be opened in Ta J N Ws Chapter 2 Installation and Removal of Dr Web 55 Enterprise Security Suite Components the right pane of the Dr Web Control Center In the Count entry field specify the number of accounts to be created In the ID field unique identifier of created station will be generated automatically You can edit it if necessary In the Name field specify the station name that will be displayed in the anti virus network hierarchical list Further after the station is connected with the Server this name can be automatically changed to the station name which is specified locally In the Password and Retype password fields specify a password for accessing the Server When cre
37. select Network then click the name of a station or a group in the hierarchical list In the opened control menu panel on the left click the Dr Web Scanner for Windows item Scanner settings window opens This parameters list is the most complete and includes all parameter groups described below In the main menu of the Dr Web Contro Center select Network then click the name of a station or a group in the hierarchical list In the toolbar click Q Scan In the opened list at the toolbar select E Dr Web Scanner for 191 Ta N ys Chapter 7 Administration of Workstations Windows Custom scan The Scanner settings window wil be opened on the right pane This parameter list is shortened and allows to specify only basic settings included in the General Actions Log control and Miscellaneous tabs 3 In the main menu of the Dr Web Control Center select Network then click the name of a station or group in the hierarchical list In the toolbar click Q Scan In the opened list at the toolbar select Dr Web Enterprise Scanner for Windows The Scanner settings window will be opened on the right pane This parameter list is shortened and allows to specify only basic settings included in the General Actions and Excluded paths tabs General Tab With the Heuristic analysis flag set by default the Scanner makes attempts to detect unknown viruses In this mode the Scanner may give false positives though The Chec
38. upgrade child Servers to 6 0 version for repositories compatibility After upgrading of Dr Web Enterprise Server from 5 0 version to 6 0 2 version Do the following to ensure normal operation of Dr Web Control Center 1 Clear cache of the Web browser that is used to connect to Dr Web Control Center 2 Upgrade the Dr Web Browser Plugin Upgrading Dr Web Enterprise Server 6 0 X Version To upgrade Server software within of 6 0 X version delete the current Server software and install the new Server 261 Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components To upgrade the Dr Web Enterprise Server do the following 1 Stop the Server see Start and Stop the Dr Web Enterprise Server In case of using external DB save DB via SQL server loots If you plan to use any files besides files which are copied automatically during Server uninstall at step 4 backup these files manually For instance copy the report templates to a backup folder Remove the Enterprise Server software Install new Server see p Installing the Dr Web_ Enterprise Server for Windows OS In case of using external DB specify to create a new DB In case of using internal DB specify saved dbinternal dbs file Stop the Server see Start and Stop the Dr Web Enterprise Server In case of manual backup replace the files in the same folders from which you copied the files before new
39. var drwcs dbinternal dbs 439 Ta J i Frequently Asked Questions ax For all replaced files assign the same permissions as those set at the previous lost installation of the Server To upgrade the databases execute the folowing commands for Linux OS and Solaris OS etc init d drwcsd upgradedb for FreeBSD OS usr local etc rc d drwesd sh upgradedb for other supported versions opt drwcs bin drwcsd var root var drwcs log var drwcs log drwcsd log upgradedb update db 5 Launch Enterprise Server been made they will not be connected to the Server after the database has been restored from the backup You should remotely reset them to the newbie mode For that purpose on Dr Web Control Center Administration menu select Configure Dr Web Enterprise Server A Dr Web Enterprise Server configuration window will be opened On the General tab set the Reset unauthorized to newbie flag wy If some Agents were installed after the last backup had 440 Ta J N ax Frequently Asked Questions Upgrading Dr Web Enterprise Agents on the LAN servers When upgrading Agents installed on the LAN servers restarting stations or stopping a network software on such stations can be unwanted To avoid functionality downtime of stations that implement significant network functions the following upgrading mode of Agents and anti virus software is recommended 1 In the Server schedule change standard jo
40. 0 to the id file e launch the Server update the product 0 revision has a special meaning as it disables propagation therefore the empty status of the product is not propagated to the Agents Disabling of propagation 1 Stop the Server 2 Write 0 to the id file 3 Comment the sync with instruction in the config file to disable synchronization Ta 2 rt ax Appendices 334 4 Restart the Server 5 Update the product Shift from the frozen status to a new version 1 Replace the content of the id file lt new_revision gt lt previous_revision gt frozen with lt new_revision gt 2 Restart the Server 3 Update the product Roll back from the frozen status to the previous version replace the content of the id file lt new_revision gt lt previous_revision gt frozen with lt new_revision gt lt previous_revision gt restart the Server update the product At future attempts to synchronize to the lt new revision gt wy the repository will go into the frozen status again Saving an lt old revision gt with updates rejecting is reasonable when a suitable revision is available for example after successful tests in the lab Ta J N ax Appendices 335 Appendix G Configuration Files This section describes the format of the following files Configuration file of the Enterprise Server drwcsd conf Configuration file of the Proxy server drwcsd proxy x
41. Administrator accounts opens the panel for managing anti virus network administrator accounts see Management of Administrative Accounts Repository state lets you check status of the repository the date when repository components were last updates and their current status see Checking the Repository State Authorization opens the pannel to manage authentication methods for Dr Web Control Center administrators see Authentication of Administrators Configure repository opens the repository editor window see Editing the Configuration of the Repository Configure Dr Web Enterprise Server opens the panel with main settings of the Server see Setting the Dr Web Enterprise Server Configuration Dr Web Enterprise Server schedule opens the panel with Server task schedule settings see Setting the Dr Web Enterprise Server Schedule Edit templates opens the alert template editor window see Setting Alerts 4 Installations Network Scanner lets you specify a list of networks search for installed anti virus software in networks to determine protection status of computers and install anti virus software see Network Scanner 102 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface Network installation lets you simplify installation of the Agent software on certain workstations see Installing the Dr Web_ Enterprise__Agent__ Software th
42. Enterprise Agent uses the local copy of the settings and the anti virus protection on that computer retains its functionality up to the expiry of the user s license but virus databases and program files are not updated Updating of mobile Agents is described in p Updating Mobile Agents Basic Functions The Dr Web Enterprise Agent is designed to perform the following installs updates and sets up the anti virus package starts scannings and performs other tasks given by the Enterprise Server allows to call for execution the Dr Web anti virus package files through a special interface e sends the results of tasks execution to the Enterprise Server e sends notifications of predefined events in the operation of the anti virus package to the Enterprise Server 92 Ta J i ax Chapter 3 Components of an Anti Virus Network and Their Interface Every Enterprise Agent is connected to Enterprise Server and is included in one or several groups registered on this Server for more see p System and User Groups The Agent and Enterprise Server communicate through the protocol used in the local network TCP IP IPX or NetBIOS Hereinafter a computer on which Enterprise Agent is installed as per its functions in the anti virus network will be called a workstation while in the local network it can be functioning both as a server or a workstation Management Interface under Windows OS When run in the Windows OS
43. Execute the following command for deb packages dpkg i drweb esuite plugins linux lt distribution_version gt deb for rpm packages rpm i drweb esuite plugins linux lt distribution_version gt rpm for other systems tar bz2 and tar gz packages 1 Unpack the archive with browser plug in 2 Create a directory for browser plug ins if it is not exist For example for Mozilla Firefox browser mkdir usr lib mozilla plugins 3 Copy unpacked at step 1 library to the plug ins directory 50 Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components For example for Mozila Firefox browser cp libnp so usr lib mozilla plugins 2 3 Installation of the Dr Web Enterprise Agent under Windows OS Enterprise Agent should be installed under Administrator account of the respective computer If Enterprise Agent is installed on the computer you must uninstall the Agent before the installation Enterprise Agent and the anti virus package can be installed in two ways 1 Remotely on the Server through the network Performed by the anti virus network administrator No user interference required You can find detailed description in the Remote Installation of the Dr Web Enterprise Agent for Windows OS section 2 Locally directly on the user s machine May be performed both by the administrator or the user For installation you can use the f
44. HOSTS system file flag forbids modifications of the HOSTS file The operating system uses this file when connecting to the Internet for translation DNS names of some web sites to corresponding IP addresses Changes to this file may indicate virus infection The Protect critical system objects flag protects critical objects of the operating system such as register etc Network Tab On the Network tab you can find the parameters determining interaction with the Server Ta J N ax Chapter 7 Administration of Workstations In the Server field you can set the address of the Enterprise Server You may leave this field blank then the Agent will use as the address of Enterprise Server the value of the parameter set on the user s local machine the address of the Server from which the installation was initiated disconnect from the Server and will not be able to reconnect In this case you will have to set the Server address on the stations directly If the Server parameter is set incorrectly the Agents will eIn the Number of retries field set the parameter determining the number of attempts to find Enterprise Server via the connection using the Mulicasting mode In the Search timeout field set the interval between attemts to find Enterprise Server in seconds via the connection using the Mulicasting mode e The Compression mode and Encryption mode fields determine the compression and encryption settings of
45. If necessary copy other critical files you want to preserve to another folder other than Server installation folder For instance copy the Dr Web Control Center configuration file webmin conf and report templates which are stored in the var templates folder When installation completes you can replace the new files with the old ones 259 Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components Starting from version 5 0 anti virus package includes SpIDer Gate and Office Control components For using this components they must be included in you license Antivirus Antispam If you license does not include this components it is recommended to perform the actions described below If the Agent with an active self protection is installed on Sever computer the wizard prompts you to disable Dr Web SelfPROtect during update process Disable self protection in the Agent settings to continue updating the Server If you are using the ODBC for Oracle as an external database select the Custom option and in the opened window disable the installation of Oracle client in the Database support Oracle database driver section in the installer settings during the Server upgrading or reinstallation Otherwise Oracle DB functioning will fail because of the libraries conflict Upgrading Dr Web Enterprise Server 4 44 and 4 70 Vesrions Enterprise Server does not support upgrade for
46. In the opened window select LDAP authorization section 4 Set the Use LDAP authorization flag 5 Click Save You can configure authorization using LDAP protocol at any LDAP server Also you can use this mechanizm to configure the Server under UNIX system based OS for authorization in Active Directory on a domain controller Settings of LDAP authorization are stored in the auth ldap xml configuration file General xml attributes are described in the Appendix N Unlike to Active Directory this mechanizm can be configures to any LDAP scheme By default Server attributes are used as they were defined for Active Directory LDAP authorization process can be presented as the following 1 LDAP server address is specified via the Control Center or xml configuration file 2 For the specified user name the following actions are performed Translation of name to the DN Distinguished Name using DOS like masks with symbol if rules are specified Translation of name to the DN using regular expressions if rules are specified 143 Ta J N ax Chapter 5 Anti Virus Network Administrators 144 Custom script for translation of name to the DN is used if it is specified in settings If matches in translation rules are not found specified name is used as it is Format of user names specifying is not predefined and not fixed it can be any as it is accepted in the company i e forced modification of
47. OS to alow Server operations select Add Server ports and interfaces to firewall exceptions In the next window at first installation of the Server just click Next Encryption keys will be automatically generated during setup If you are instaling the Server for an existing anti virus network select the Use existing Dr Web Enterprise Server encryption keys flag and specify the file with the private key A fie with the public key wil be created contents of the public key will match the contents of the 38 Ta J N ax 10 11 12 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components previous public key Otherwise after the installation it will be necessary to copy the new encryption key to al workstations on which Enterprise Agents have been previously installed Next if you have selected the existing database at step 4 a window where you can specify a prearranged Server configuration file instead of that created by the installation program will appear In the next series of windows the main settings stored in the Server configuration file should be specified see Appendix G1 Dr Web Enterprise Server Configuration File The database configuration dialog window alows you to adjust the parameters of the used database These parameters depend on the database type specified in step 4 and the availability of the Server configuration file specified in step 9 If you are creating
48. Other Groups Stations Configuration settings of anti virus programs schedules and user permissions of a group or a workstation can be propagated to other 162 Ta AN ax Chapter 6 Groups Integrated Workstations Management groups and workstations To propagate settings 1 Right click the necessary station or group whose configuration settings you want to propagate and select the necessary item In the window for editing the configuration of the anti virus component the schedule or permissions click the Propagate these settings in one of the following locations the editor of anti virus component configuration S the schedule editor GS in the update restrictions window n in the installing components window A window of the network catalog will be opened 2 Select necessary groups and stations to which you want to propagate the settings 3 To enable changes in the configuration of these groups click OK to reject the action and close the window click Cancel 6 5 Comparison of Stations and Groups You can compare stations and groups by general parameters To compare several objects of the anti virus network 1 Inthe main menu select Network then select the objects you want to compare in the hierarchical list Use CTRL and SHIFT for this The following variants are possible e selection of several stations to compare selected stations e selection of several groups to compar
49. Scanner anti virus 188 375 Network 67 115 scanning automatic 183 manualy 188 schedule centralized 184 local 187 Server 236 updates 271 Server logging 235 settings Agent 179 anti virus package 169 anti virus Server 220 propagation 162 station 169 start Dr Web Enterprise Agent 96 Dr Web Enterprise Server 90 station adding to a group 157 administration 165 approving 165 configuration inheriting 160 newbie 165 179 Aq P P v 452 Index station properties 169 removing froma group 157 scanning 183 188 settings 169 settings propagation 162 statistics 202 unapproved 165 user account creating 53 statistics station 202 status fie 332 333 switches start instruction Agent 354 anti virus Server 360 Interface Module 352 Network Installer 357 synchronization components 269 system requirements 20 288 T traffic composition 130 compression 229 encryption 229 U unapproved stations 165 uninstalling Agent 82 Agent Active Directory 85 anti virus package 82 anti virus Server 82 85 ant virus components 169 Dr Web Browser Plugin 82 87 update restrictions 274 update restrictions 274 updating Agent 276 anti virus network 254 Dr Web ESS 258 force 269 key files 277 manual 269 mobile mode 276 notifications 241 repository 272 scheduled 271 upgrading Server for UNIXOS 263 Server for Windows OS 258 user account station creating 53 2004 2011 Doctor Web
50. Suite Components and security model Classic local users authenticate as themselves e Windows Extra configuration is not required Server 2003 eas 1 Enable the File sharing option Control Panel gt ista A Network and Internet Network and Windows 7 Sharing Center Sharing and discovery Windows File Sharing Enable Server ae 2008 2 Enable the local administrator account and set a password for it Use this account during installation Control Panel System and Maintenance Administrative Tools Computer management Local Users and Groups Users Click the Administrator item clear the Account is disabled flag OK Right click the item Change password set the password If user account at the remote computer has the empty password set the access policy with empty password in local policies Control Panel Administrative Tools Local Security Policy Security Settings Local Policies Security Options Accounts Limit local account use of blank passwords to console logon only Disabled file drwinst exe and the public encryption key drwcsd pub on the network wy It is necessary to share the location of the Agent Installer Ta 2 N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 2 4 1 Installation of the Dr Web Enterprise Agent Software via the Dr Web Control Center In the Dr Web Control Cent
51. administrator name MSG AdminAddress Dr Web Control Center address AutoApproved_Newbie no variables are available Awaiting Approval no variables are available Cannot _Add Station MSG ID station UUID Sanz GF Appendices 313 Connection Terminated Abnormally MSG Reason reason for the termination Infection MSG Component component name SG RunBy component is launched by this user SG ServerTime event receipt time GMT MSG ObjectName infected object name MSG ObjectOwner infected object owner SG InfectionType infection type SG Virus virus name o o o MSG Action curing action Installation_Bad MSG Error error message Installation_OK no variables are available License_Limit MSG Used number of stations in the base MSG Licensed permitted by license is sent when the number of registered stations is approaching the license limit namely less than 5 of the license limit or less than two stations is unused Near_Max_Stations MSG Used number of stations in the base MSG Licensed permitted by license MSG Percent the percentage of free licenses is sent at every Server launch in case the Server is launched with a key allowing a lesser number of stations than it already has Newbie _Not_Allowed no variables are available Ta N ax Appendices 314 Not_S
52. as default for all sections of statistics data When you open the page for the first time statistics will be displayed for this time interval You can change the time interval at statistics pages directly if necessary Set the Save last interval for statistics data flag to save the interval specified last time at statistics sections If the flag is set when you open the page for the first time statistics will be displayed for the last period specified at the Web browser If the flag is cleared when you open the page for the first time statistics will be displayed for the period specified in the Default interval for statistics data drop down list Authorization Set the Automatic authorization flag to allow automatic authorization for all Control Centers with the same administrator s login and password in the current browser After setting this flag login and password specified by administrator at next logon in the Control Center will be saved via the Dr Web Browser Plugin Automatic authorization option requires Dr Web Browser Plugin Further for any Control Center in this web browser authorization 112 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface will be proceeded automatically if the user with these login and password is registered at the Server If the login and password do not much e g such user is not registered or the user with this name has the different p
53. availability of your Internet connection Check that the Internet Protocol is properly configured and DNS server settings are specified correctly The anti virus software and virus databases can be updated either manually or through the schedule of a Server or an Agent databases you should set the configuration of the repository including access to the Dr Web Global Update System as described in p Editing the Configuration of the Repository w Before updating the anti virus software and virus 9 1 Upgrading Dr Web Enterprise Security Suite 9 1 1 Upgrading Dr Web Enterprise Server for Windows OS Two modes of upgrading the Server to 6 0 2 version are available 1 Upgrading the Server of 5 0 version can be done automatically by using the installer 2 To upgrade Server software within of 6 0 X version delete Server software of current versions and install the new Server A N T A A A yy v Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components During deleting of the Server manually or upgrading by using the installer the following files will be backed up automatically dbinternal dbs internal database drwesd conf Server configuration file the name may vary drwesd pri and drwcsd pub encryption keys enterprise key and agent key Server and Agent license key files names may vary certificate pem SSL certificate private key pem RSA private key
54. can be set up later Specify appropriate Server access values in the Interface and Port fields By default interface is set to 0 0 0 0 which means that the Server can be accessed via any interface By default port 2193 is using but also port 2371 is supported for compatibility with anti virus software older versions To limit the local access to the Server set the Restricted access to Dr Web Enterprise server flag The Installer Agents and other Servers in case of an existing anti virus network buit with Dr Web Enterprise Security Suite will not be able to access the Server You can change these settings later through Dr Web Control Center menu Administration Dr Web Enterprise Server Modules Set the Server detection service flag if you want the Server to answer broadcast and multicast queries of other Servers To specify the default network settings click Standard in the bottom of the window In case you want to limit the Server operation only to the internal network interface 127 0 0 1 clck Restricted With such settings the Server can be administrated only from the Dr Web Control Center launched on the same computer and communicate only with the Agent launched on the same computer In future after the Server settings have been checked out you will be able to change them 40 Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 14 If you selected creation
55. can do this in configuration file or via the Dr Web Control Center Configure Dr Web Enterprise Server Database tab Installation and Supported Versions Please download the latest available version of this free product the PostgreSQL server and correspondent ODBC driver otherwise do not use the version earlier than 8 2 PostgreSQL DMBS is compatible with the following platforms Linux Solaris OpenSolaris Win32 MacOS X FreeBSD For more information about conversion to the external database see 305 Ta J i ax Appendices 306 p Changing the Type of the DBMS for Dr Web Enterprise Securit Suite For more information about installation of Enterprise Server using external database see step 10 in p Installing the Dr Web Enterprise Server for Windows OS Please mind that the ANSI version of the ODBC driver can be used starting from PostgreSQL 8 2 4 version only The Unicode ODBC driver will work fine in all versions Installation for 64 bit systems PsqlIODBC driver for x64 systems is not supplied by an official developer However according to the PostgreSQL DBMS official web site prerelease installation packages can be installed You can download these packages for instance using following links http www enterprisedb com products pgdownload do windows code google com p visionmap wiki IODBC http www geocities jp inocchichichi psqlodbc index html After installation of the ODBC dr
56. caseless multiline matching It is also possible to unset these options by preceding the letter with a Ta J N ax Appendices hyphen and a combined setting and unsetting such as im x which sets PCRE_CASELESS and PCRE_MULTILINE while unsetting PCRE_EXTENDED is also permitted If a letter appears both before and after the hyphen the option is unset Subpatterns Subpatterns are delimited by parentheses round brackets which can be nested Turning part of a pattern into a subpattern does two things 1 It localizes a set of alternatives For example the pattern cat aract erpillar matches one of the words cat cataract or caterpillar Without the parentheses it would match cataract erpillar or the empty string 2 It sets up the subpattern as a capturing subpattern Opening parentheses are counted from left to right starting from 1 to obtain numbers for the capturing subpatterns For example if the string the red king is matched against the pattern the red white king queen the captured substrings are red king red and king and are numbered 1 2 and 3 respectively The fact that plain parentheses fulfil two functions is not always helpful There are often times when a grouping subpattern is required without a capturing requirement If an opening parenthesis is followed by the subpattern does not do any capturing and is not coun
57. click the item A Group Policy Object Editor window will be opened 4 In the hierarchical list select Computer configuration Software settings Software installations Package Then on the context menu select All tasks Uninstall OK 5 On the Group Policy tab click OK 6 Enterprise Agent will be removed from the stations at the next registration in the domain 2 7 3 Uninstalling the Dr Web Enterprise Server Software for UNIX System Based OS Deinstallation should be carried out under the superuser account root To remove Dr Web Enterprise Server 1 Execute the following command FreeBSD OS pkg_delete drweb esuit Ta 2 i ys Chapter 2 Installation and Removal of Dr Web 86 Enterprise Security Suite Components Solaris OS Linux Debian ee Ubuntu 1 Stop the Server etc init d drwcsd stop 2 Runthe command pkgrm DWEBesuite dpkg r drweb esuit rpmpackage rpm drweb esuit generic opt drwces bin drweb esuite package uninstall sh Deinstallation can be interrupted at any time by sending any of the following signals to the process SIGHUP SIGINT SIGTERM SIGQUIT and SIGWINCH on FreeBSD OS changing the dimensions of the terminal window entails sending a SIGWINCH signal Deinstallation should not be interrupted without necessity or it should be done as early as possible 2 On Solaris OS you will be asked to confirm that you really want to u
58. data Specify number of days after which statistic data about workstations but not stations themselves should be considered outdated and be deleted Periods for deleting statistics data for different types of records are set separately 90 days If you decrease the value the statistics on the operation of the anti virus network components will be less representative If you decrease the value the Server may need more resources w The period set for a Purge records task by default equals 8 4 Administration of the Dr Web Enterprise Server Repository 8 4 1 Introduction The repository of Enterprise Server is designed to store benchmark copies of the anti virus software and update them from GUS servers The repository deals with sets of files products Each product resides in a separate subfolder of the repository folder located in the var folder which in case of installation with the default settings is lodged in the Server root folder In the repository each product is dealt with separately To administrate the updating in the repository product revisions are used A revision is a correct state of product files at a certain time including file names and checksums and has its unique number 239 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server The repository synchronizes revisions of products as follows a to Enterprise Server from the product update site via HTTP For Server 5 0 and l
59. defined at this stage they are searched in groups to which the user is included to For each group its parental groups are checked search strategy inward If any error occurs transition to the next authentication mechanizm is performed The drwschema modify exe utility is included to the Server distribution kit creates in Active Directory a new object class and defines new attributes for this class Attributes have the following OID in the Enterprise space define define define define define define DrWeb enterprise OID Deweb DrWeb OID DrWeb Enterprisesuite OID DrWeb_ Alerts OID DrWeb Vars OTD DrWeb_ AdminAttrs OID Ul Sleloroedhe le aku DrWeb enterprise OII DrWeb DrWeb OID DrWeb EnterpriseSuit DrWeb EnterpriseSuit DrWeb EnterpriseSuit A i 3 6 2 4 1 29690 1 3 1 AKA iso org dod internet j de de de de de de de de fine fine fine fine fine fine fine fine DrWeb Admin OID DrWeb AdminReadOnly OID DrWeb_ AdminGroupOnly OID DrWeb_ AdminGroup_ OID DrWeb Admin AttrName DrWeb AdminGroup AttrName DrWeb_ AdminReadOnly AttrName DrWeb_ AdminGroupOnly AttrName DrWeb AdminAttrs OIL DrWeb_ AdminAttrs OI DrWeb AdminAttrs OI DrWeb_ AdminAttrs OI DrWebAdmin DrWebAdminRe e DrWebAdminGr DrWebAdminGr Editing settings of Active Directory users is implemented manually at the Active Directory server see p Authentication _of Administrators 416 Ta
60. derived from the Server key file enterprise key The User and the Password fields describe the authorization on the web server other fields determine the proxy server and the authorization on it By default the fields are empty no authorization required To get access to data collected on the statistics server contact the customer support at support drweb com Encryption lt mode gt Traffic encryption mode Possible values Yes No Possible default is Yes For more read p Traffic Encryption and Compression Compression lt mode gt Traffic compression mode Possible values Yes No Possible default is No For more read p Traffic Encryption and Compression InstallAccess AgentAccess and LinksAccess parameters are not displayed in the configuration file unless the Use this ACL flag is set for more see p Setting the Dr Web Enterprise Server Configuration If this flag is set the displayed value for disabled parameters is none For enabled 339 Ta J N ax Appendices 340 parameters the specified addresses will be displayed Database lt DRIVER gt from lt PATH gt using lt PARAMETERS gt Determination of the database lt DR VER gt database driver name lt PATH gt path where the driver is to be loaded from lt PARAMETERS gt connection parameters between the Server and the database Read more in p Setting the Mode of Operation with Databases wy This instr
61. detection of a virus read p Setting Alerts on how to configure alerts Ignore skip the object without performing any action or displaying a notification 195 Ta J i ax Chapter 7 Administration of Workstations 196 Table 7 3 Reactions of Scanner to various virus events Cure Delete Sp au a Quarantine d ay Rename ae i 44 Report Ignore de Conventions action is enabled for this type of objects action is set as default for this type of object To set actions on virus threats detection use the following options In the Pattern used for renaming files field specify an extension mask applied to renamed files if you specify Rename actions for them By default it is i e the first character of the extension is replaced with The extension can be changed but standard extensions EXE COM BAT DOC PAS BAS etc should not be used instead In the Adware drop down list set the Scanner reaction to the detection of this type of unsolicited software compared to when you select to Report user on virus detection that is no warning is displayed and detection of an adware program is ignored wy If you select to Ignore no action is performed as e In the same way setting the Scanner reaction to the detection of other types of unsolicited software such as e Dialers e Jokes Ta J N ax Chapter 7 Administration of Workstations 197 e Ris
62. document explains how to organize a complex anti virus protection of computers of your company namely how to install the program build an anti virus network configure and update ESS components to assure the ultimate anti virus protection The second part of the document Appendices provides technical information describes the parameters necessary for adjustment of the modules explains the syntax and values of instructions The Manual does not include the description of Dr Web anti virus packages for protected computers For relevant information please consut Dr Web Anti Virus for Windows User Manual Before reading this document make sure you have the latest version of the Administrator Manual The Manual is constantly updated and the current version can always be found at the official web site of Doctor Web at http download drweb com esuite ie Ta J i ax Chapter 1 Welcome to Dr Web Enterprise 14 Security Suite 1 2 Conventions and Abbreviations Conventions The following conventions are used in the Manual Table 1 1 Conventions wy Marks important notes or instructions Note that Warns about possible errors Warning Dr Web ESS Names of Dr Web products and components Anti virus network A termin the position of a definition or a link to a definition lt P address gt Placeholders Cancel Names of buttons windows menu items and other program interface elements CTRL Keyboard ke
63. during its To change the access mode of stations to the Dr Web Enterprise Server 1 Open the Server configuration select the Administration item in the main menu then click Configure Dr Web Enterprise Server in the control menu 2 On the General tab in the Newbie drop down list select the necessary option Approve access manually the mode is specified by default unless changed at the Servers installation Allow access automatically Always deny access Manual Access Approving In the Approve access manually mode new stations are placed to the Unapproved stations list until administrator submits them To access the Unapproved stations list 1 Select the Administration item in the main menu of the Dr Web Control Center then click Unapproved stations in the control menu 2 In the opened window the table of stations with installed Agents requesting the Server access and the following 166 Ta AN Ws Chapter 7 Administration of Workstations general information about stations are listed time of request network name IP address of a station and OS installed at a station 3 To specify an access to the Server set flags for corresponding stations or set the flag in the table header to select all stations On the toolbar set the action to apply for selected stations T approve access for selected stations and set the primary group from the offered list deny access for selected
64. environment Enterprise Agent displays an icon in the Taskbar The icon visual representation depending on components state is listed in the Table 3 1 Table 3 1 The icon visual representation a The black picture on the The Agent is operating green background normally and is connected to the Server amp A crossed Server icononthe The Server is unavailable basic background Al An exclamation mark in a The Agent requests to restart yellow triangle over the the computer or components icon SelfPROtect or Spider Guard are disabled CIN The background of the icon An error occurred during changes color from green to updating of the package red components EJ The background of the icon The Agent is stopped or not is constantly red running 93 Sa lt gt Chapter 3 Components of an Anti Virus Network 94 h d and Their Interface EJ The background of the icon The Agent is working in the is yellow mobile mode for more see p Updating Mobile Agents Some administrative functions over the anti virus workstation are accessible through the context menu of this icon which is shown in Figure 3 1 Ta J N s Chapter 3 4 qa 64 Components of an Anti Virus Network 95 and Their Interface Language Resync now Settings Run mode Schedule vvv v v Mobile mode gt Statistics Status Scanner Quarantine Firewall log Firewall settings Office Control settings SpIDer Gate s
65. following address http lt Server_address gt lt port_number gt install where lt Server_address gt is the IP address or DNS name of the computer on which Enterprise Server is installed And the lt port_number gt should be 9080 or9081 for https 2 3 2 Installation of the Dr Web Enterprise Agent via the Installation Package To install the Agent and anti virus package do the following 1 Via the Control Center Create an account for a new user at the Server Get a link to download the Agent installation file 2 Send the Agent installer link to the customer 3 Install the Agent on a workstation As a rule users install Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 54 Enterprise Agent software on their computers independently 4 The new anti virus workstation wil be automatically authorized at the Server by default see also p New Stations Approval Policy 2 3 2 1 Creation of a New User Account To create a user account or several user accounts use the Dr Web Control Center Make sure that the ServerName parameter in the configuration file webmin conf has the value of the following format lt Server_address gt 9080 where lt Server_address gt is IP address or DNS name of the computer with the Enterprise Server installed The name of the Server to which the Control Center A connects is specified in Enterprise Agent installation
66. for administration Figure 2 2 Flowchart of the installation procedure when a new DB is created click any block in the flowchart to see its description Ta J i ak Chapter 2 Installation and Removal of Dr Web 36 Enterprise Security Suite Components Procedure with old DB Step 6 E omplete installation Step 7 Set catalog Set components catalogs Set parameters of the Step 8 templates and logging YES Use old primary key Step 9 Set pri file NO Use config file of the ET Step 10 ki Server Set drwcsd conf file Y Step 11 Select DB driver nternal DB YE o Step 12 Set DB file Set DB file dbs Set DB parameters 3 Step 13 Set network parameters Set proxy and statistics Figure 2 3 Flowchart of the installation procedure when an existing DB is used click any block in the flowchart to see its description To install the Dr Web Enterprise Server on a computer operated by Windows OS 1 Run the distribution file A window for choosing the language of the Installation Wizard will be opened Select the necessary language and click Next 2 If Dr Web Enterprise Security Suite software is installed Ta J N Ws Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components on you computer and Dr Web SelfPROtect is enables the wizard prompts you to disable it Disable SelfPROtect and click OK to continue installati
67. gt set the proxy server e user lt proxy_user gt set the proxy server user e password lt proxy_password gt set the proxy user account password stat server lt stat_server gt set the statistics server stat drweb com 80 would be apropriate e url lt url_on_server gt set the url on statistics server update by default e interval lt send_interval gt set the interval between statistics sending initbase initialize server database upgradebase upgrade server database interactive enter the interactive mode skip proxy 1 skip one of the interactive stages e stat 1 e initbase 1 e upgradebase 1 Ta AN ax Appendices 373 verbose show detailed information help show help message H6 Administrating Utility of the Internal Database The administrating utility of the internal DB resides in the following folders for Linux OS and Solaris OS opt drwcs bin for FreeBSD OS usr local drwcs bin for Windows OS lt Server_installation_folder gt bin by default the Server installation folder is C Program Files DrWeb Enterprise Server The start instruction format drwidbsh lt path_to_DB_file gt The program operates in the text dialog mode it waits for instructions from a user the instructions begin with a period To receive help on other instructions type help For more information use reference manu
68. gt nonterminal symbol e symbol for selecting one of the given elements 2 symbol or group of symbols to the left of the operator is not obligatory may occur 0 or 1 time symbol or group of symbols to the left of the operator may be repeated any number of times or may be omitted symbol or group of symbols to the left of the operator may occur 1 or more times any symbol from the specified range period at the end a reserved character which indicates completion of a rule Format of the Server configuration file lt instruction gt lt parameter gt lt value gt lt comment gt lt parameter gt lt word gt lt value gt lt word gt lt separator gt lt word gt a zA Z 0 9 lt reserved_character gt lt reserved_character gt amp amp r amp t n av Perms E pee E I gt eres G lt separator gt s t r n Ef Ta N ax Appendices The configuration fie has a text format The main structural elements of this file are words separated by separators spaces tabs carriage returns line feeds and format characters In addition a sequence of characters included in straight quotation marks is considered a word Special sequences of two characters beginning with an ampersand amp can be included in a word not breaking it They are interpreted as f
69. in the Name entry field For nested groups in the Parent group field select a parental group from the drop down list For a root group without a parent leave this field blank The group will be added to the root of the hierarchical tree In this case settings are inherited from the Everyone group Type comments in the Description entry field optional Click OK The groups you create are initially empty Procedure of including workstations to groups is described in the Adding a Station to a Group Removing a Station from a Group section 154 Ta J N ax Chapter 6 Groups Integrated Workstations 155 Management Deleting Groups To delete a group 1 Select the user group in the hierarchical list 2 Click General gt Remove selected objects on the toolbar wy You cannot delete preinstalled groups 6 2 2 Editing Groups To edit group settings 1 Select the Network item in the main menu of the Dr Web Control Center then select the group in the hierarchical list 2 Click Properties in the control menu left pane 3 Window with the group settings will be opened This window contains General and Configuration tabs These settings are described below wy If you open group permissions via the General L Edit item on the toolbar the Stations information section with general information about stations included to this group will be also available 4 Click Save to save all changes
70. information to the DB Possible values Yes or No TrackAgentModules lt value gt Enable writing to the DB the list of the Anti virus modules at the station Possible values Yes or No TrackAgentComponents lt value gt Enable writing to the DB the list of Anti virus components Scanner Monitors etc that are installed at the station Possible values Yes or No KeepRuninformation lt value gt Enable writing to the DB information on starting and stopping events of Anti virus components Scanner Monitors etc at stations Possible values Yes or No KeepiInfections lt value gt Enable writing to the DB statistic data about infections detected at the stations Possible values Yes or No KeepScanErrors lt value gt Enable writing to the DB information on all errors occurring during scanning at the stations Possible values Yes or No KeepScanStatistics lt value gt Enable writing to the DB results of stations scanning Possible values Yes or No KeepiInstallation lt value gt Ta J N ax Appendices 343 Enable writing to the DB information on Agent installations at the stations Possible values Yes or No Quarantine lt value gt Enable writing to the DB stations Quarantine state Possible values Yes or No UpdatesBandwidth lt value gt Maximal network traffic bandwidth in KB for updates from Server to Agents 0 value means unlimited bandwidth Audit lt val
71. installation and configuration Using the CREATE DATABASE SQL command For more information on creating and configuring Oracle instances see Oracle documentation L In case of using a different encoding national symbols may be displayed incorrectly A client to access the database Oracle Instant Client is included in the installation package of Dr Web ESS Platforms supported by the Oracle DBMS are listed on the web site of the vendor http www oracle com technology software tech oci instantclient index html Dr Web ESS supports the following versions of the DBMS Oracle9i Database Release 2 9 2 0 1 9 2 0 8 and higher Parameters To adjust access to the Oracle DBMS use the parameters described in Table B 3 Table B 3 Parameters of the Oracle DBMS drworacle Driver name 300 Ta J i ax Appendices 301 User Database user name obligatory Password User password obligatory ConnectionString Database connection string obligatory The format of the connection string to the Oracle DBMS is as follows lt host gt lt port gt lt service name gt where lt host gt IP address or name of the Oracle server lt port gt port listening to the server e lt service name gt name of the DB to connect to For Example myserverl11 1521 bjava21 where myserverl111 name of the Oracle server 1521 port listening to the server bja
72. is prevented from backtracking into it Backtracking past it to previous items however works as normal An alternative description is that a subpattern of this type matches the string of characters that an identical standalone pattern would match if anchored at the current point in the subject string Atomic grouping subpatterns are not capturing subpatterns Simple cases such as the above example can be thought of as a maximizing repeat that must swallow everything it can So while both d and 399 Ta J N ax Appendices d are prepared to adjust the number of digits they match in order to make the rest of the pattern match gt d can only match an entire sequence of digits Atomic groups in general can of course contain arbitrarily complicated subpatterns and can be nested However when the subpattern for an atomic group is just a single repeated item as in the example above a simpler notation caled a possessive quantifier can be used This consists of an additional character folowing a quantifier Using this notation the previous example can be rewritten as d foo Possessive quantifiers are always greedy the setting of the PCRE_UNGREEDY option is ignored They are a convenient notation for the simpler forms of atomic group However there is no difference in the meaning or processing of a possessive quantifier and the equivalent atomic group When a pattern contains an unlimited repeat inside a
73. is selected specify the list of scanned paths how to specify paths is described below For the Enterprise Scanner for Windows also the following flags are available The BurstScan technology flag instructs to use this technology which considerably increases the scanning speed on modern systems The Low priority scan flag is set by default and ensures lower Scanner load on computing recourses of a system Meanwhile other processes could have higher priority as compared to when the option is disabled The load is reduced by dynamical adjustment of thread priorities in the scan process The Scan containers flag instructs the Scanner to search for viruses in files within file containers of different types The Actions after scan list instructs to perform specified action automatically when scan completes shutdown reboot set the corresponding mode or do nothing with the station The Disable network while scanning flag instructs to disable network and Internet connections during scanning process In the Limitations section the following settings are available Maximum time for scanning one file the maximum file scanning time in milliseconds When the specified time expires Scanner stops the scan Maximum archive nesting level the maximum nesting level for archived files During scan Scanner proceeds unpacking and scanning the archive until this limit is exceeded Ta J N ax Chapter 7 Administrati
74. its creation in the Selected objects section for the station selected in hierarchical list See also the Installation Files section 12 Further actions to install the Agent described below Enterprise Agent should be installed by a user with the administrator rights to the computer If anti virus software has already been installed on a workstation then before starting installation the installer will attempt to remove it If the attempt fails the user will have to uninstall the anti virus software from his computer by himself 2 3 2 2 Installation of the Dr Web Enterprise Agent and Anti Virus Package To install the anti virus software Dr Web Enterprise Agent and anti virus package 1 Download Agent installation file To do this follow the link generated in the Contro Center 2 Run the downloaded esinst exe file at the station A window of the Installation Wizard of the Dr Web anti virus will be opened 3 Before installation Wizard asks you to confirm that there is no anti virus programs on you computer Make sure that there is no anti virus software including other versions of Dr Web programs installed on your computer and set the I do not have other anti viruses installed on my Ta 2 rt ax Chapter 2 Installation and Removal of Dr Web 57 Enterprise Security Suite Components computer flag Click Next 4 Inthe next window choose the type of installation Quick Recommended the
75. logs that reside in folder specified in the following switch Switches for Windows OS Only minimized for Windows only if run not as a service but in the interactive mode minimize a window screen size lt size gt for Windows only if run not as a service but in the interactive mode log size in lines displayed in the Server screen the default value is 1000 trace to log in detail the location of error origin Switches for UNIX system based OS Only etc lt path gt path to the etc lt var gt etc directory pid lt file gt a file to which the Server writes the identifier of its process Ta J N ax Appendices 369 syslog lt mode gt instructs logging to the system log Possible modes auth cron daemon kern lpr mail news syslog user uucp local0 1local7 and for some platforms ftp authpriv user lt user gt group lt group gt available for UNIX OS only if run by the root user it means to change the user or the group of process and to be executed with the permissions of the specified user or group H5 9 Variables for UNIX System Based OS Only To make the administration of the Server under UNIX system based OS easier administrator is provided with variables resided in the etc init d drwcsd script file Correspondence between variables and command switches for the drwcsd is described in the Table H 1 home var
76. lookbehind assertions to specify efficient matching at the end of the subject string Consider a simple pattern such as abcds when applied to a long string that does not match Because matching proceeds from left to right PCRE will look for each a in the subject and then see if what follows matches the rest of the 404 Ta J N ax Appendices pattern If the pattern is specified as abcds the initial matches the entire string at first but when this fails because there is no following a it backtracks to match all but the last character then all but the last two characters and so on Once again the search for a covers the entire string from right to left so we are no better off However if the pattern is written as gt lt abcd or equivalently using the possessive quantifier syntax lt abcd there can be no backtracking for the item it can match only the entire string The subsequent lookbehind assertion does a single test on the last four characters If it fails the match fails immediately For long strings this approach makes a significant difference to the processing time Using multiple assertions Several assertions of any sort may occur in succession For example lt d 3 lt 999 foo matches foo preceded by three digits that are not 999 Notice that each of the assertions is applied independently at the same point in the subject
77. lt crossed computer Anti virus software on the station is icon uninstalled If station or group has a personal settings or group wy includes stations with personal settings this group or station has a sign over its icon in the hierarchical list E g if an available workstation with installed anti virus software has a personal settings its icon looks as follows F iia To display icons with personal settings select the Tree settings item on the toolbar and set the Display personal settings flag Management of the anti virus network catalog elements is carried out via the toolbar of the hierarchical list Toolbar The toolbar of the hierarchical list contains the following elements General Manage the general parameters of the hierarchical list Select the corresponding item in the drop down list Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface X Remove selected objects Remove an item s from the hierarchical list Select the item s in the list and click Remove selected objects L Edit Opens settings of the station or group in the right pane of the Dr Web Control Center Become primary Determine the selected group as primary for all workstations in it M Set a primary group for the stations Assign a primary group for selected workstations If a group is selected in the hierarchical list instead of workstations the specified primary group will be assigned to al
78. may include both a formal description of the event and the values of certain event relevant variables For example 1 20081023 171700 74 inf 001316 mth 12 Sch Job Purge unsent IS events said OK where 20081023 lt year gt lt month gt lt date gt 171700 lt hour gt lt minute gt lt second gt 74 lt hundredth_of_second gt inf lt message_type gt 001316 lt process_id gt mth 12 lt thread_name gt Sch lt message_source gt Job Purge unsent IS events said OK lt message gt about the correct performance of the Purge unsent IS events job 2 20081028 135755 61 inf 001556 srv 0 tcp 10 3 0 55 3575 025D4F80 2 new connection at tcp 10 3 0 75 2193 A Q T A A v Appendices where 20081028 lt year gt lt month gt lt date gt 135755 lt hour gt lt minute gt lt second gt 61 lt hundredth_of_second gt inf lt message_type gt 001556 lt process_id gt sxrv 0 lt thread_name gt tcp 10 3 0 55 3575 025D4F80 2 new connection at tcp 10 3 0 75 2193 lt message gt about having established a new connection through the specified socket Appendix M Custom Extensions The extensions implemented as a lua scripts are meant for automation of the administrator work enabling quicker performance of certain tasks of the Enterprise Server These scripts are located in the folder for Windows
79. most simple type of installation e Custom the type of installation that allows you to choose anti virus components to install on your computer e Administrative the most detailed type of installation Allows you to set change all parameters of installation and anti virus software 5 If you choose Custom or Administrative types of installation in the next window you will be offered to overview the components of Dr Web anti virus package Set the flags for components you want to install on your computer In the Installation folder field specify the path to install the anti virus software To set change the default path click the Browse and specify the necessary path Click Next For the Custom type of the installation go to the step 9 6 If you choose Administrative type of installation in the next window specify the settings of Network installer e In the Dr Web Enterprise Server field set the network address of the Server from which the Agent and the anti virus package will be installed If you specified Server address while launching the installer it will be automatically set in this field If you use the installer created in the Control Center the Dr Web Enterprise Server field will be set automatically Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components If you do not know the Server address click the Find button The window for network searching of act
80. need not be the last character of the pattern if a number of alternatives are involved but it should be the last item in any branch in which it appears Dollar has no special meaning in a character class The meanings of the circumflex and dollar characters are changed if the PCRE MULTILINE option is set When this is the case they match immediately after and immediately before an internal newline character respectively in addition to matching at the start and end of the subject string For example the pattern abc matches the subject string def nabc where n represents a newline character in multiline mode but not otherwise Consequently patterns that are anchored in single line mode because all branches start with are not anchored in multiline mode and a match for circumflex is possible when the startoffset argument of pcre _exec is non zero Full stop period dot Outside a character class a period in the pattern matches any one 391 Ta AN ax Appendices character in the subject including a non printing character but not by default newline The handling of period is entirely independent of the handling of circumflex and dollar the only relationship being that they both involve newline characters Period has no special meaning in a character class Square brackets and character classes An opening square bracket introduces a character class terminated by a closing square bracket A clos
81. needed for connecting to the Server via the Control Center If perl interpreter is installed you will be prompt to configure some Server settings In request for setup a certain type of parameters the default value is no press ENTER which means that parameters of this type will have default values If you specify yes value you will be able to set the values of proposed parameters the default values of the parameters declared in the square brackets to set them press ENTER You can initiate the configuration of Server settings manualy 47 Ta J N ax Chapter 2 Installation and Removal of Dr Web 48 Enterprise Security Suite Components the perl environment must be installed as well To do this run the configure pl script that can be found in folowing directories usr local drwcs bin for FreeBSD OS opt drwcs bin for Linux and Solaris OS Configure pl script parameters described in the Application H5 9 Configuring the Dr Web Enterprise Server Under UNIX System Based OS 7 Then the program components will be installed on your computer In the course of the installation you can be asked to confirm some actions as the administrator In the course of the installation of the Enterprise Server for FreeBSD OS an rc script usr local etc re d drwesd sh will be created To manually stop the Server use the command usr local etc re d drwesd sh stop To manually start the Server use the com
82. network The whole stream of instructions data and statistics in the anti virus network always goes through the Enterprise Server Dr Web Control Center exchange information only with Servers Based on Dr Web Control Center commands Servers transfer instructions to Enterprise Agents and change the configuration of workstations Thus the logical structure of the fragment of the anti virus network looks as in the Figure 3 4 129 Ta J i ys Chapter 3 Components of an Anti Virus Network 130 and Their Interface Dr Web Enterprise Server HTTP HTTPS TCP IPX NetBIOS Dr Web Control Center network Transfer of updates via Protected computer up div FB oe Dr Web GUS Figure 3 4 The logical structure of the anti virus network Between the Server and workstations a thin continuous line in the Figure 3 4 transferring the following information through one of the supported network protocols TCP IPX or NetBIOS Agents requests for the centralized schedule and the centralized schedule of workstations settings of the Agent and the anti virus package requests for scheduled tasks to be performed scanning updating of virus databases etc files of anti virus packages when the Agent receives a task to install them e software and virus databases updates when an updating Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface task is
83. network administrators and other users on virus attacks and other events detected by the program For more read p Setting Alerts Transports Tab On the Transports tab the parameters of the transport protocols used by the Server are set up For each protocol the name of Enterprise Server can be specified in the Name field if no name is specified the name set on the General tab is used see above if no name is set on the tab the computer name is used If for a protocol a name other than the 227 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server name on the General tab is specified the name from the protocol description will be used by the service detecting the Server of Agents etc In the Address field specify the address of the interface which Server uses for interaction with the Agents on the workstations In the Cluster address field specify the address of the interface which Server uses for interaction with the Agents and Network Installers while searching for an active Enterprise Servers See the Dr Web Enterprise Server Detection Service section for more details This parameters should be specified in the network addresses format described in Appendix E The Specification of Network Addresses Modules Tab On the Modules tab protocols for interaction of the Server with other ESS components can be chosen By default the interaction is enabled for the Enterprise Agents NAP V
84. new version Deletion of the the Dr Web Browser Plugin is described in the Uninstalling the ESS Software for Windows OS or Uninstalling the Dr Web _ Enterprise Server Software for UNIX System Based_ OS sections Installation is described in the Installing the Dr Web Browser Plugin section 9 1 4 Upgrading Dr Web Enterprise Agent After upgrading Server software Agents connected to this Server will be upgraded automatically 268 Ta J N ax Chapter 9 Updating the Dr Web Enterprise 269 Security Suite Software and Its Components Recommendations on upgrading the Agents installed at the stations that implement significant LAN functions specified in the Upgrading Dr Web Enterprise Agents on the LAN servers section 9 2 Manual Updating of the Dr Web ESS Components Before updating Dr Web ESS and its components ensure A availability of your Internet connection Check that the Internet Protocol is properly configured and DNS server settings are specified correctly Checking for Updates To check for updates of Dr Web ESS products on the updates server 1 Select the Administration item in the main menu and click Repository state in the control menu 2 In the opened window information about all components are listed also last revision date and its current state is specified Click Check for updates 3 If the checked component is outdated it will be updated automatically during the check Products a
85. not less than 512 MB RAM not less than 1 GB of free available disk space e Microsoft Windows 2000 OS or later Linux OS FreeBSD OS or Solaris OS similarly to the Dr Web Enterprise Server see Appendix A The Complete List of Supported OS Versions e MS Installer 2 0 for the installation of Enterprise Server for Windows OS Windows Script 5 6 or later for the installation of Enterprise Server for Windows OS 21 Ta J N ax Chapter 1 Welcome to Dr Web Enterprise 22 Security Suite For the installation of Enterprise Server for UNIX system based OS libiconv library v 1 8 2 or later pcre ncurses openssl libxml2 libpq only in case of using PostgreSQL database in case of installation via the generic packages the library is already included in the package libcurl MS Installer 2 0 is included into Windows 2000 with SP3 OS and later versions For details please visit http msdn2 microsoft com en us library aa367449 aspx Windows Script is included into all Windows OS versions which are supported for the Server installation The Libiconv library can be downloaded from ftp ftp freebsd org The NAP requires For Server e Microsoft Windows Server 2008 OS For the Agents e Microsoft Windows XP SP3 OS Windows Vista OS Windows Server 2008 OS The Dr Web Control Center requires Windows Internet Explorer 7 and later or Mozilla Firefox 3 0 and later Web br
86. number of deleted files MSG Added list of added files each name in a separate line MSG Replaced list of replaced files each name in a separate line MSG Deleted list of deleted files each name in a separate line Srv_Repository UpdateFailed MSG Error error message MSG ExtendedError detailed description of the error Srv_Repository UpToDate no variables are available marked as not to be notified of in the product configuration file read F1 The Syntax of the Configuration File_ config wy The variables of the last template do not include the files Ta 2 AN ax Appendices 317 The variables of the Server messages about the coming license expiration Key_Expiration MSG Expiration date of license expiration MSG Expired 1 if the term has expired otherwise 0 MSG Obj Id object GUID MSG Obj Name object name MSG ObjType object using an expiring key server station group A ax Appendices 318 Appendix E The Specification of Network Addresses In the specification the following conventions are taken variables the fields to be substituted by concrete values are enclosed in angle brackets and written in italic permanent text remains after substitutions is written in bold optional elements are enclosed in brackets the defined notion is placed on the left of the character
87. of a new DB in step 4 or did not 15 16 17 18 specify the Server configuration file from previous installation in step 9 for an existing DB the next window will contain a request to send statistics on virus events to Doctor Web company To do this set the Allow sending statistics flag and edit corresponding fields Default values for the Server is stat drweb com for URL update You can also specify the Username and Password for identification of the sent statistics contact the Dr Web Technical Support Service for information about your user name and password In the Send every lt gt field specify an interval in minutes for sending the statistics Server and Send every are the only obligatory fields If you are using a proxy server you can also specify its parameters in this window To do this set the Use proxy flag and specify its address user name and password The Use proxy flag will be available only if the Server installation folder does not contain configuration files from the previous installation If you selected creation of a new DB in step 4 in the next window specify an administrator password password It is not allowed to use national characters in administrator Click Next Next you are recommended to instruct updating of the repository during the installation To do this set the Update repository flag Click Next Click Install Further actions of the installation program do
88. of the Server installation catalog The scripts are meant for automation of the administrator work enabling quicker performance of certain tasks All scripts are disabled by default home lt root gt Server installation folder root folder The 366 Ta J N ax Appendices structure of this folder is described in p Installing the Dr Web Enterprise Server for Windows OS By default it is the current folder at start log lt og gt Server log filename A minus can be used instead of the filename for Servers under UNIX OS only which instructs standard output of the log By default for Windows platforms it is drwcsd log in the folder specified by the var root switch for UNIX platforms it is set by the syslog user switch read below private key lt private_key gt private Server key By default it is drwcsd pri in the etc subfolder of the root folder rotate lt N gt lt f gt lt M gt lt u gt Server log rotation mode where e lt N gt total number of log files including current log file e lt f gt log files storage format possible values z gzip compress file uses by default or p plain do not compress files e lt Mp gt file size e lt u gt unit measure possible values k kilo m mega g giga By default it is 10 10m which means storing of 10 files 10 megabytes each use compression Alternatively you can use the none format rotate none whic
89. received from neighbor Server neighbor virus ds called when virus detected event received from neighbor Server newbie accepted ds called when newbie access granted authorization is successful and station created in database newbie came ds called when newbie connected newbie registered ds called when newbie access granted but before information stored in database pong ds called when PONG received from client run begin ds called when component started event received from Agent erun end ds called when component completed event received from Agent scan _error ds called when scan error event received from Agent scan_ statistics ds called when scan statistics event received from Agent 412 Ta J N ax Appendices server jobexecuted ds called when job executed on the server server load ds called when Server binary file loaded for execute some service function the Server will not serve clients server start ds called when Server started and going to serve clients server terminate ds called when Server completed serve clients server _unload ds called when Server completed execute some service function the Server did not serve clients station connected ds _ called when Agent connected successfully station create ds called when station create completed station date ds called when invalid station time date d
90. root of disc D Copy the line above to the clipboard and paste to the cmd file and run the file If the path to a file or a file name contains spaces or national characters the path should be put in quotation marks D long name esbase es Start the Enterprise Server connect the Dr Web Control Center to the Server and configure the Server to use a different DBMS Cancel restarting the Server Stop the Enterprise Server see Start_and Stop the Dr Web Enterprise Server Run drwcsd exe using the initdb switch to initialize a new database The command line will look as follows 425 Aq P AN 4 yy v Frequently Asked Questions 426 C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all initdb D Keys agent key root It is presumed that the Server is installed to the cC Program Files DrWeb Enterprise Server folder and agent key resides in D Keys Copy this line to the clipboard and paste to the cmd file Run the file then If the path to a file or a file name contains spaces or national characters the path to the key should be put in quotation marks D long name agent key 6 Run drwcsd exe using the importdb switch to import the database from the file The command line will look as follows C Program Files DrWeb Enterpris Serve
91. scan the network for Enterprise Servers and wil try to install Agent from the first found Server When you use the Multicast mode to find active Servers wy the Agent installation is performed from the first founded Server If the pub key is not fitted to the Server key installation will be failed In this case expressly specify the Server address as described below The drwinst command may be used with switches If the Multicast mode is not used to detect the Server it is recommended to specify a domain name for the Enterprise Server in the DNS service and use this name when installing the Agent Ta J N ax Chapter 2 Installation and Removal of Dr Web 61 Enterprise Security Suite Components drwinst lt Server_DNS_name gt It is especially useful in case you would like to reinstall the Enterprise Server on a different computer You can expressly specify the Server address as follows drwinst 192 168 1 3 Using the regagent switch during the installation will alow you to register the Agent in the Add or Remove Programs list To launch the installation in the graphical mode use the interactive parameter The complete list of Network Installer parameters is describe in the Appendix H4 Network Installer 2 After the installation the software of Enterprise Agent is installed on your computer anti virus package is not installed yet 3 After the station has been approved at the Server if it
92. section in the installer settings during the Server installation or upgrade Otherwise Oracle DB functioning will fail because of the libraries conflict To exclude encoding problems you must disable the following parameters of ODBC driver Use regional settings when outputting currency numbers dates and times may cause errors during numerical parameters formatting Perform translation for character may cause illegal characters displaying in the Dr Web Control Center for parameters which are came from the DB This parameter sets symbols displaying dependence on the language parameter for programs which do not use the Unicode parameters on the computer where Enterprise Server is installed To do this 297 Ta J N ax Appendices In Windows OS Control Panel select Administrative tools in the opened window click Data Sources ODBC The ODBC Data Source Administrator window will be opened Go to the System DSN tab Click Add A window for selecting a driver will be opened Select the item of the corresponding ODBC driver for this DB in the list and click Finish The first window for setting access to the DB server will be opened If an external DBMS is used it is necessary to install the A latest version of the ODBC driver delivered with this DBMS It is strongly recommended not to use the ODBC driver supplied with Windows OS Except databases supplied by Microsoft without ODBC dri
93. server schedule in the control menu Click ix Remove these settings in the toolbar Incase of a multi server network remove all the interserver connections This can be done via the Administration menu Neighborhood item Specify the new key files for the anti virus network components Use the License Manager To replace keys manually use the procedure described above Enable the protocols of the Agent and Network Installer which were disabled in step 1 Set up anew schedule for the Server or import the old one which was exported in step 2 In case of a multi server network set up all the necessary interserver connections which were removed in step 4 Restart the Server 279 Ta 5 A Ws N Chapter 10 Configuring the Additional Components Chapter 10 Configuring the Additional Components 10 1 Proxy Server The anti virus network may consist of one or several Proxy servers The main function of a Proxy server is to establish a connection between Enterprise Server and Enterprise Agents in cases when it is impossible to set up direct access e g if Enterprise Server and Enterprise Agents are located in separate networks which do not have packet routing between them General Functions A proxy server performs the following functions 1 2 Network listening and receipt of connections according to the specified protocol and port Protocol translation supported protoc
94. several groups and workstations al to restore the values all parameters had before editing F to restore the default values of all parameters F to export parameters to a file of a special format fe to import parameters from such file R to delete the specific configuration of the given workstation the configuration inherited from the preinstalled groups will be restored see p Using Groups to Configure Stations e Click OK to confirm the changes made or click Cancel to restore the state of the configuration before editing Groups In the Groups section you can change the primary group for this station This procedure is described in the p Inheriting Stations Configuration from Groups Primary Groups 171 Ta J N a Chapter 7 Administration of Workstations Security In the Security section restrictions for network addresses from which Agents network installers and other neighboring Enterprise Servers will be able to access the given Server are set By default all connections are alowed the Use this ACL flag is cleared To make the list of alowed or denied addresses set the flag To allow any TCP address include it into the TCP Allow or TCPv6 Allow list To deny any TCP address include it into the TCP Deny or TCPv6 Deny list To edit an addresses at the list 1 Specify an address in the corresponding field and click Save 2 To add a new field click the Mi button in the
95. substitutions The variables are written as follows lt VAR gt substitute the current value of the lt VAR gt variable lt VAR gt lt N gt the first lt N gt characters of the lt VAR gt variable lt VAR gt lt first gt lt N gt the value of lt N gt characters of the lt VAR gt variable that go after the first lt first gt characters beginning from the lt first gt 1 symbol if the remainder is less it is supplemented by spaces on the right lt VAR gt lt first gt lt N gt the value of lt N gt characters of the lt VAR gt variable that go after the first lt first gt characters beginning from the lt first gt 1 symbol if the remainder is less it is supplemented by spaces on the left Ta J 1 ax Appendices 311 lt VAR gt lt original1 gt lt replace1 gt lt original2 gt lt replace2 gt replace specified characters of lt VAR gt variable with given characters lt original1 gt characters are replaced with lt replace1 gt characters lt original2 gt characters are replaced with lt replace2 gt characters etc There is no limitation for the number of substitution pairs Table D 1 Notation of variables SYS TIME SYS TIME SYS TIME SYS TIME SYS TIME 10 35 17 456 SYS TIME 5 10 35 10 35 17 456 SYS TIME 3 5 SS 10 35 17 456 SYS TIME 3 12 S383 52172456 10 35 17 456 SYS TIME 3 12 35 17 456 10 35 17 456 SYS TIM
96. such as OLE DB ADO NET or ODBC Though it is to be noted that there is no ODBC driver for Microsoft SQL CE at present Still working in applications with this DBMS may be facilitated by implementing ADO NET technologies and the LINQ language which allows using all the possibilities of the NET Framework platform including the report generation system CrystalReports Appendix B1 Setting Up the ODBC driver When setting access to DBMS for storage and processing of data use the parameters described below for external DBMS Table B 2 ODBC parameters only in the version for Windows OS DSN Drwcs Data set name USER Drwes User name PASS Drwcs Password TRANSACTION DEFAULT Read below Ta J i ax Appendices Possible values of the TRANSACTION parameter SERIALIZABLI cJ RI RI CJ Gl AD_UNCOMMITT AD COMMITTED zal J T R iPRATABLE READ DEFAULT The DEFAULT value means use default of the SQL server More information can be found at http www oracle com technology oramag oracle 05 nov o65asktom html The database is initially created on the SQL server with the above mentioned parameters It is also necessary to set the ODBC driver If you are going to use the ODBC for Oracle as an external database select the Custom option and in the opened window disable the installation of Oracle client in the Database support Oracle database driver
97. the Groups section tab The Member of list displays the groups which include the workstation The Other groups list displays the groups in which Ta J N ax Chapter 6 Groups Integrated Workstations Management membership for the workstation is yet available 4 To add the workstation into a group click the name of a group in the Known groups list The workstation will be added to the group and the group name will move into the Member of list 5 To remove a workstation from the group click the name of a group in the Member of list The workstation will be removed from the group and the group name will move into the Known groups list H You cannot remove stations from preinstalled groups 6 To save settings click Save In the Properties section you can also set a group as the primary one for the station for more read p Inheriting Stations Configuration from Groups Primary Groups To edit the list of groups containing the station via the hierarchical list 1 In the main menu select Network and unfold the hierarchcal list of groups and stations 2 To add a station to the user group press CTRL and drag n drop a station to the corresponding group 3 To move a station from one user group to another drag n drop this station from the user group from which station will be removed to the user group to which station will be added When dragging a station from preinstalled group in both 2 and
98. the decimal number following the backslash is less than 10 it is always taken as a back reference and causes an error only if there are not that many capturing left parentheses in the entire pat tern In other words the parentheses that are referenced need not be to the left of the reference for numbers less than 10 See the subsection entitled Non printing characters above for further details of the handling of digits following a backslash A back reference matches whatever actually matched the capturing subpattern in the current subject string rather than anything matching the subpattern itself So the pattern sens respons e and libility matches sense and sensibility and response and responsibility but not sense and responsibility If caseful matching is in force at the time of the back reference the case of letters is relevant For example i rah s 1 matches rah rah and RAH RAH but not RAH rah even though the original capturing subpattern is matched caselessly Back references to named subpatterns use the Python syntax P name We could rewrite the above example as follows i rah st P pl There may be more than one back reference to the same 401 Ta AN ax Appendices subpattern If a subpattern has not actualy been used in a particular match any back references to it always fail For example the pattern al bc 2 always fails if it starts to match a rath
99. the main menu of the Dr Web Control Center in the opened window select the Administrative accounts item in the control menu In the administrators list select the account which you want to edit Click be Edit on the toolbar Select the Preferences item in the main menu of the Dr Web Control Center in the opened window select the My account item For group administrators and administrators with with read only rights account settings can be opened via the Preferences item in the main menu of the Dr Web Control Center only 2 You can edit settings which had been specified during adding a new account if necessary A AN T V A A Y Chapter 5 Anti Virus Network Administrators 149 Values of fields marked by the sign must be obligatory specified For group administrators and administrators with read only rights the list of editing settings is limited The following settings are read only Dates of creation and last modification of the account e Status network address of the last connection under current account After changing settings click Save Click be Change password to set a new password for account access Administrator with full rights can edit password for all other administrators A It is not allowed to use national characters in administrator password Ta gt AN Ws Chapter 6 Groups Integrated Workstations 150 Management Chapter 6 Groups Integr
100. the network layout and workstations settings are passed This information is visualized on the Dr Web Contro Center and in case a user an anti virus network administrator changes any settings the information about the changes is transferred to the Server Connection between a Dr Web Control Center and a certain Server is established only after an anti virus network administrator is authenticated by his login name and password on the given Server Ta J N ax Chapter 4 Getting Started General Information 132 Chapter 4 Getting Started General Information 4 1 Establishing a Simple Anti Virus Network Before using the anti virus software it is recommended to change the settings of the backup folder for the Server critical data see p Setting the Dr Web Enterprise Server Schedule It is advisable to keep the backup folder on another local disk in order to reduce the risk of losing Server software files and backup copies at the same time Connecting via the Dr Web Control Center The Server is started automatically once the installation of the Server is complete see also Dr Web Enterprise Server To set up the Server and configure the anti virus software the Dr Web Control Center should be run on the computer of the administrator and a connection to the Server should be established From any computer with network access to the Server Dr Web Control Center is available at the following address http
101. variants as how to launch the Server These variants will be described separately Commands described in p H5 1 H5 5 are crossplatform and enable using in both Windows OS and UNIX system based OS unless it is specified otherwise H5 1 Managing the Dr Web Enterprise Server drwcsd lt switches gt set the parameters for the Server operation the switches are described in more detail below H5 2 Basic Commands drwcesd start run the Server drwcesd restart restart the Server it is executed as the stop and then start pair drwcsd stop stop the Server e drwesd reconfigure reread and reboot the 360 A Q 1 gt A Appendices 361 ax configuration file it is performed quicker and without starting a new process e drwcsd retemplate reread notification templates from the drive drwesd verifyakey lt key_file_path gt verify the Agent key file agent key drwcsd verifyekey lt key_file_path gt verify the Server key fie enterprise key e drwesd verifyconfig lt config_file_path gt verify the syntax of the Server configuration file drwcsd conf H5 3 Database Commands Database Initialization drwcesd lt keys gt initdb lt Agent_key gt lt DB_scripi gt lt ini_file gt lt password gt database initialization lt Agent_key gt path to Agent license key file agent key must be specified lt DB_script gt D
102. waiting time is not exceed the timeout value 5 is set by default spiderstat lt interval gt interval in minutes for the SpIDer Guard s statistics to be sent to the Server the default value is 30 The statistics will be sent to the Server at such intervals provided that the statistics has been changed during the interval help generate help on the format of the instruction and its parameters The same is for help of the interface module read Appendix H2 Dr Web_ Enterprise Agent Interface Module control lt action gt administrating the state of the Agent service Possible actions Servers install install the service uninstall uninstall the service start run the service only Windows NT OS and later stop terminate the service only Windows NT OS and later restart restart the service only Windows NT OS and later lt servers gt list of Servers By default drwes udp 231 0 0 1 2193 which instructs to search the drwcs Server using multicast requests for group 231 0 0 1 port 2193 356 Ta J N ax Appendices H4 Network Installer The start instruction format drwinst lt switches gt lt variables gt lt servers gt Switches Possible switches key lt public_key gt full path to the Server public key file It resides by default in the Installer subfolder of the Server installation folder uninstall deinstallation of t
103. with a limited maximum more memory is required for the compiled pattern in proportion to the size of the minimum or maximum 398 Ta AN ax Appendices Atomic grouping and possessive quantifiers With both maximizing and minimizing repetition failure of what follows normally causes the repeated item to be re evaluated to see if a different number of repeats allows the rest of the pattern to match Sometimes it is useful to prevent this either to change the nature of the match or to cause it fail earlier than it otherwise might when the author of the pattern knows there is no point in carrying on Consider for example the pattern d foo when applied to the subject line 123456bar After matching all 6 digits and then failing to match foo the normal action of the matcher is to try again with only 5 digits matching the d item and then with 4 and so on before ultimately failing Atomic grouping a term taken from Jeffrey FriedI s book provides the means for specifying that once a subpattern has matched it is not to be re evaluated in this way If we use atomic grouping for the previous example the matcher would give up immediately on failing to match foo the first time The notation is a kind of special parenthesis starting with gt as in this example gt d foo This kind of parenthesis locks up the part of the pattern it contains once it has matched and a failure further into the pattern
104. workstation you can specify what group will be regarded as primary By default this is the Everyone group 160 Ta J N ax Chapter 6 Groups Integrated Workstations Management wy If Everyone is not the primary group and a different primary group has no personal settings the settings of the Everyone group are inherited by a new station It is possible to create nested groups Inheritance in nested groups depends on group hierarchy If a station have no personal settings it inherits the configuration from parental group and this process repeats recursively Therefore the search for group configuration is performed upwards through the hierarchical tree of nested groups starting from the station primary group and stopping at the root group If no personal settings are selected for all the nesting groups then the Everyone group settings are inherited Example The structure of the hierarchical list is as follows Network Everyone _Group1 Group2 L_Group3 Group4 Station1 The Group4 is the primary group for the Stationl To determine which settings to inherit for the Station1 the search is carried out in the following order Stationl Group4 gt Group3 Group2 Groupl Everyone By default the network structure is displayed in such a way as to show a station in all the groups it is included into If you want workstations to be displayed in the network catalog in their primary
105. workstation via the Dr Web Control Center 1 Select the Network item in the main menu then select the workstation in the hierarchical list and click General cm Remove personal settings in the toolbar A list of settings for this workstation will be opened Personal settings will be marked with a flag 173 Ta J N ax Chapter 7 Administration of Workstations 2 To remove settings clear the flags and click Save Settings of the workstation inherited from the primary group will be restored Before editing the configuration of a workstation for SpIDer Guard for Windows and Dr Web Scanner for Windows familiarize yourself with recommendations on using the anti virus for computers on Windows Server 2003 OS Windows 2000 OS or Windows XP OS An article with necessary information can be found at http support microsoft com kb 822158 en The article is meant to help you increase system performance Provided that your Agent key agent key allows to use a spam filter for the SpIDer Mail component on the Antispam tab you can set up the filter on the context menu of any group or workstation select SpIDer Mail for Windows Workstations Starting from version 5 0 anti virus package includes SpIDer Gate and Office Control components For using this components they must be included in you license Antivirus Antispam that described in the Agent key file Spam filter SpIDer Gate and Office Control settings ar
106. you assign an Active Directory policy to install the Agent you should consider a possibilty that the Agent is already installed at the station There are three possible options 1 The Enterprise Agent is not installed at the station After policies assignment the Agent will be installed by general rules 2 The Enterprise Agent is already installed at the station without using the Active Directory service After Active Directory policy assignment installed Agent will remain at the station the Active Directory service Agent is not installed So after every station startup attempt of unsuccessful Agent installation will be repeated wy In this case the Agent is installed at the station but for To install the Agent via the Active Directory you must uninstall the Agent manually or via the Contro Center and assign the Active Directory policy for this station repeatedly 3 The Enterprise Agent is already installed at the station via the Active Directory After assignment the policy a If the rights for deleting the Agent are permitted for this station the Agent will be deleted To install the Agent via the Active Directory you must assign the Active Directory policies for this station repeatedly Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components In this case you must assign policies for the Agent A installation repeatedly because after the first policies
107. 2 Outlook 10 or Outlook XP Office Outlook 2003 Outlook 11 Office Outlook 2007 Office Outlook 2010 6 The Dr Web Agent context help requires Windows Internet Explorer 6 0 or later No other anti virus software including other versions of A Dr Web anti virus programs should be installed on the workstations of an anti virus network managed by Dr Web ESS 1 6 Distribution Kit The program software is distributed in two variants subject to the OS of the selected Enterprise Server 1 For installation under UNIX system base OSs the following components are provided as bzip2 archives or the respective OS installation packages Enterprise Server Proxy Server 2 For installation under Microsoft Windows OS the following components are provided as installation wizard executable files Enterprise Server Proxy Server Enterprise Agent for Active Directory NAP Validator The Enterprise Server is distributed in two variants 1 Full distribution kit includes distributions of all enterprise products which are provided for installation at protected stations under all supported OS 2 Lite distribution kit distribution whose composition is similar to composition of previous versions of Dr Web Enterprise Ta J N ax Chapter 1 Welcome to Dr Web Enterprise 26 Security Suite Security Suite distribution It is suitable for installing anti virus protection managed by Dr Web Enter
108. 3 steps station is added in the user group and is not removed from preinstalled group A Drag n drop method is not supported under Windows Internet Explorer 7 web browser 158 Ta J N ax Chapter 6 Groups Integrated Workstations 159 Management Merging stations As a result of operations with the database or reinstallation of the software on anti virus workstations several stations with the same name may appear on the anti virus network list only one of them will be correlated with the respective workstation To remove repeated workstation names 1 Select all repeated names of workstation Use the CTRL to do this 2 Inthe toolbar select W General Y merge stations 3 Inthe offered list select the station which will be the main All other stations will be deleted and their data will be prescribed to the selected station 4 In the offered list select the station settings of which will be set for the main station 5 Click Save 6 4 Using Groups to Configure Stations Stations settings can be 1 Inherited from the primary group 2 Specified personally Inherited Settings For created group its settings are inherited from the parental group or from the Everyone group if the parental group is not specified For created station its settings are inherited for the primary group For more details refer the Inheriting Stations Configuration from Groups Primary Groups section Ta A
109. 4 44 or 4 70 versions to version 6 0 2 automatically To upgrade Server uninstall the old version and install version 6 0 2 Upgrading Dr Web Enterprise Server 5 0 Version Enterprise Server can be upgraded from 5 0 version to version 6 0 2 automatically by using the installation wizard 260 Ta N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components To upgrade the Dr Web Enterprise Server to version 6 0 2 run the installation file and follow instructions of the Wizard 1 The Dr Web Enterprise Server Upgrade Notes window displays which notifies you on the previous Enterprise Server version installed The installation wizard locates the Server installation folder automatically 2 On the following steps the wizard displays locations of the preserved files see above which will be used during installation of Server 6 0 2 You can change locations if necessary 3 To remove the previous version and launch the installation process click Install During automatic upgrade of the Server software A contents of the repository are removed and new version is installed If the repository of the older version was not removed it is necessary to manually remove its contents and renew it For a network with several Severs fromthe main Server with 6 0 version to child Servers with smaller versions 5 X or 4 X only virus bases are transmitted To transmit all software and Agent updates
110. 5 Ta J N ax Chapter 4 Getting Started General Information another computer or change the IP address of a computer with the Server If you configure the anti virus network for using the direct connections the Server Detection Service can be disabled To do this at the transport settings Administration Dr Web Enterprise Server Configuration Transport tab leave the Cluster address field empty Direct Connections Dr Web Enterprise Server Setup In the Server settings the address must be set see Appendix E The _Specification of Network Addresses to listen for accepting incoming TCP connections You can specify this parameter in the folowing Servers settings Administration Dr Web Enterprise Server Configuration Transport Address field To be listened by the Server the folowing parameters are set by default tcp 0 0 0 0 2371 supported for backward compatibility in particular to avoid some problems with upgrading to the 5 0 version from the 4 XX version which uses the 2371 port tcp 0 0 0 0 2193 to use the 2193 port registered for Dr Web in IANA 0 0 0 0 designation means all network interfaces for this computer on which the Server is installed For the proper functioning of all Dr Web Enterprise Security Suite antivirus network it is enough for the Server to listen at least one TCP port which is known by all clients 136 Ta J N ax Chapter 4 Gettin
111. 54 interface uninstalling 82 85 updating 276 alerts settings 233 anti virus Agent start 96 anti virus network 244 components 128 licensing 27 planning 30 setting connections 247 structure 128 245 updating 254 virus events 254 anti virus package components composition 169 composition 17 installing 51 71 169 uninstalling 82 169 188 375 anti virus scanning 188 anti virus Scaner anti virus Server configuration file 335 installing for Unix 44 installing for Windows 32 interface 90 log 89 logging 235 moving 420 restoring 437 schedule 236 setting connections 247 settings 220 start 90 start instruction switches 360 tasks 88 types of connections 245 uninstalling for UNIX 85 Ta J N ax 448 Index anti virus Server uninstalling for Windows 82 upgrading for UNIXOS 263 upgrading for Windows OS 258 165 authorization Control Center 112 approving stations 112 automatic authorization B backup 437 430 anti virus Server DB database biling system 414 blocking localresources 212 centralized schedule 184 components 128 anti virus composition anti virus network 169 composition 16 synchronization 269 uninstalling 82 configuration file 335 343 347 324 connections between the Servers anti virus server Control Center proxy server repository setting 247 245 Control Center types configuration file 343 description 96 hierarch
112. 9 Updating the Dr Web Enterprise Security Suite Software and Its Components To upgrade the Server use the installer of corresponding version and make the upgrade procedure according to general rules described in Upgrading Dr Web ESS for Windows OS or Upgrading Dr Web ESS for UNIX System Based Systems To update the anti virus software do the following 1 Install the anti virus Server software on another computer connected to the Internet as described in p Installing the Anti Virus Server Stop the two Servers Start the Server connected to the Internet with the syncrepository switch to update the anti virus software Example for Windows OS C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server syncrepository Fully replace the content of repository catalog on the main working Server by the content of correspondent catalog of the Server connected to the Internet Usually it is var repository under Windows OS var drwes repository under FreeBSD OS and Solaris OS var opt drwes repository under Linux OS If the Agent with an active self protection is installed on Sever computer you must disable Dr Web SelfPROtect component in the Agent settings before starting the repository update If the main Server is runing under UNIX OS it is necessary to set the rights of the user created selected at the installation of the Server to the c
113. Administrator Manual 2004 2011 Doctor Web All rights reserved This document is the property of Doctor Web No part of this document may be reproduced published or transmitted in any form or by any means for any purpose other than the purchaser s personal use without proper attribution TRADEMARKS Dr Web SpIDer Mail SpIDer Guard CurelIt CureNet Dr Web AV Desk and the Dr WEB logo are trademarks and registered trademarks of Doctor Web in Russia and or other countries Other trademarks registered trademarks and company names used in this document are property of their respective owners DISCLAIMER In no event shall Doctor Web and its resellers or distributors be liable for errors or omissions or any loss of profit or any other damage caused or alleged to be caused directly or indirectly by this document the use of or inability to use information contained in this document Dr Web Enterprise Security Suite Version 6 0 2 Administrator Manual 19 10 2011 Doctor Web Head Office 2 12A 3rd str Yamskogo polya Moscow Russia 125124 Web site www drweb com Phone 7 495 789 45 87 Refer to the official web site for regional and international office information Doctor Web Doctor Web develops and distributes Dr Web information security solutions which provide efficient protection from malicious software and spam Doctor Web customers can be found among home users from all over the world and in government ente
114. B initialization script A special value minus means not to use such script lt ini_file gt previously formed file in the drweb32 ini format which will set the initial configuration of Dr Web software components i e for the Everyone group A special value minus means not to use such file e lt password gt original password of the Server administrator his name is admin By default it is root wy A minus can be omitted if the next parameters are missing Adjusting parameters of database initialization If embedded database is used initialization parameters can be set via an external file The following command is used for this Ta J N ax Appendices 362 drwcsd exe initdbex lt response file gt lt response file gt file with initialization parameters written line by line in the same order as the initdb parameters File format lt path_to_key file gt lt path_to_initdb sq gt lt path_to_drweb 32 ini gt lt administrator_password gt If using a response file under Windows OS any symbols are allowed in the administrator password Any strings following the necessary parameter in a particular case are optional If a string consists of only the minus symbol the default value is used as in initdb Database Updating drwcsd lt switches gt updatedb lt script gt perform any action with the database for example update to a new version by executing SQL instructo
115. Chart is displayed for all installations from this Server not depending on the objects selected in the hierarchical list Average infection activity displays average of infection activity at stations from selected group This value is calculated as a sum of all detected infections divided on number of scanned objects at each station Having the maximum of errors displays the list of stations on which errors of anti virus components operation are detected Chart displays the number of errors for each station Components errors displays the list of anti virus components installed at stations with errors of operation The pie chart displays the total number of errors for each component Job resolutions displays the list of jobs that have been launched on selected objects Chart displays the number of launches of jobs 7 6 3 Summary Data To view Summary data 1 In the main menu select Network then in the hierarchical list click the station or group name Select Summary data item from the Tables section of the control menu panel on the left The window with report table data will be opened To include specific data in the report click Summary data on the toolbar and select necessary types in the drop down list Statistics Infections Jobs Start End Errors Statistics from this report sections are similar to statistics from the corresponding items of the Table section To view the report with selected tables cli
116. Description of the Notification System Parameters When setting the system of alerts for events connected with the program operation the parameters described below are used for different types of annunciator drivers Table C 1 E mail notifications the drwemail driver HOST PORT USER PASS DEBUG FROM TO 127 0 0 2 SMTP host 25 SMTP port SMPT user SMTP password NO Debug mode drwcsd localhost Sender address root localhost Recipient address Table C 2 Notifications through Windows Messenger the drwwnetm driver for Windows OS version only TO Admin Computer network name Windows network message system functions only under Windows OS with Windows Messenger Net Send service support Windows Vista OS and later do not support Windows Messenger service Ta J N ax Appendices 310 Appendix D The Parameters of the Notification System Templates The text for messages sent by e mail or Windows Messenger is generated by a Server component named the templates processor on the basis of the templates files Windows network message system functions only under Windows OS with Windows Messenger Net Send service support Windows Vista OS and later do not support Windows Messenger service A template file consists of text and variables enclosed in braces When editing a template file the variables listed below can be used The templates processor does not perform recursive
117. Dr Web Enterprise Security Suite Components After you install Dr Web NAP Validator add Enterprise Server to the trusted NAP servers group To add Dr Web Enterprise Server to the trusted NAP servers group 1 To open NAP server configuration component run the nps msc command 2 In the Remediation Servers Group section click Add 3 In the dialog window enter the name for the new remedial server and the Enterprise Server IP address 4 Click OK to save changes 2 6 Installation of Proxy Server One or several Proxy servers can be included into the anti virus network When choosing a computer where the Proxy server should be installed consider that it should be accessible from all networks and segments which require data redirection between them To install the Proxy server you must have administrator rights on this computer Below is described the installation of the Proxy server for Windows OS The set and the order of steps may somewhat differ depending on the distribution file version To install the Proxy Server on a computer operated by Windows OS 1 Run the distribution file A window of Installation Wizard with information about the program to be installed will be opened Click Next 2 A window with the text of the license agreement will be opened You should read and accept the agreement To continue the installation in the bottom part of the window 79 Ta J N ax Chapter 2 Installation and R
118. Dr Web Enterprise Server for UNIX System Based OS Installation should be carried out in console under superuser account root Package based installation of the Dr Web Enterprise Server on a UNIX system based OS 1 To start instaling the drweb esuite package use the folowing command FreeBSD OS pkg_add lt distribution_file_name gt tbz Solaris OS 1 bzip2 d lt distribution_file_name gt bz2 2 pkgadd da lt distribution_file_name gt Linux OS Debian dpkg i lt distribution_file_name gt deb Ubuntu rpn rpm i lt distribution_file_name gt rpm packages computer you can upgrade the software components To wy If Enterprise Server is already installed on your do this run the distribution kit with the command e rpm U lt distribution_file_name rpm gt for rpm distribution kits e dpkg i lt distribution_file_name deb gt for deb distribution kits Also there are so called generic packages which can be Ta J N ax wy Installation can be cancelled at any time by sending any of Chapter 2 Installation and Removal of Dr Web 45 Enterprise Security Suite Components installed on any Linux system based OS including those which are not on the list of supported systems To install generic package under Linux system based OS it is required glibc library of same version as generic package is Installation is provided by means of the installer included in the package tar xjf lt distribution
119. Dr Web Scanner for Windows Complete scan In this mode all hard disks and removable disks including the boot sectors will be fully scanned In this mode Scanner uses default values a Dr Web Scanner for Windows Custom scan In this mode you will be able to choose files and folders to scan In Ta J N ax Chapter 7 Administration of Workstations this mode the Scanner settings window wil be opened Specify scanning parameters and the lists of file system objects to scan instructions on settings scan parameters are given below and click Scan for viruses a Dr Web Enterprise Scanner for Windows In this mode the scan wil be done via the Dr Web Enterprise Scanner In this mode the Scanner settings window will be opened Specify scanning parameters and the lists of file system objects to scan instructions on settings scan parameters are given below and click Scan for viruses a Dr Web Enterprise Scanner for Unix To scan stations which operate under UNIX system based OS Specify scanning parameters and the lists of file system objects to scan and click Scan for viruses EL Dr Web Enterprise Scanner for Mac OS X To scan stations which operate under Mac OS X Specify scanning parameters and the lists of file system objects to scan and click Scan for viruses 7 5 4 Managing Scanner Settings for Windows OS To view and edit Scanner settings do one of the following 1 In the main menu of the Dr Web Contro Center
120. E 10 99 35 77 99 77 17 456 Conventions whitespace System Variables Allowed in Subject Headers syYs e SYS e SYS SYS syYs SYS e SYS e SYS syYs E D D w O wyw IME current system time ATE current system date ATETIME current system date and time ERSION Server version UILD Server build date LATFORM Server platform LATFORM SHORT short variant of SYS PLATFORM S Server operating system name RANCH system version Server and Agents The environment variables have the same names as the variables specified in the environment with the ENV prefix added the prefix ends with a period Ta J N ax Appendices 312 Shared Variables of Messages the Agent GEN LoginTime station login time GEN StationAddress station address GEN StationID station UUID GEN StationName station name Shared Variables of Messages Dr Web Enterprise Server updating subsystem GEN CurrentRevision current version identifier GEN NextRevision updated version identifier GEN Folder product location folder GEN Product product description Message Variables United According to Message Types for the Agent Administrator Authorization Failed MSG Login login MSG Address Dr Web Control Center network address Approved Newbie MSG AdminName
121. Files Format Appendix M Custom Extensions Appendix N Integration of XML Web API and Dr Web Enterprise Security Suite Appendix O Procedures for Authentication of Administrators Frequently Asked Questions Moving the Dr Web Enterprise Server to Another Computer under Windows OS Connecting the Dr Web Enterprise Agent to Other Dr Web Enterprise Server Changing the Type of the DBMS for Dr Web Enterprise Security Suite Restoring the Database of Dr Web Enterprise Security Suite Restoring the Dr Web Enterprise Server from Data Backup 374 375 375 377 378 383 383 385 387 408 410 414 415 420 420 423 425 430 437 11 Ta AN aX Upgrading Dr Web Enterprise Agents on the LAN servers Using DFS During Installation of the Agent via the Active Directory Remote Installation Trouble Shooting Index 441 442 443 447 12 Ta J N ax Chapter 1 Welcome to Dr Web Enterprise Security Suite Chapter 1 Welcome to Dr Web Enterprise Security Suite 1 1 Introduction The Manual is meant for system administrators responsible for the organization of anti virus protection This Manual is intended to introduce technical features and the functionality of the software and provide detailed information on the organization of the complex anti virus protection of corporate computers using Dr Web Enterprise Security Suite hereinafter Dr Web ESS The main part of the
122. General In the General section the following fields are listed ID group unique identifier Is read only Ta J N ax Chapter 6 Groups Integrated Workstations Management Name group name You can change the group name if necessary wy For preinstalled groups ID and Name fields are read only Parent group parent group in which this group is included and from which group configuration is inherited if the personal settings is not specified If the parent group is not specified settings are inherited from the Everyone group Description optional filed with group description Configuration For more details on inheriting of group settings by stations for which this group is primary see Using Groups to Configure Stations section In the Configuration section the following groups parameters are presented setting permissions for the workstations for which this group is primary Setting permissions of group is similar to setting permissions of separate workstations see p Setting Users Permissions i changing schedule settings for the workstations for which this group is primary Setting schedule of group is similar to setting schedule of separate workstations Centralized schedule setting described in p Editing Scheduled Tasks on a Station o D setting the licence key file for the workstations for which this group is primary Q setting restrictions for anti virus software up
123. Installation of the Dr Web Enterprise Agent via the Network Installer You must update the Server repository before the first installation of the Agent see p Manual Updating of the Dr Web ESS Components p Checking for Updates If the network installer is run in the normal installation mode i e without uninstall switch on stations where the installation has already been performed this will not incur any actions The installer program terminates with a help window contains available A Q T A A A y V Chapter 2 Installation and Removal of Dr Web 60 Enterprise Security Suite Components switches There are two modes of installation via the Network installer 1 Background mode 2 Graphical mode You can also install Enterprise Agent remotely with the help of the Dr Web Control Center or the facilities of Active Directory see p Remote Installation of the Dr Web Enterprise Agent 2 3 3 1 Installation of the Dr Web Enterprise Agent in the Background Mode of the Installer To install the anti virus software Dr Web Enterprise Agent and anti virus package in the background mode of the installer 1 From the workstation on which you want to install the anti virus software enter the network catalog of Agent installation located at the Server by default it is Installer folder and run the drwinst programm By default the drwinst instruction launched without parameters will use the Multicast mode to
124. LDAP scheme is not demanded Translation according given scheme is performed using rules of translation of names to LDAP DN 3 After translation like for the Active Directory attempt of the user registration at the specified LDAP server using determined DN and specified password is performed 4 After this like for the Active Directory LDAP object attributes are read for the determined DN Attributes and their possible values can be redefined in the configuration file 5 If undefined values of administrator attributes are found and inheriting is specified in the configuration file the search of needed attributes in the user groups is the same as in the Active Directory 5 2 Types of Administrators This section contains information about administrators account data of which is stored in the Enterprise Server DB There are four types of administrator accounts Full rights administrators e Read only administrators e Group administrators with full rights e Group administrators with read only rights Ta J N ax Chapter 5 Anti Virus Network Administrators Full Rights Administrators Administrators with full rights have exclusive rights to the administration of Enterprise Server and of the whole network They can view and edit the configuration of the anti virus network and create new administrator accounts of both types An administrator with full rights can configure the anti virus software of a workstat
125. LE Database name by default mssqlce sdf PASSWORD Database encryption password The PASSWORD parameter is an encryption key and bears no relation to the user password system By default the password is empty the database is not encrypted An Example of the drwcsd conf Configuration File If you deploy SQL CE it is necessary to change the definition and the settings of the database driver in the configuration file of the Server See a fragment of the configuration file with corresponding parameters below Database definition Mandatory Only one definition is allowed database DB driver DLL or shared object name drwsqlce sql server compact windows only jload library from this path empty use default EEO parameters describing database connection A N T A A A yy v Appendices defaults DBFILE varroot mssqlce sdf using DBFILE mssqlce sdf PASSWORD drwcs using DBFILE mssqlce sdf PASSWORD drwcs Appendix B4 Using the PostgreSQL DBMS General Description PostgreSQL is an object relational DBMS distributed as a freeware unlike such commercial DBMS as Oracle Database Microsoft SQL Server etc The PostgreSQL DBMS may be used to arrange an external DB for the Dr Web Enterprise Server in large anti virus networks To do this 1 Install the PostgreSQL server 2 Set up the ODBC driver 3 Set up the Dr Web Enterprise Server to use the respective external database You
126. Microsoft SQL Server 2005 it is necessary to use the ODBC driver supplied with this DBMS Using of Microsoft SQL Server 2005 SP4 and later is supported It is strongly recommended to install latest service packs for used DB server Comparison Characteristics An internal DB can be used if at most 200 300 stations are A connected to the Server If the hardware configuration of the computer with Enterprise Server and the load level of other executing tasks are permissible up to 1000 stations can be connected Otherwise you must use an external DB If you use an external DB and more than 10 000 stations are connected to the Server it is recommended to perform the following minimal requirements Ta J N ax When Appendices 3 GHz processor CPU RAM at least 4 Gb for the Enterprise Server and at least 8 Gb for the DB server e UNIX system based OS choosing between an internal and external database take into account the following peculiar parameters of DMBS In large anti virus networks of over 200 300 stations it is recommended to use an external DB which is more fault resistant than internal DBs The internal DBMS IntDB is considerably faster than the external analogs and is recommended mainly for the typical use of databases You may use an external database in case it will be necessary to work through a DBMS and access the DB directly To facilitate access standard APIs may be used
127. N ax Chapter 6 Groups Integrated Workstations Management When viewing or editing workstation configuration inherited from the primary group a notification that the settings are inherited from the primary group will be displayed in correspondent windows You can set different configurations for different groups and stations by editing corresponding settings Personal Settings To set the personal settings for the station edit corresponding settings section see p Management of Stations Configuration In the settings section notification that the settings are set personally for the station will be displayed If the personal settings are specified for the station personal group settings and their changing wil not have any affect on station settings You can restore the configuration inherited from the primary group To do this click the Y Remove these settings button in the toolbar of the Dr Web Control Center in the corresponding parameters section or in the station settings section 6 4 1 Inheriting Stations Configuration from Groups Primary Groups Inheriting a Station Settings When a new workstation is created its configuration settings are inherited from one of the groups it belongs to That group called the primary group If the settings of the primary group are modified these changes are inherited by all workstations included into the group unless the workstations have been customized When creating a
128. OS var extensions for FreeBSD OS and Solaris OS var drwcs extensions for Linux OS var opt drwces extensions of Server installation folder After the Server installation preinstalled extension procedure are located in this folder To permit the Server to perform user extension scripts the Server must be launched with the hooks switch All scripts are disabled by default To enable scripts you must remove the word disabled or remove entire comment keep empty line The var extensions folder contains following scripts access_ check ds called before check access against appropriate ACL Access Control List 410 Ta J N ax Appendices access denied ds called when access denied according ACL settings or result of access check procedure admin logged ds called when administrator successfully authenticate in the Dr Web Control Center admin _noauth ds called when administrator failed to authenticate in the Dr Web Control Center agent status ds called when Agent report its local policy backup ds called when backup completed but before deleting previous backup files bad_connection ds called when new client connection cannot be established connection denied ds called when connection denied according license limitation database load ds called when database driver load process completed database verify ds called when database verification complet
129. OS and UNIX OS servers the parameter is set to 2 by default It is not advisable to change this parameter unless recommended by the customer support MaximumAuthorizationQueue lt value gt Specify the maximum number of workstation in the Server authorization queue It is not advisable to change this parameter unless recommended by the customer support Newbie lt mode gt Access mode of new stations can have the Open Close or Approval values by default it is Approval Read more in p New Stations Approval Policy UnAuthorizedToNewbie lt mode gt The mode can have either the Yes value which means that the newbie status will be automatically assigned to unapproved stations for example if the database has been destroyed or the No value default which stands for a standard operation WEBStatistics Interval lt number gt Server lt server_address gt URL lt catalog gt I D lt client_identifier gt User lt usel gt Ta J N ax Appendices Password lt password gt Proxy lt proxy_server gt ProxyUser lt proxy_user gt ProxyPassword lt proxy_password gt Above is described a web server where ESS will publish its statistics on detected viruses The upload span is set in minutes the default value is 30 It is not recommended to set the upload span to more than one hour The default server address is stat drweb com 80 The default URL is update ID client s identifier by default it is
130. Scanning on Workstations If you want this event to be logged select Log and in the String field type the text of the message to be added to the log 4 On the Time tab in the Time drop down list set the time mode of the task Daily e Every N minutes Hourly e Monthly Startup Weekly The parameters of different types of the time modes are described below 5 When all parameters for the task are specified click Save to accept changes Table 7 2 The parameters of different types of the time modes Daily Enter the hour and the minute for the task to be launched at the time specified Every N The N value should be specified to set the time interval for minutes the execution of the task At N equal 60 or more the task will be run every N minutes At N less than 60 the task will be run every minute of the hour multiple of N Hourly Enter a number from0 to 59 to set the minute of every hour the task will be run 186 Ta J i ax Chapter 7 Administration of Workstations 187 Monthly Enter the day of the month the hour and the minute for the task to be launched at the time specified Startup Have no additional parameters The task will be launched at startup Weekly Enter a day of the week the hour and the minute for the task to be launched at the time specified To edit an existing task left click the task to select it in the list The following actions are similar to adding a new tas
131. School Server 5 0 x86_64 ASP Linux 12 ASP Linux 14 Debian GNU Linux Lenny Debian GNU Linux Lenny x86_64 Debian GNU Linux Sid x86_64 Debian GNU Linux Squeeze Debian GNU Linux Squeeze x86_64 FreeBSD 7 3 FreeBSD 7 3 amd64 FreeBSD 7 4 FreeBSD 7 4 amd64 FreeBSD 8 1 FreeBSD 8 1 amd64 FreeBSD 8 2 FreeBSD 8 2 amd64 Linux glibc2 7 Linux glibc2 7 x86_64 Linux glibc2 8 Linux glibc2 8 x86_64 Ta J N ys Appendices 289 Linux glibc2 9 Linux glibc2 9 x86_64 Linux glibc2 10 Linux glibc2 10 x86_64 Linux glibc2 11 Linux glibc2 11 x86_64 Linux glibc2 12 Linux glibc2 12 x86_64 Linux glibc2 13 Linux glibc2 13 x86_64 Mandriva Linux 2010 Mandriva Linux 2010 x86_64 Mandriva Linux Corporate Server 5 1 Mandriva Linux Corporate Server 5 1 x86_64 openSUSE 11 openSUSE 11 x86_64 RedHat Enterprise Linux 5 3 RedHat Enterprise Linux 5 3 x86_64 RedHat Enterprise Linux 6 RedHat Enterprise Linux 6 x86_64 RedHat Fedora 8 RedHat Fedora 8 x86_64 RedHat Fedora 9 RedHat Fedora 9 x86_64 RedHat Fedora 10 RedHat Fedora 10 x86_64 RedHat Fedora 11 RedHat Fedora 11 x86_64 RedHat Fedora 12 RedHat Fedora 12 x86_64 RedHat Fedora 13 RedHat Fedora 13 x86_64 RedHat Fedora 14 Aq P AN A v Appendices 290 RedHat Fedora 14 x86_64 RedHat Fedora 15 RedHat Fedora 15 x86_64 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Server 10 x86_64 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Serve
132. Security Suite Components Enterprise Server can be installed on any computer of the local network not only on that functioning as a local network server General system requirements to this computer are described in p System Requirements The Dr Web Control Center can be run on a different computer than the Server there should be a network connection between them The anti virus network can incorporate several Enterprise Servers The features of such configuration are described in p Peculiarities of a Network with Several Dr Web Enterprise Servers To install the Server and Enterprise Agent one time access physical or remote to the correspondent computers is required All further steps will be taken from the administrator s workplace which can also be outside the local network and will not require access to Enterprise Servers and workstations 2 2 Installation of the Dr Web Enterprise Server The instalation of Enterprise Server is the first step in the instalation of Dr Web ESS anti virus Unless and until it is successfully installed no other ESS components can be installed The instalation procedure of Enterprise Server depends on Server version for Windows OS or for UNIX system based OS Nevertheless the parameters set during the installation and the structure of the installed software are the same for all versions 31 7 A J AN ax Chapter 2 Installation and Removal of Dr Web Enterprise Se
133. Servers Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server decreasing the load on each of them consolidation of data from several Servers on one Server the possibilty to view all the data through the Dr Web Contro Center connected to such Server The Dr Web ESS anti virus monitors and prevents the creation of cyclic data flows 8 5 2 Setting Connections between Several Dr Web Enterprise Servers To use several Servers in an anti virus network you should set up connections between these Servers It is advisable to make a plan and to draw the structure of the anti virus network first All data flows connections of the peer to peer and parent child types should be indicated Then for each Server included into the network connections with any neighboring Servers neighbors have at least one dataflow between them should be set up Example Configure a connection between Parent and Child Dr Web Enterprise Servers wy Values of fields marked by the sign must be obligatory specified 1 Make sure that both Enterprise Servers operate normally 2 Make sure that each of the Enterprise Servers uses different keys enterprise key 3 Connect to each of the Enterprise Servers by means of the Dr Web Control Center and give them meaningful names as it will help prevent mistakes while connecting and administering the Enterprise Servers You can change the names through the Dr Web Cont
134. SpIDer Mail for Windows Workstations etc Click the F button against the correspond item to change its settings Dr Web Control Center also provides you with option for deleting personal settings of a workstation These settings are located in the left part of the corresponding options for components configuration options When you delete personal settings of a workstation it inherits settings from the primary group wy The set of the components parameters and recommendations to their configuring are described in the manual Dr Web Anti Virus for Windows User Manual and Dr Web Agent for Windows User Manual Meanwhile the Dr Web Control Center interface is somewhat different from the interface of the anti virus components 170 Ta J N ax Chapter 7 Administration of Workstations to change the parameters whose values can be either Yes or No click the appropriate value Entry fields and drop down lists are standard to manage separate parameters use the options located on the right from corresponding settings to restore the value a parameter had before editing S to set the default value for a parameter e to manage set of parameters use the options located in the toolbar the upper part of most settings windows e g Schedule Permissions Dr Web Scanner for Windows SpIDer Guard for Windows and SpIDer Mail for Windows Workstations af to propagate this parameters on other objects group or
135. Windows OS in the safe mode For every station you can View the list of all anti virus components running at present e Terminate running anti virus components of a certain type Initiate anti virus scanning and specify its parameters Scans can be initiated for e Dr Web Scanner for Windows e Dr Web Enterprise Scanner for Windows 7 5 1 Viewing and Terminating Running Components To view the list of running components and terminate some of them manually 1 In the main menu select Network then click the name of a workstation or group in the hierarchical list In the control menu left pane select Launched components Lists of components active at present both run manually by you or users and scheduled will be opened Ta J N s Chapter 7 Administration of Workstations 189 2 If necessary set a flag next to a task to terminate and click Interrupt on the toolbar Execution of a task will be terminated and the tasks will be removed from the list 7 5 2 Terminating Running Components by Type In this mode running scans will be terminated and all A monitores except SpIDer Guard will be disabled Warning You cannot launch SpIDer Mail or SpIDer Gate monitors via the Dr Web Control Center You can terminate the execution of the components on workstations e run manually by you run by users scheduled You can also interrupt all processes matching a certain criterion This option is especi
136. _file_name tar bz2 gt Then on behalf of the superuser run the following script drweb esuite install sh the following signals SIGHUP SIGINT SIGTERM SIGQUIT and SIGWINCH under FreeBSD OS changing the dimensions of the terminal window entails sending a SIGWINCH signal When installation is cancelled the changes to the file system roll back to the original state When using an rpm package installation can be interrupted by pressing CTRL C Press ESC to return to the previous step of Server installation Note that in the step 2 in licence agreement window the ESC will exit installation Administrator name is admin by default The following windows the number and sequence of which can be different subject to the OS contains information on the copyright and the text of the license agreement To proceed the installation you must accept the license agreement Next you will be prompt to set the group and the user under name of which the Server will operate The same user is the owner of the files of the Enterprise Server Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components For request on user creation select new to create a new user under name of which the Dr Web ESS will be run In the next menu it is recommended to leave the default value and click OK In the group selection menu create a new group In the next prompt leave the default value In the
137. a new DB or if the configuration file for an existing database was not specified select the driver which should be used The IntDB database driver option means that internal facilities of the Enterprise Server should be used Other options imply usage of an external DB Parameters of DBMS are described in the appendices see Appendix B The Description of the DBMS Settings The Parameters of the DB MS Driver Click Next If you selected IntDB database driver for creating a new DB in the previous step the information for creating a new DB will be displayed If you selected one of the options with an external DBMS it will be necessary to specify access parameters for the DB If you are using the Server DB from the previous installation and in the previous step you specify the Server configuration file or select IntDB database driver it is necessary to specify the DB file For this click Browse Set the Verify database during setup flag to verify database integrity 39 Ta J N s 13 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components when installing the Server Next if you selected creation of a new DB in step 4 or did not specify the Server configuration file from previous installation in step 9 for an existing DB a window dedicated to network configuration will be opened You can set up a network protocol for the Server it is alowed to create only one protocol more protocols
138. able only if you installed the Agent by using the graphical installer and set the Register Agent in system list of installed software flag If the Agent installed in the background mode of the installer the removing of the anti virus software with the standard Windows OS services will be available only if the regagent switch was used for installation To remove the Agent and the anti virus package use standard Windows OS tools the Add or Remove Programs element in Control Panel see the Agent User Manual for details Removing by Using the Agent Installer To remove the Agent software and the anti virus package from a workstation by using the Agent installer run the drwinst instruction with the uninstall parameter or with uninstall interactive parameters if you want to control the process in the installation folder of Enterprise Agent by default C Program Files DrWeb Enterprise Suite Example drwinst uninstall interactive 84 Ta J N ys Chapter 2 Installation and Removal of Dr Web 85 Enterprise Security Suite Components 2 7 2 Uninstalling the Dr Web Enterprise Agent Software through Active Directory 1 In Control Panel select Administrative Tools Active Directory users and computers 2 Right click your ESS organizational unit in the domain On the context menu select Properties An ESS Properties window will be opened 3 Go to the Group Policy tab Select ESS policies Double
139. acquired license e Virus databases and program modules updates are promptly and efficiently distributed to client computers by the Dr Web Enterprise Server Server critical data databases configuration files etc is backed up In comparison to other anti virus products Dr Web ESS Anti virus can be installed on infected computers of users Ta J FQ ax Chapter 1 Welcome to Dr Web Enterprise 20 Security Suite 1 5 System Requirements For Dr Web ESS to be installed and function the following is required Enterprise Server should have access to the Internet to receive updates from Dr Web GUS anti virus network computers should have access to the Internet to connect to the Sever or be in the same local network as the Server for interaction between all anti virus components all following ports and sockets must be opened on computers with anti virus components ports 2193 TCP UDP For connection between the Server and 2371 anti virus components port 23 NetBIOS For connection between the Server and anti virus components socket 2371 IPX SPX For connection between the Server and anti virus components ports 2193 UDP For the Network Scanner 2372 ports 139 TCP UDP For the Network Installer 445 port 9080 http For the Dr Web Control Center port 9081 https For the Dr Web Control Center protocols between components of 4 XX version It is used for support of compatibility particularly du
140. age the Server are listed in the Server control directory As a rule Enterprise Server can be managed through the Dr Web Control Center which acts as an interface for the Server Start and Stop the Dr Web Enterprise Server By defaut the Enterprise Server automaticaly starts after installation and every time after restarting the operating system Also you can start or start restart or stop the Enterprise Server by one of the following ways For UNIX system based OS Using the corresponding console command see also Appendix H5 Dr Web Enterprise Server o Start e for FreeBSD OS usr local etc rc d drwesd sh start e for Linux OS and Solaris OS etc init d drwesd start o Restart e for FreeBSD OS usr local etc rc d drwesd sh restart e for Linux OS and Solaris OS etc init d drwcesd restart 90 Ta J N ax Chapter 3 Components of an Anti Virus Network 91 and Their Interface o Stop e for FreeBSD OS usr local etc rc d drwcsd sh stop e For Linux OS and Solaris OS etc init d drwcesd stop Stop and restart via the Contro Center e In the Administration section use buttons to restart to stop is absent under Solaris OS For Windows OS General case e Using the corresponding command located in the Start Programs Dr Web Enterprise Server menu e Via the services management tools in the Administrative Tools section at the Control Panel of Windows OS
141. ages on their computers or flexibly limit their rights including absolute prohibition Dr Web ESS has a client server architecture Dr Web ESS components are installed on the computers of users and administrators and the computer s to function as the Enterprise Server s and exchange information through network protocols TCP IP IPX SPX NetBIOS An aggregate of computers on which Dr Web ESS cooperating components are installed is called an anti virus network A Q T A A A y v Chapter 1 Welcome to Dr Web Enterprise 16 Security Suite An anti virus network includes the following components Core components Dr Web Enterprise Server Enterprise Server stores distribution kits of anti virus packages for different OS of protected computers updates of virus databases anti virus packages and Enterprise Agents user keys and package settings of protected computers Enterprise Server sends necessary information to the correspondent computers on Agents requests and keeps a general log of events of the whole anti virus network Dr Web Control Center is automaticaly installed with Enterprise Server It is a certain extension of a web page and allows to administrate the anti virus network by means of editing the settings of Enterprise Server and protected computers stored on Enterprise Server and protected computers Dr Web Enterprise Agent Enterprise Agent is installed on protected computers It installs u
142. alidator component Agent Network Installers The interaction of the Enterprise Server with other Enterprise Servers is disabled For a multi server network configuration read p Peculiarities of a Network with Several Dr Web Enterprise Servers enable this protocol by setting the correspondent flag Location Tab On the Location tab you can specify additional information about the computer on which Enterprise Server is installed 228 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server 8 1 1 Traffic Encryption and Compression The Dr Web ESS anti virus allows encrypting the traffic between Enterprise Server and Enterprise Agents between Enterprise Server and the Network Installer s and between Enterprise Servers in multi server anti virus networks This mode is used to avoid leakage of user keys and other data during interaction The program uses reliable tools of encryption and digital signature based on the concept of pairs of public and private keys The encryption policy is set separately for each component of the Dr Web ESS anti virus Settings of other components should be compatible with the settings of the Server To set the encryption and compression policies for the workstations on the Dr Web Enterprise Server 1 Select the Administration item in the main menu 2 Click Dr Web Enterprise Server Configuration in the control menu 3 On the General tab select the necessary varian
143. alization of this scheme is available Most important is that the Server search method at the clients side must 137 Ta J N ax Chapter 4 Getting Started General Information be matched with the Server respond part The Multicast over UDP mode is used by default in the Dr Web Enterprise Security Suite 1 Server gets registered in the multicast group with 231 0 0 1 address 2 Agents send multicast queries to the 231 0 0 1 group address during Server search Server listens by default similarly to direct connections udp 231 0 0 1 2371 udp 231 0 0 1 2193 This parameter is set at the Servers settings Administration Dr Web Enterprise Server Configuration Transport tab Cluster address field Firewall Setup For anti virus network components communication all ports and interfaces which are used by this components must be opened on all computers in the anti virus network During Server installation the installer allows to add an exceptions to OS firewall settings except Windows 2000 OS To do this set the Add Server ports and interfaces to firewall exceptions flag If a non built in Windows firewall is in use the network administrator should set it up manually 138 Ta 2 Ws N Chapter 5 Anti Virus Network Administrators 139 Chapter 5 Anti Virus Network Administrators It is recommended to appoint a reliable qualified employer experienced in the administration
144. ally be installed The user decides whether the component is required e cannot means that installing the component is not alowed When a new workstation is created the component will not be installed with the anti virus package If the cannot option is specified for an existing workstation the component will be removed from the anti virus package Table 7 1 shows whether the component will be installed on the workstation according to the parameters specified by the user and the settings defined by the Server administrator Table 7 1 Install Do not install 178 Ta J N ax Chapter 7 Administration of Workstations 179 3 Click Save to save the settings and the set of anti virus package components on the workstation The VadeRetro Antispam component cannot be installed if at least one of the listed products is not installed SpIDer Mail Dr Web plug in for MS Outlook Dr Web for IBM Lotus Domino Dr Web for MS Exchange Server Dr Web for Qbik WinGate plug in 7 3 Editing Parameters of the Dr Web Enterprise Agent for Windows OS To view and edit the configuration of the Dr Web Enterprise Agent for the necessary station 1 Select the Network item in the main menu 2 Select the workstation or group in the hierarchical list click name of the station or group 3 Click the Dr Web Enterprise Agent for Windows item in the control menu panel on the left 4 A window for e
145. ally useful if such instruction is to be sent to numerous stations at once To interrupt all running components of a certain type 1 In the main menu select Network then in the hierarchical list select workstations or groups 2 In the toolbar click Managing components and select Interrupt running components This opens the scan type selection window 3 Set flags against the necessary types To terminate all types set the Gi Interrupt running components flag in the heading 4 Click Interrupt Ta J N ax Chapter 7 Administration of Workstations 190 7 5 3 Launching Scan on Station To launch a scan task 1 In the main menu of the Dr Web Contro Center select Network Click the name of a station or group in the hierarchical list In the toolbar click Q Scan If the group is selected the Scan item will be active only in case of non empty group with at least one online station In the opened list at the toolbar select one of the following scan modes a Dr Web Scanner for Windows Express scan In this mode the following objects will be scanned e main memory RAM boot sectors of all disks autorun objects root directory of the boot sector root directory of the Windows OS installation disk e system directory of the Windows OS My documents folder temporary directory of the system e temporary directory of the user In this mode Scanner uses default values oN
146. als on the SQL language H7 Utility of Generation of Key Pairs and Digital Signatures The names and location of encryption files in the Server installation directory etc drwesd pri private key Installer drwcesd pub public key Variants of the instruction format Ta J N ax Appendices 374 bin drwsign check public key lt public gt lt file gt check the file signature using lt public gt as a public key of a person who signed this file bin drwsign extract private key lt private gt lt public gt extracts the public key from the private key file of a complex format version 4 33 and higher bin drwsign genkey lt private gt lt public gt generation of the public private pair of keys and their record to correspondent files The utility version for Windows platforms in contrast to UNIX versions does not protect private keys from copying bin drwsign help lt instruction gt brief help on the program and on the command line format bin drwsign join432 public key lt public gt private key lt private gt lt new_private gt combines the public and private keys of the format for version 4 32 into a new format of the private key for version 4 33 bin drwsign sign private key lt private gt lt file gt sign the lt file gt file using this private key H8 Administration of the Dr Web Enterprise Server Version for UNIX OS with t
147. ameters of the Dr Web Network Installer section click Next On the Dr Web Enterprise Agent settings tab you can specify the following parameters In the Authorization section you can specify the parameters of authorization of the Agent at the Server If the Set authorization flag is cleared and the corresponding fields are not set the authorization parameters will be set automatically In the Encryption and Compression sections you can enable using encryption and compression of traffic between the Agent and the Server In the sequel you can change this options in the settings of the Enterprise Agent and in the station settings 70 Ta J N s Chapter 2 Installation and Removal of Dr Web 71 Enterprise Security Suite Components 21 After all necessary parameters have been specified click Install For launching the installation of the anti virus software the build in service is used 22 Enterprise Agent will be installed on the selected workstations After the workstation has been approved at the Server if it is required by Enterprise Server settings see also Establishing a Simple Anti Virus Network the anti virus components will be automatically installed 23 Restart the computer on Agent request In case an anti virus network is basically created and it is necessary to instal the Agent software on certain computers it is recommended to use installation via network 1 Select the Administrati
148. and Removal of Dr Web Enterprise Security Suite Components Remote instalation does not require extra configuration of the remote station if it is inside a domain and the domain account is used If the remote station is outside a domain or if the local account has been used during installation for some of Windows OS the extra configuration of the remote station is required Extra Configuration for Remote Installation to a Station outside a Domain or Using the Local Account Specified options can reduce remote station security It is A strongly recommended to examine functions of these options before editing the system settings or do not use remote installation and install the Agent manually To install the Agent to a remote workstation outside a domain or and using the local account do the following on the computer where you want to install the Agent e Windows Extra configuration is not required 2000 Windows Server 2000 Windows 1 Setup the mode of access to shared files Control XP Panel Folder Properties the View tab clear the Use Simple Sharing recommended flag 2 Set the following mode of network authentication model in the local policies Control Panel Administrative Tools Local Security Policy Security Settings Local Policies Security Options Network Access Sharing 65 7 ax A J AN Chapter 2 Installation and Removal of Dr Web 66 Enterprise Security
149. and any following digits as a decimal number If the number is less than 10 or if there have been at least that many previous capturing left parentheses in the expression the entire sequence is taken as a back reference Inside a character class or if the decimal number is greater than 9 and there have not been that many capturing subpatterns PCRE re reads up to three octal digits following the backslash and generates a single byte from the least significant 8 bits of the value 388 A N T A y v Appendices Any subsequent digits stand for themselves For example e 040 is another way of writing a space 40 isthe same provided there are fewer than 40 previous capturing subpatterns 7 is always a back reference 11 might be a back reference or another way of writing a tab 011 is always a tab 011 isa tab followed by the character 3 3 113 might be a back reference otherwise the character with octal code 113 377 might be a back reference otherwise the byte consisting entirely of 1 bits 81 is either a back reference or a binary zero followed by the two characters 8 and 1 Note that octal values of 100 or greater must not be introduced by a leading zero because no more than three octal digits are ever read All the sequences that define a single character value can be used both inside and outside character classes In addition inside a character class the sequence
150. aracters match any newline characters which immediately follow or precede them in the subject string as well as in the very beginning and end of a subject string This option can be changed within a pattern by a m option setting If there are no n characters in the subject string or or are not present in the pattern the PCRE_MULTILINE option has no effect Option u is equivalent to PCRE_UNGREEDY 384 Aq P AN A v Appendices 385 This option inverts the greediness of the quantifiers so that they are not greedy by default but become greedy if followed by 2 The same result can also be achieved by the U option in the pattern T Option d is equivalent to PCRE_DOTALL If this option is set a dot metacharacter in the pattern matches all characters including newlines Without it newlines are excluded This option can be changed within a pattern by a s option setting A negative class such as a always matches newline characters regardless of the settings of this option e Option e is equivalent to PCRE_DOLLAR_ENDONLY If this option is set a dolar metacharacter in the pattern matches only at the end of the subject string Without this option a dollar also matches immediately before a newline at the end of the string but not before any other newline characters The PCRE_DOLLAR_ENDONLY option is ignored if PCRE_ MULTILINE is set K2 Pec
151. arameter values message type the full list of message types is in the var templates folder Disable Protocol lt protocol gt Disable using of one of the Server protocols possible values are AGENT SERVER INSTALL The SERVER protocol is disabled by default Read more in p Setting the Dr Web Enterprise Server Configuration wy Disabling unnecessary protocols saves system resources Disable Plugin lt module gt Disable the use of plug ins for the Server Legitimate value WEBMIN For details see Setting the Dr Web Enterprise Server Configuration ShowHostNames lt value gt Enable computer domain names in the log instead of the TCP address Possible values Yes or No ReplaceNetBIOSNames lt value gt Enable replacing computer NetBIOS names with the DNS name Possible values Yes or No The Organization Department Country Province City Street Floor Room Latitude and Longitude parameters define additional information about the location of the workstation TrackAgentJobs lt value gt Enable writing the results of task completion for workstations Ta N ax Appendices to the DB Possible values Yes or No TrackAgentStatus lt value gt Enable accounting of the workstation status changes and writing information to the DB Possible values Yes or No TrackVirusBases lt value gt Enable accounting of the workstation virus database status composition changes and writing
152. are A connected to the Server If the hardware configuration of the computer with Enterprise Server and the load level of other executing tasks are permissible up to 1000 stations can be connected Otherwise you must use an external DB If you use an external DB and more than 10 000 stations are connected to the Server it is recommended to perform the following minimal requirements 3 GHz processor CPU RAM at least 4 Gb for Enterprise Server and at least 8 Gb for the DB server UNIX system based OS The following information is collected and stored in the general log file versions of the anti virus packages on protected computers time and date of the software installation and update on workstations versions and dates of virus databases updates e OS versions of protected computers processor type OS system catalogs location etc configuration and settings of anti virus packages e data on virus events including names of detected viruses detection dates actions results of curing etc Enterprise Server notifies the administrator on virus events 89 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface occurring on protected computers by e mail or through the Windows OS standard broadcast notification system You can set the alerts as described in p Setting Alerts Interface Enterprise Server as it is has no interface Basic instructions necessary to man
153. assignment the Agent has been deleted from the station but for the Active directory service the Agent is still installed b If the rights for deleting the Agent are prohibited for this station assignment policies will not take any affect to the anti virus software state at the station For further actions permit the rights for the Agent deletion see the Setting Users Permissions section and assign the Active Directory policies for this station repeatedly Further actions are similar to the a step To assign the Active Directory policies repeatedly you can use any convenient way 2 5 Installation of NAP Validator Dr Web NAP Validator checks health of anti virus software on protected workstations It is installed on the computer where a configured NAP server resides To install NAP Validator 1 Run the installation file In the dialog window select the language to use during install Select English and click Next 2 On the Welcome page of the InstallShield Wizard click Next 3 On the License Agreement page read the agreement To accept the agreement and proceed with the installation select I accept the terms of the license agreement and click Next To exit the wizard click Cancel 4 On the next page specify Enterprise Server IP Address and Port and click Next 5 Click Install The installation begins 6 When installation completes click Finish 78 Ta J N s Chapter 2 Installation and Removal of
154. assword the standard Dr Web Control Center authorization window will be given wy After clicking Logout in the header of the Control Center information about administrator s login and password is deleted At next logon in the Control Center it is necessary to repeat standard authorization procedure with specifying login and password If automatic authorization is enabled specified login and password are saved for the current web browser and authorization in Control Center become automatic without login and password confirmation till next Logout clicking 3 3 4 Neighborhood Select the Neighborhood item in the main menu of Dr Web Contro Center The control menu in the left part of the window is used to select viewing information Administration Administration section of the control menu contains the Neighborhood item that serves to manage connections between Servers in a multi server anti virus network for more details see Peculiarities of a Network with Several Dr Web Enterprise Servers The hierarchical list represents all of the Enterprise Server connected to this Server Setting of new interserver connections is described in Setting Connections between Several Dr Web Enterprise Servers 113 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface Tables The Tables section of the control menu contains information about the operation of the antivirus network received from othe
155. ated Workstations Management Grouping is designed to make the administration of anti virus workstations easier Grouping of anti virus stations allows to perform Group operations over all stations included to these groups As for separate group so and for several selected groups you can launch view and stop scan tasks on stations included to this group In the same way you can view statistics including infections viruses start stop scan and installation errors and etc and summary statistic for all workstations of the group or several groups Settings the single parameters for stations via the group to which these stations are included see p Using Groups to Configure Stations Order structure the list of workstations It is possible to create nested groups 6 1 System and User Groups System Groups At the installation of the program so called preinstalled system groups are created Dr Web ESS has an initial set of system groups These groups are created during the installation of Enterprise Server and may not be deleted Still the administrator may disable their display if necessary Ta J N ax Chapter 6 Groups Integrated Workstations Management Each system group except Everyone contains a set of feature packed subgroups Everyone group Group containing all stations known to Enterprise Server The Everyone group has default settings Status Status group contains subgroups refl
156. ater versions updates are not supplied regardless of repository settings for the Server software To upgrade the Server use the installer of corresponding version and make the upgrade procedure according to general rules described in Upgrading Dr Web ESS for Windows OS or Upgrading Dr Web ESS for UNIX System Based Systems b between different Enterprise Servers in a multi server configuration according to a specified synchronization policy c from Enterprise Server to workstations The repository allows to set up the following parameters the list of product update sites in a operations e restrictions to the number of products requiring synchronization of a type thus a user is enabled to track only necessary changes of certain files or categories of files restrictions to product components requiring synchronization of c type a user can choose what should be installed on the workstation control of switching to new revisions independent testing of products before installation is possible adding one s own components to products independent creation of new products which will be synchronized too The Server repository deals with the following products Enterprise Server Enterprise Agent the Agent software and the Scheduler the anti virus package for workstations the Dr Web Control Center virus databases 240 A Q T A A A y v Chapter 8 Configuring
157. ating more than one account ID Name and Password Retype password fields are set automatically and can not be changed at the station creation stage In the Description field specify additional information about the customer This parameter is optional In the Groups section specify groups in which the created station will be included By default station is included in the Everyone group If custom groups are available you can include the station in those groups To do this click the group name in the Known groups list To exclude a station from customer groups click the group name in the Member of list To set a primary group for the creating station click the icon of the corresponding group from the Member of list The 1 will appear on the group icon You cannot exclude stations from the Everyone and a primary groups Specify parameters of the Security section if necessary Parameters of this section are described in the p Management of Stations Configuration 10 Specify parameters of the Location section if necessary Ta J N ax Chapter 2 Installation and Removal of Dr Web 56 Enterprise Security Suite Components 11 Click Save in the upper right corner The opened pane contains information about successful creation of a station its ID and the link to download the Agent distribution kit Link for the Agent installation package downloading is also available in station properties after
158. ations Click the Scan button to launch network scanning The catalog hierarchical list of computers demonstrating where the Dr Web ESS anti virus software is installed will be loaded into this window Unfold the catalog elements corresponding to workgroups domains All elements of the catalog corresponding to workgroups and individual stations are marked with different icons the meaning of which is given below Table 3 3 Icons of the Network scanner as EFA Workgroups The work groups containing inter alia computers on which the Dr Web ESS anti virus software can be installed Other groups containing protected or unavailable by network computers Workstations The detected station is registered in the DB and active i e the workstation with installed anti virus software The detected station is registered in the DB as deleted i e the workstation is listed in the table of deleted stations The detected station is not registered in the DB i e there is no anti virus software on the station The detected station is not registered in the DB the station is connected to another Server The detected station is registered in the DB bus it is not active and the port is closed Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface You can also unfold catalog items corresponding to computers with the or icon and check which program components are installed t
159. ations and groups with personal settings are presented Set flags for objects for those you want to set the inheritance of parental group settings For other objects with cleared flags personal settings for installed components lists specified before key changing will remain the same Changing of Installed Components List Replacing or Adding the New Licence Key If installed components lists in the new key and in the old key are differ settings for installed components lists of the object can be changed or remain the same see Change the Agent License Key 125 Chapter 3 Components of an Anti Virus Network 126 and Their Interface Comparing list of installed components of the object key with the list in the new key Set the personal settings for installed components list Save new settings for installed components list Setting the agent key Procedure for replacing or adding the new Agent licence key When specifying new settings 1 If the new key contains components which are not presented in the old key for those components the may value will be set in the Installed components list see Management of Stations Configuration In the sequel user will be able to install those components to stations which are licensed with the new key 2 If the new key does not contain components which had been included into the old key for those components the cannot value will be set in the Installed comp
160. ative rights Disable access to network disables the Network access option in the Agent context menu Disable the system protection disables the System protection submenu of the Agent context menu Disable self protection disables activity of the the Self protection option in the Agent context menu Uninstall Dr Web Agent disables uninstalling of the Agent at the station either via the instaler or via standard Windows OS services see the Uninstalling the ESS Software for Windows OS section In this case Agent can be uninstalled only via the General ix Uninstall Dr Web Agent option on the toolbar of the Dr Web Control Center To change enable or disable any permission set or clear the correspondent flag 175 Ta J N ax Chapter 7 Administration of Workstations 176 After disabling an option that changes Agent settings the value which has been set at the last time before disabling will be used Actions for the corresponding menu options are described at the Dr Web Agent User manual documentation 4 To accept the changes in permissions click OK to reject the changes click Cancel 5 To cancel edited permissions and to restore the default ones inherited from the preinstalled groups click amp Remove these settings 6 To use the same settings for another object click Propagate these settings to another object 7 To export settings to a file click E Export settings 8 To i
161. b is interpreted as the backspace character hex 08 and the sequence X is interpreted as the character X Outside a character class these sequences have different meanings Generic character types The third use of backslash is for specifying generic character types The following are always recognized d_ any decimal digit D any character that is not a decimal digit 389 Ta AN ax Appendices e s any whitespace character S any character that is not a whitespace character w any word character e W any non word character Each pair of escape sequences partitions the complete set of characters into two disjoint sets Any given character matches one and only one of each pair These character type sequences can appear both inside and outside character classes They each match one character of the appropriate type If the current matching point is at the end of the subject string all of them fail since there is no character to match s does not match the VT character code 11 This makes it different from the POSIX space class The s characters are HT 9 LF 10 FF 12 CR 13 and space 32 Simple assertions The fourth use of backslash is for certain simple assertions An assertion specifies a condition that has to be met at a particular point in a match without consuming any characters from the subject string The use of subpatterns for more complicated assertions is described bel
162. been instaled on a workstation via the installation package it will try to establish a connection with the Server 133 Ta J N ax Chapter 4 Getting Started General Information With default Server settings new workstations should be approved by an administrator to be registered at the Server for more about the policy of connecting new workstations please refer to p New Stations Approva Policy In this mode new workstations are not connected automatically but placed by the Server into the list of Unapproved stations To connect a new workstation to the Dr Web Enterprise Server 1 Select the Administration menu of the Dr Web Control Center 2 At the opened window select Unapproved stations in the control menu 3 A lit of detected but not approved workstations with installed Agent will be opened 4 Select the station in the list set a flag and on the toolbar select Approve and set primary group to approve the access for this workstation and specify the primary group for the station Read more about primary groups in p Inheriting Stations Configuration from Groups Primary Groups 5 The workstation will be connected to the Server and the anti virus network layout will be changed respectively The workstation will be placed to predefined groups of workstations Everyone and Online and to other relevant groups according to the OS family and version installed on the anti virus station Anti Virus S
163. ble up to the maximum number of permitted times without causing the rest of the pattern to fail The classic example of where this gives problems is in trying to match comments in C 397 Ta J N ax Appendices programs These appear between and and within the comment individual and characters may appear An attempt to match C comments by applying the pattern Psr to the string first comment not comment second comment fails because it matches the entire string owing to the greediness of the item However if a quantifier is followed by a question mark it ceases to be greedy and instead matches the minimum number of times possible so the pattern E NEE IN EY does the right thing with the C comments The meaning of the various quantifiers is not otherwise changed just the preferred number of matches Do not confuse this use of question mark with its use as a quantifier in its own right Because it has two uses it can sometimes appear doubled as in d d which matches one digit by preference but can match two if that is the only way the rest of the pattern matches T If the PCRE_UNGREEDY option is set the quantifiers are not greedy by default but individual ones can be made greedy by folowing them with a question mark In other words it inverts the default behaviour When a parenthesized subpattern is quantified with a minimum repeat count that is greater than 1 or
164. blic key field specify the path to the public key drwcsd pub on your computer if launching the installer from the Server via network the key will be copied to the temporary files and after the installation it will be moved to the installation folder Inthe Installation directory field specify the path to the anti virus software installation By default it is the Dr Web Enterprise Suite folder located at the Program files at the system disk e At the Use compression during download section select the traffic compression option Yes use compression No Default do not use compression Possible Server choice The Add Dr Web Agent to windows firewall exclusion list flag prescribes to add the ports and interfaces of the Agent for an exception for your operating system firewall except the Windows 2000 OS It is recommended to set the flag It will help to avoid errors e g during the automatic updates of the anti virus software and virus bases Set the Register Agent in system list of installed software flag if necessary 6 For the Administrative type of the installation in the next window specify the settings of the Agent 63 Ta J N ax Chapter 2 Installation and Removal of Dr Web 64 Enterprise Security Suite Components e In the Authorization section set parameters for Agent authorization at Server For the Automatic Default option authorization parameters ID and password are gene
165. bs for upgrading all components to upgrading virus bases only 2 Create a new job for upgrading all components at the suitable time when it will not be critical for LAN servers functionality How to create and edit jobs in the Server schedule described in the Setting the Dr Web Enterprise Server Schedule section Mail and Dr Web Firewall components on servers those implement significant network functions domain controllers licence distribution servers and etc to avoid probable conflicts between network services and internal components of Dr Web antivirus It is not recommended to install SpIDer Gate SpIDer 441 Ta 2 N ax Frequently Asked Questions 442 Using DFS During Installation of the Agent via the Active Directory During installation of the Enterprise Agent via the Active Directory service you can use Distributed File System DFS It can be useful for example for several domain controllers in LAN For installation in the LAN with several domain controllers 1 Create directory with the same name on each domain controller 2 Via the DFS unite created directories to one root destination directory 3 Perform the administrative installation of the msi package to the created destination directory 4 Use this destination directory during package assignment in the group policy object editor Use the network address as lt domain gt lt folder gt where lt domain gt the doma
166. cation methods via LDAP and Active Directory are disabled by defaut To swap LDAP and Active Directory authorization usage 1 Select Administration in the main menu of the Control Center 2 Select Authorization in the control menu 3 In the opened window list of authorizations types is represented in the order of use To change this order click the arrow on the left of authorization type name Items Microsoft Active Directory and LDAP authorization will be swapped Authentication of Administrators from the Server DB Authentication method with storing administrator account information in the Server DB is used by default To manage administrators list 1 Select Administration in the main menu of the Control Center 2 Select Administrative accounts in the control menu The list of all administrators registered in the DB will be opened See the Management of Administrative Accounts section for details Active Directory Authentication To enable Active Directory authentication 1 Select Administration in the main menu of the Control Center 2 Select Authorization in the control menu 140 Ta J N ax Chapter 5 Anti Virus Network Administrators 3 Inthe opened window select Microsoft Active Directory section 4 Set the Use Microsoft Active Directory authorization flag 5 Click Save For Active Directory authentication only enabling of using this authentication method is configured in Contro
167. ce enterprise key in the etc subfolder of the installation folder of the Server 2 Restart the Server using standard Windows OS tools or the corresponding command from the Start menu you can also use the Dr Web Control Center 3 Import the new Agent key for the Everyone group To do this in the catalog of the anti virus network select the Everyone group and click W General D Import key in the toolbar 4 In the next window select the new key file for workstations agent key and click OK Different ID1 Parameter To install new key files in Dr Web ESS 1 Disable the protocols of the Agent and Network Installer To do this select the Administration item in the main menu and click Configure Dr Web Enterprise Server in the control menu go to the Modules tab and clear the Protocol Dr Web Enterprise Agent and the Protocol Dr Web Network Installer flags Click Save A request to restart the Server will be opened Click Yes 2 Export the Enterprise Server timetable To do this select 278 Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components the Administration item in the main menu and click Dr Web Enterprise server schedule in the control menu Click Export shown settings to file in the toolbar To free space in the database remove the Enterprise Server schedule To do this select the Administration item in the main menu and click Dr Web Enterprise
168. cified resources You can specify paths to resources which you wish to block in the Block access to files field To add a new path click the button If no path to a restricted file is specified the default path is w used Ssystem32 For the user such files are displayed with the c windows system32 prefix in the Office Control settings 3 On the Access tab set the WWW filter flag to configure access to Internet domains Set the Block all sites flag to completely block access to the Internet List the domains you want to block allow in the respective fields To create a new entry click the ca button and specify the necessary value In the bottom of the window set the flags against the content categories you want to block This flags activate build in filters which block Web sites from the predefined black lists 4 Click Save when you finish adjusting the settings New settings will take effect after confirming the new configuration of a workstation Dr Web Office Control does not allow you to restrict access to the following critical system folders including their parental folders SSYSTEMROOTS SUSERPROFILE S SPROGRAMFILES Note that you can resctrict access to specific subfolders of these folders Dr Web Office Control cannot restrict access to network resources You can allow users to change Parental Control settings see Ta J N ax Chapter 7 Administration o
169. cious objects SG Cured number of cured objects SG Deleted number of deleted objects MSG Renamed number of renamed objects MSG Moved number of moved objects SG Speed processing speed in KB s gt Too_Many_Stations MSG ID station UUID is sent when a new station cannot log in on the Server due to the license limitations Unknown _Administrator MSG Login login MSG Address network Dr Web Control Center address Unknown_Station MSG ID UUID of unknown station MSG Rejected values rejected access for a station is denied newbie there was an attempt to assign the newbie status to a station Update _ Failed MSG Product updated product MSG ServerTime local time of receipt of a message by the Server Update Wants_ Reboot Ta J N ax Appendices 316 MSG Product updated product MSG ServerTime local time of receipt of a message by the Server Message variables according to messages for Server updating subsystem Srv_Repository Cannot flush no variables are available Srv_Repository Frozen no variables are available Srv_Repository Load failure MSG Reason message on the cause of the error Srv_Repository Update MSG AdddedCount number of added files MSG ReplacedCount number of replaced files MSG DeletedCount
170. ck Refresh To view the data for certain time period specify the certain time period relatively today in the drop down list or select the arbitrary date range on the toolbar To select the arbitrary date range enter required dates or click the calendar icons next to the date fields To load data click 209 A N T A A A yy vV Chapter 7 Administration of Workstations 210 Refresh fe 4 To save the report for printing or future processing click EE Save shown data in CSV format EE Save shown data in HTML format or Al Save shown data in XML format 7 6 4 Quarantine To manage the Quarantine from the Server stations A with Quarantine module must be operated by OS on which the installation of SpIDer Guard G3 is available see p System Requirements Otherwise remote control is impossible Quarantine also will not be able to manage files from the Infected folder and information on Quarantine contents will not be sent to the Server You can edit the Quarantine via the Dr Web Control Center To view and manage Quarantine files do the following 1 Select the Network item in the main menu then click the name of the station or group in the hierarchical list and select Quarantine in the control menu panel on the left 2 A new window with table that contains Quarantine current state opens If you selected one workstation a table in the window displays objects in Quarantine at this stati
171. ckslash or appear in a position where it cannot be interpreted as indicating a range typically as the first or last character in the class 392 Ta J N ax Appendices It is not possible to have the literal character as the end character of a range A pattern such as W 46 is interpreted as a class of two characters W and followed by a literal string 46 so it would match W46 or 46 However if the is escaped with a backslash it is interpreted as the end of range so W 46 is interpreted as a class containing a range followed by two other characters The octal or hexadecimal representation of J can also be used to end a range The character types d D p P s S w and W may also appear in a character class and add the characters that they match to the class The only metacharacters that are recognized in character classes are backslash hyphen only where it can be interpreted as specifying a range circumflex only at the start opening square bracket only when it can be interpreted as introducing a POSIX class name see the next section and the terminating closing square bracket However escaping other non alphanumeric characters does no harm POSIX character classes PCRE supports the POSIX notation for character classes For example 01 alpha 3 matches 0 1 any alphabetic character or S The supported class names are alnum letters and digits
172. comment gt lt parameter gt lt single gt lt block gt lt single gt lt name gt lt value gt lt group gt lt name gt lt value gt lt block gt lt prefix gt lt name gt lt single gt lt group gt lt access gt lt auth gt lt prefix gt Static Handler Scripts Mixed lt access gt Access Hoecurs Ae Priority lt priority gt Allow lt value gt Deny lt value gt rye Lleni se Cruse ae Priority lt priority gt Allow lt value gt Deny lt value gt rye nyt lt priority gt deny allow Ta J N ax Appendices lt auth gt Authorization lt single gt lt group gt lt name gt lt word gt lt value gt lt word gt lt separator gt lt word gt a zA Z 0 9 lt sign gt lt separator gt s t r n f lt sign gt uxt Usa Ue f Umit rest cae eee es The configuration file has a text format The main units in the file are words with separators spaces s tabs t carriage shunting r line end n format change f Comments begin with a semicolon and continue to the end of the line Settings of the Server are specified in the configuration file via instructions each consisting of a parameter which includes the parameter name one word and its value s
173. connection and can not be changed child Server receives updates from main Server e child Server send information about events to main Server Click Save 251 Nga PAN ee O Fa Chapter 8 Configuring the Dr Web Enterprise 252 h d Server New neighbor Save General Type Parent Child O Peer Name AUXILIARY Password CLLLLLILI Key DAES drwesd pub Address Administrative console URL Connection options Updates Receive Send Events Receive v Send Figure 8 4 As a result the Child Server AUXI LI ARY will be included to the Children and Offline folders see Figure 8 5 Ale be Go ets ate IE Dr Web Enterprise Server Children 13 E AUXILIARY Mp Offline 1 i AUXILIARY Online 0 Parents 0 D Peers 0 Figure 8 5 8 Wait until the connection between the Servers has been established usually it takes not more than a minute Click F5 from time to time to check this After the Servers have been connected the Child Server AUXILIARY will move from the Offline folder to the Online folder see Figure 8 6 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise 253 Server biy a Be i Dr Web Enterprise Server Children 1 H AUXILIARY m Offline 0 Online 1 fg AUXILIARY iy Parents 0 gy Peers 0 Figure 8 6 9 Connect the Dr Web Control Center to the Child Server AUXILIARY to make sure that the Parent Server MAIN is connected to the Child Server
174. corresponding section 3 To delete a field click Ami Network address specifies in format lt P address gt lt prefix gt ee Prefix it is a byte number which denotes the range of IP addresses in a certain IP network subnetwork Examples 1 Prefix 24 stands for a network with a network mask 255 255 255 0 Containing 254 addresses Host addresses look like 195 136 12 2 Prefix 8 stands for a network with a network mask 255 0 0 0 172 A Q T A A y v Chapter 7 Administration of Workstations Containing up to 16387064 addresses 256 256 256 Host addresses look like 125 Besides you can delete addresses from the list and edit the addresses included into the list Restrictions for IPX addresses can be set similarly The addresses not included into any of the lists are alowed or denied depending on whether the Deny priority flag is set If the flag is set the addresses not included into any of the lists or included into both of them are denied otherwise such addresses are alowed Location In the Location section you can set information on geographical location of the workstation permissions and settings for them Setting main parameters of stations through groups will allow you to save time on handling the settings of each individual group w You can create different groups of users subject to optimal Removing Personal Settings To remove personal settings of a
175. cture of the Enterprise Server DB via the init sql script located in the etc subfolder of the Enterprise Server installation folder As a database for Enterprise Server you can use the following variants internal DBMS IntDB external DBMS Internal DBMS When setting access to DBMS for storage and processing of data use the parameters described below for internal DBMS Table B 1 Built in DBMS IntDB parameters DBFILE dink mrermall Path to the database file dbs CACHESIZE 2000 Database cache size in pages SYNCHRONOUS FULL Mode of synchronous logging of changes in the database to the disk e FULL fully synchronous logging to the disk e NORMAL synchronous logging of critical data e OFF asynchronous logging A AN T V A A Y Appendices 295 External DBMS The following database management systems may be used to arrange the external database for Enterprise Server Oracle The settings are given in Appendix B2 Setting Up the Database Driver for Oracle e Microsoft SQL Server Compact Edition SQL CE The settings are given in Appendix B3 Setting Up the Database Driver for SQL CE PostgreSQL The settings necessary for PostgreSQL are given in Appendix B4 Using the PostgreSQL DBMS e Microsoft SQL Server To access this DBMS an ODBC driver may be used setting up the parameters of the ODBC driver for Windows is given in Appendix B1 Setting Up the ODBC Driver With
176. curity Suite Components All parameters set during the installation can be changed later by an anti virus network administrator If the Server software is already installed on your computer see the Upgrading Dr Web ESS for Windows OS or Upgrading Dr Web_ ESS for UNIX _System Based Systems sections correspondingly Together with Enterprise Server the Dr Web Control Center is installed which serves to manage the anti virus network and set up the Server If the previously installed Server was removed before A installing the Server software contents of the repository will be deleted during installation and the new version will be installed If the repository of the previous version by some reason was not removed it is necessary to manually delete the contents of the repository before installing the new version of the Server and then renew the repository after installation The language for the Server installation folder name must match to the language specified in language settings of Windows OS for the non Unicode programs In opposite case the Server will not be installed The english language is an exception for the installation folder name By default Enterprise Server will run automatically after the installation for UNIX system based OS you can change this option in installer settings 2 2 1 Installation of the Dr Web Enterprise Server for Windows OS Below is described the installation of Enterprise Serv
177. cuted e The Critical job flag instructs to perform the job at next Enterprise Agent launch if execution of this job is omitted Enterprise Agent is switched off at the due time If a task is omitted several times within a certain period of time then it will be performed only once after Enterprise Agent has been launched 3 On the Action tab in the Action drop down list select the If several scan tasks via the same Scanner Dr Web Scanner for Windows or Dr Web Enterprise Scanner must be implemented during station startup only one task will be executed the first one in the queue For example if Startup scan is enabled and critical scan via the Enterprise Scanner is omitted only Startup scan will be executed during station startup and omitted critical task will not be done type of the task After the selection is made the bottom part of the window will look differently depending on the selected action 185 Ta J N ys Chapter 7 Administration of Workstations If you want a certain program to be launched select Run Then type the full name with the path of the executable file to be launched in the Path entry field and type command line parameters for the program to be run in the Arguments field If you want the Scanner to be run select Dr Web Scanner for Windows or Dr Web Enterprise Scanner for Windows and specify the Scanner settings described in the p Launching and Terminating Anti Virus
178. d If automatic authorization is enabled specified login and password are saved for the current web browser and authorization in Control Center become automatic without login and password confirmation till next Logout clicking The working area is used to perform all the main functions of the Dr Web Control Center It consists of two or three panels depending on the actions which are being performed Items in the panels are nested from left to right 98 Ta J N ys Chapter 3 Components of an Anti Virus Network 99 and Their Interface the control menu is always located in the left part of the working area depending on the selected item one or two additional panels are displayed In the latter case the rightmost panel contains the settings of elements from the central panel The interface language must be set individually for each administrator account see p Managing Administrator Accounts Main menu The main menu consists of the following items Administration Network Preferences e Neighborhood e Help Search panel 36 Dr WEB Control Center Main mar Administration network preferences igineighborhood Oren ATS Y Administration CEI ZJ admin administrator account Ba Dr Web Enterprise Server Toolbar 2 Administrator accounts in i Li iE Administrators with Full rights oon aden License manager admin Read only Encryption keys Administrators with read
179. d by the end of comment marker Example 123 456 COMM from here there is a comment COMM here it is already ended To include a character into a word a prefix apostrophe is used it is a special separating character for the given word in other words this character will be regarded as separator ending this word Example xy123 this is one word this is another word semicolon number sign it must be separated by special separator characters as described above w If a word begins with one of the characters apostrophe Ta J N ax Appendices 327 The config file consists of comments and instructions The sequence of instructions is inessential The format of instructions of configuration files is case sensitive The repository is case sensitive regardless of the file system and the OS of the Server The meaning of instructions is explained in Appendix F2 The Meaning of config File Instructions F2 The Meaning of config File Instructions The Description Instruction The description instruction sets a product name which is displayed in the Dr Web Control Center If this instruction is unavailable the name of the respective folder of the product is used as the product name Example description Dr Web Enterprise Agent The sync with Instruction The sync with instruction sets the list of HTTP servers and HTTP proxy servers for updating The name parameter sets
180. d ensures health of anti virus software on workstations Pa x eo p Dr Web Enterprise E u NAP Server Dr Web Server a NAP Validator Protected computer LAN Internet compliant Protected computer noncompliant Figure 10 2 Diagram of the anti virus network when NAP is used Workstation Validation Procedure 1 Validation is activated when you configure the corresponding settings of the Agent For more information see Editing the Parameters of the Dr Web Enterprise Agent 2 The SHA connect to the Dr Web NAP Validator installed on the NAP server 3 The Dr Web NAP Validator determines compliance of workstations against the health requirement policies as described below To determine health compliance NAP Validator checks workstation anti virus state against the corresponding health requirement policies and then classifies Ta J N ys Chapter 10 Configuring the Additional Components the workstation in one of the following ways Workstations which meet the health policy requirements are classified as compliant and allowed unlimited access and communication on the network e Workstations which do not meet at least one requirement of the health policy are classified as noncompliant and have their access limited to Enterprise Server only The Server allows noncompliant workstations to update the system with the necessary anti virus settings After update the workstations are validated agai
181. dating for the workstation for which this group is primary see p Update Restrictions installing components list for workstations for which this group is primary Setting the components list of group is 156 Ta J N ax Chapter 6 Groups Integrated Workstations 157 Management similar to setting the components list of separate stations see p Anti Virus Package Composition A You cannot edit installing components for user groups Settings of the anti virus components Dr Web Scanner for Windows SpIDer Guard for Windows SpIDer Mail for Windows Workstations etc Click the button against the correspond item to change its settings Setting the anti virus package components of group is similar to setting the anti virus package components of separate workstations see also Management of Stations Configuration 6 3 Adding a Station to a Group Removing a Station from a Group There are several ways how to add a workstation to a user group 1 Change tha station settings 2 Grag n drop a station in the hierarchical list To edit the list of groups containing the station via the Station settings 1 In the main menu select Network then click the name of a workstation in the hierarchical list 2 Open the station settings by one of the following ways In the control menu left pane select Properties Click the General L Edit in the toolbar 3 Inthe Station Properties pane select
182. diting the Agent settings will be opened example changes of the encryption and compression modes will result in disconnection of the Agent from the Server Any changes incompatible with the Server settings for If any changes in the Agent settings are made via the Dr Web Control Center click Save button to accept changes in settings Ta 2 N ax Chapter 7 Administration of Workstations 180 General Tab On the General tab you can set genaral parameters of the Agent which were not included in other tabs In the Server public key field specify the path to the public encryption key of Enterprise Server on the user s computer In the Local Dr Web key file field specify the path to the local key file of the Dr Web product if you want to store the license key file at the station either Otherwise the key file is stored at the Server only In the Statistics collection period minutes field set the value of the time interval in minutes for the Agent to send all statistics data collected at the station Specify the language for the Agent interface in the Language drop down list e Set the Microsoft Network Access Protection flag to enable the support of Microsoft Network Access Protection NAT for more details see p NAP Validator Set the Synchronize time flag to enable system time synchronization on the Agent machine with the time on the machine with Enterprise Server e The Protect the
183. dow with information that the Proxy server is ready to install will be opened Click Install 6 Once the installation is complete click Finish After installation you can change operation parameters of the Proxy server For this you can use the drwcsd proxy xml configuration file which is located in the Proxy server installation 80 Ta J N Chapter 2 Installation and Removal of Dr Web 81 Enterprise Security Suite Components ax folder Parameters of the configuration file are given in Appendix G2 Package based installation of the Proxy Server on a UNIX system based OS Use the following command for FreeBSD OS pkg_add lt distribution_file_name tbz gt for Solaris OS bzip2 d lt distribution_file_name bz2 gt and then pkgadd d lt distribution_file_name gt for Linux OS for Debian OS and Ubuntu OS dpkg i lt distribution_file_name deb gt for rpm distribution kits rpm i lt distribution_file_name rpm gt Also there are so called generic packages which can be installed on any Linux based system including those which are not on the list of supported systems They are installed by means of the installer included in the package tar xjf lt distribution_file_name tar bz2 gt After that you need to move all unpacked folders into the root directory In the course of the installation for FreeBSD OS an rc script usr local etc rc d 0 dwcp proxy sh will be created e To manually stop the P
184. dows Messenger service For messages in a Windows OS network specify the list of names of computers to receive messages In the Allowed messages section set flags against the events on which notifications should be sent To add a new field click the all button and enter the computer name to delete a field click I Message Templates The text of messages is determined by message templates Message templates are stored in the var templates subfolder of the Server installation folder If necessary you can edit the template to change the text of a message 234 Ta J N Chapter 8 Configuring the Dr Web Enterprise 235 Server ax When a message is being generated the program replaces the variables in the template written in braces with a certain text which depends upon the current parameters of the anti virus network components Available variables are listed in Appendix D The Parameters of the Notification Templates It is strongly recommended to use the Dr Web Control Center templates editor for editing the templates To do this 1 Select the Administration item in the main menu and click Edit templates in the control menu 2 A window for editing templates will be opened To edit any template select it in the list in the left part of the window In the Subject entry field you can edit the subject of the message In the Headers entry field additional headers of the e mail message are specified
185. drwcsd pub update db contains scripts necessary to update the structure of Server databases var contains the following subfolders e backup is meant for storing the backups of DBs and other critical data e extensions _ stores user scripts meant to automate the performance of certain tasks all scripts are disabled by default 42 Ta J N ax Chapter 2 Installation and Removal of Dr Web 43 Enterprise Security Suite Components e repository it is a so called the updates folder here updates of the virus databases files of the anti virus packages and files of the program components can be found It contains subfolders for the program components software which include subfolders for their versions depending on the OS The folder should be accessible for writing to the LocalSystem user under Windows OS or the drwcs user under UNIX OS under which the Server is launched e templates contains a set of reports templates e webmin contains administrator s Dr Web Control Center documents icons modules The content of the updates catalog var repository is automatically downloaded from the updates server through HTTP protocol according to the Server schedule or the anti virus network administrator can manually place the updates to the catalog Ta J i ax Chapter 2 Installation and Removal of Dr Web 44 Enterprise Security Suite Components 2 2 2 Installation of the
186. ds log statistics to a file CPU time memory usage etc drwcsd status show the current status of the Server running stopped Ta J N ax Appendices H5 8 The Description of Switches Crossplatform Switches activation key lt license_key gt Server license key By default it is the enterprise key file located in the etc subfolder of the root folder bin root lt folder_for_executables gt the path to executable files By default it is the bin subfolder of the root folder conf lt configuration_file gt name and location of the Server configuration file By default it is the drwcsd conf file in the etc subfolder of the root folder daemon for Windows platforms it means to launch as a service for UNIX platforms daemonization of the process to go to the root folder disconnect from the terminal and operate in the background db verify on check database integrity at Server start This is the default value It is not recommended to run with an explicit opposite value except if run immediately after the database is checked by the drwcsd verifydb instruction see above help displays help Similar to the programs described above hooks to permit the Server to perform user extension scripts located in the e for Windows OS var extensions e for FreeBSD OS and Solaris OS var drwcs extensions e for Linux OS var opt drwces extensions subcatalog
187. e an empty string must always fail Lookbehind assertions Lookbehind assertions start with lt for positive assertions and lt for negative assertions For example 403 Ta J N ax Appendices lt foo bar does find an occurrence of bar that is not preceded by foo The contents of a lookbehind assertion are restricted such that all the strings it matches must have a fixed length However if there are several alternatives they do not all have to have the same fixed length Thus lt bullock donkey is permitted but lt dogs cats causes an error Branches that match different length strings are permitted only at the top level of a lookbehind assertion An assertion such as lt ab c de is not permitted because its single top level branch can match two different lengths but it is acceptable if rewritten to use two top level branches lt abc abde The implementation of lookbehind assertions is for each alternative to temporarily move the current position back by the fixed width and then try to match If there are insufficient characters before the current position the match is deemed to fail PCRE does not allow the C escape to appear in lookbehind assertions because it makes it impossible to calculate the length of the lookbehind The X escape which can match different numbers of bytes is also not permitted Atomic groups can be used in conjunction with
188. e Agent will be reconnected to the Server 9 7 Replacing Old Key Files with New Ones During the installation of the Dr Web ESS anti virus you will be asked to provide files containing the Server key and the key for workstations read p Installing the Dr Web Enterprise Server for more information on key files read p Key Files Once your keys expire some components of the program will not operate To restore the full functionality of the Dr Web ESS antivirus you should obtain and import new key files There are two ways to install new key files which depend on whether the ID parameter in the new key file is the same as the previous key file Open both key files enterprise key with a text editor find the Enterprise section and compare the values in the D1 parameter The key file has a write protected format using a digital A signature Editing the key file makes it invalid To avoid this do not modify the key file and or save it when closing the text editor 277 Ta J N Ws Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components If the Agent with an active self protection is installed on Sever computer you must disable Dr Web SelfPROtect component in the Agent settings before replacing a key files The Same ID1 Parameter To specify the new key files for the anti virus network components use the License Manager To install new key files in Dr Web ESS 1 Repla
189. e Enterprise Server software Install the new Server empty with the new DB at the necessary computer Stop the Server via the Windows OS service administrative loots or via the Dr Web Control Center Copy the automatic saved etc folder to the C Program Files DrWeb Enterprise Server etc folder and the drwcsd pub key to the C Program Files DrWeb Enterpris Server Installer folder Run drwcsd exe using the importdb switch to import the content of the database from a file The full command line for Windows looks as follows 420 Ta J N s 8 Frequently Asked Questions C Program Files DrWeb Enterpris Server bin drwcsd exe importdb lt file_path gt Start the Server see Start and Stop the Dr Web_ Enterprise Server and import DB Just save the dbinternal dbs file and replace the new DB file at the installed Server by an old DB file from the previous version of the Server wy In case of using internal DB it is not necessary to export To transfer the Dr Web Enterprise Server for the different Dr Web Enterprise Server versions under Windows OS 1 Stop the Server see Start and Stop the Dr Web Enterprise Server Save the database via the SQL server tools in case of using internal DB just save the dbinternal dbs file Backup the C Program Files DrWeb Enterpris Server etc folder and the drwcsd pub key from the Program Files DrWeb Enterprise Server Installer folde
190. e default folder Install Enterprise Server version 6 0 2 see Installing the Dr Web Enterprise Server for UNIX system based OS After new install you can replace automatically created files with the backup copies from the previous installation In case of automatic backup replace the files in the following folders drwcsd pub opt drwcs Installer usr local drwcs Installer opt drwcs webmin install usr local drwcs webmin install dbinternal dbs Var opt drwcs var drwcs 264 A AN T v A A Y Chapter 9 Updating the Dr Web Enterprise 265 Security Suite Software and Its Components drwcsd conf var opt drwcs etc var drwcs etc drwcsd pri enterprise key agent key certificate pem private key pem A Dr Web Control Center configuration file webmin conf from version 4 XX is not compatible with the version 6 0 2 software After upgrading the Server you cannot replace a new configuration file with a backup copy of the 4 configuration file and have to make all necessary changes manually In case of manual backup replace the files in the same folders from which you copied the files before new install For all backup files from the previous Server version see step 6 assign the same permissions as those set at the installation of the new Server version 7 To upgrade the databases execute the following commands efor Linux OS and Solaris OS etc init d drwcsd upgradedb for Fr
191. e described in the manual Dr Web Anti Virus for Windows User Manual 7 2 1 Setting Users Permissions To edit users permissions via the Dr Web Control Center for administrating the anti virus package 1 In the main menu select Network then click the name of a workstation in the hierarchical list In the control menu left pane select Permissions This opens the permissions configuration window To change permissions use the following tabs Components to change permissions for components management By default a user is authorized to launch 174 Ta J N ax Chapter 7 Administration of Workstations each component but prohibited to edit components configuration or stop the operation of components General to change permissions for Agent and its functions management Mobile mode and update from Dr Web GUS disables the Mobile mode option in the Agent context menu Create a local schedule disables the Local option in the Schedule submenu of the Agent context menu Change the local policy disables the Run mode option and the Installing components submenu in the Agent context menu Change Dr Web Enterprise Agent settings disables in the Agent context menu in the Settings submenu the Synchronize time option and Log level submenu Stop Dr Web Enterprise Agent interface disables the Exit option in the Agent context menu if the Agent interface has been run under a user without administr
192. e entered in a single line See also drwcesd command format with the initdb switch at the Appendix _H5 3 It is presumed that Enterprise Server is installed to the C Program Files DrWeb Enterprise Server folder and agent key is located in Ta J N ax Frequently Asked Questions 433 D Keys c Once this command is executed a new dbinternal dbs of about 200 Kb wil be generated in the var subfolder of Enterprise Server installation folder 2 2 For the external DB cleanup the DB via the clean sql script located in the etc subfolder of Enterprise Server installation folder 3 Import the content of the database from the correspondent backup file The command line will look as follows C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all importdb lt disc gt lt path_to_the_backup_file gt database dz The command must be entered in a single line It is presumed that Enterprise Server is installed to the C Program Files DrWeb Enterprise Server folder 4 Start the Enterprise Server see Start_and Stop the Dr Web Enterprise Server For UNIX OS 1 Stop Enterprise Server for Linux OS and Solaris OS etc init d drwcsd stop for FreeBSD OS usr local etc rce d drwesd sh stop for other supported versions bin drwcs sh sto
193. e messages about e the starting of remote scanning e the stoping of remote scanning e the beginning of updating of the anti virus software or some of the components e the end of successful updating of the anti virus software or some of the components If you want messages of all groups to be sent set all the four flags Ohterwise only message of the specified groups will be displayed Users can configure all notifications except Critical notifications which are configured by administrators only 7 4 Editing Scheduled Tasks on a Station Schedule a list of actions performed automatically at a preset time on workstations Schedules are mostly used to scan stations for viruses at a time most convenient for users without having to launch the Scanner manually Besides Enterprise Agent allows to Ta J N ax Chapter 7 Administration of Workstations perform certain other types of tasks as described below There are two types of schedules e Centralized Enterprise schedule It is set by the anti virus network administrator and complies with all the rules of configuration inheritance Local schedule of a station It is set by the user of the specific station if the station has the permissions and stored locally on this station Enterprise Server does not control this schedule Centralized Schedule Using the Dr Web Control Center you can schedule tasks for a certain workstation or a group of workstations
194. e selected groups and all nested groups 163 Ta AN ax Chapter 6 Groups Integrated Workstations Management selection of several stations and groups to compare all stations selected directly in the hierarchical list and included in all groups and their nested groups 2 In the control menu left pane select Comparison 3 The comparison table for selected objects will be opened Comparative parameters for groups e Stations total number of stations included in this group Stations online number of on line stations Primary for number of stations for which this group is parental Personal configuration list of components with personal settings not inherited from the parental group Comparative parameters for stations Creation time of this station Primary group for this station Personal configuration list of components with personal settings not inherited from the primary group Installed components list of anti virus components installed at this station 164 Ta J N ax Chapter 7 Administration of Workstations 165 Chapter 7 Administration of Workstations Anti virus networks operated by Dr Web ESS provide for centralized configuring of anti virus packages on workstations and allows to set the configuration parameters of anti virus programs to schedule tasks on workstations e launch scanning the computer independently of schedule settings e
195. ear the Use proxy server flag Dr Web Enterprise Agent Update Setup Configuration of repository update for the Agent and anti virus package software is set separately for different OS versions on which this software is installed On the Dr Web Enterprise Agent for Windows tab in the group of radio buttons specify whether all components which are installed on workstations under Windows OS or virus databases only should be updated On the Dr Web Enterprise Agent for Unix tab in the group of radio buttons specify for which UNIX system based OS update of components which are installed on workstations is required 243 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server Dr Web Enterprise Server Update Setup On the Dr Web Enterprise Server tab in the group of radio buttons specify what files for Windows OS for UNIX OS for both of OS or none should be updated For Server 5 0 and later versions updates from the GUS servers are not supplied regardless of settings of this section To upgrade the Server use the installer of corresponding version and make the upgrade procedure according to general rules described in Upgrading Dr Web __ESS_ for Windows OS or Upgrading Dr Web ESS for UNIX System Based Systems 8 5 Peculiarities of a Network with Several Dr Web Enterprise Servers Dr Web ESS alows to build an anti virus network with several Enterprise Servers In such networks each workstat
196. eb Enterprise Agent Installer Appendix F Administration of the Repository F1 The Syntax of the config Configuration File F2 The Meaning of config File Instructions F3 id Files F4 Examples of Administrating the Repository with a Modification of the Status File Appendix G Configuration Files G1 Dr Web Enterprise Server Configuration File G2 Dr Web Control Center Configuration File G3 Proxy Server Configuration File Appendix H Command Line Parameters of the Programs Included in Dr Web Enterprise Security Suite H1 Introduction H2 Dr Web Enterprise Agent Interface Module H3 Dr Web Enterprise Agent H4 Network Installer H5 Dr Web Enterprise Server H6 Administrating Utility of the Internal Database H7 Utility of Generation of Key Pairs and Digital Signatures 310 318 318 321 322 324 324 327 332 333 335 335 343 347 351 351 352 353 357 360 373 373 10 Ta AN aX H8 Administration of the Dr Web Enterprise Server Version for UNIX OS wth the kill Instruction H9 Dr Web Scanner for Windows OS H10 Proxy Server Appendix I Environment Variables Exported by the Dr Web Enterprise Server Appendix J Using the Script of Dr Web Enterprise Agent Initial Installation Appendix K Regular Expressions Used in Dr Web Enterprise Security Suite K1 Options Used in Regular Expressions K2 Peculiarities of PCRE Regular Expressions K3 Use of Metacharacters Appendix L Log
197. ect the current status of the station that is if it is connected to the Server or not at the moment These groups are completely virtual may not have any settings or be primary groups Deinstalled group Once Enterprise Agent software has been deinstalled from a station the station is transferred to the Deinstalled group Deleted group Contains stations which were deleted by an administrator from the Server Such stations can be restored see p Removing and Restoring Stations Expired group For each station account at the Server it is possible to set a validity period After the account has expired the station is transferred to the Expired group Offline group Contains all workstations not connected at the moment Online group Contains all workstations connected at the moment reacting to Server requests Operating system This category of groups represents the operation systems under which the stations are working at the moment These groups are not virtual may have station settings and be primary groups e MacOS X family groups This family includes a set of groups which correspond to specific version of MacOS X operation system 151 Ta J N Ws Chapter 6 Groups Integrated Workstations Management e Netware group This group contains stations which operate under Novell NetWare OS UNIX family groups This family includes a set of groups which correspond to OS of UNIX system based sy
198. ed deinstallation ds called when deinstallation of Agent completed disconnected ds called when client disconnected group changed ds called when group properties changed group created ds called when new group created group deleted ds called when group deleted install ds caled when installation event occurred installed_components ds called when Agent reported installed components jobexecuted ds called when job executed event received from Agent license error ds called when new client connection cannot be established due license limitation load_plugin ds called when plugin module loaded 411 Ta J N ax Appendices load_protocol ds called when protocol module loaded neighbor connected ds caled when server connected neighbor install ds called when installation event received from neighbor Server neighbor noauth ds called just after server connection rejected due authorization error neighbor run _begin ds called when component started event received from neighbor Server neighbor run_end ds called when component completed event received from neighbor Server neighbor scan error ds called when scan error event received from neighbor Server neighbor scan statistics ds called when scan statistics event received from neighbor Server neighbor station status ds called when station local policies settings
199. ed automatically at computer restart To launch the program back without restarting your computer execute the following command net start drwagntd 3 3 Dr Web Control Center To manage the anti virus network and set up the Server the in buit Dr Web Control Center serves Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface Connecting to the Dr Web Enterprise Server For correct functioning of the Dr Web Control Center A under Microsoft Internet Explorer browser you should add the Dr Web Control Center address to the list of trusted sites in the Web browser settings Tools Internet Options Security Trusted Sites For correct functioning of the Dr Web Control Center under Chrome browser you should turn on cookies From any computer with network access to the Server Dr Web Control Center is available at the following address http lt Server_Address gt 9080 or https lt Server_Address gt 9081 where lt Server_Address gt is the IP address or domain name for the computer on which Enterprise Server is installed Ports numbers for http connection and for protected https connection are differ 9080 and9081 correspondingly In the authorization dialog window specify the user name and password of the administrator by default administrator name is admin and the password is the same as was specified during Server installation If you connect through https pr
200. ed below spider install yes spiderml install yes scanner install yes install home installation folder agent logfile install home logs drwagntd log agent loglevel trace agent logrotate 10 10m agent servers install servers agent serverkey install home drwcsd pub agent compression possible agent encryption yes agent findretry 3 agent findtimeout 5 381 5G Appendices 382 agent spiderstatistics 30 agent importantmsg 2 agent discovery udp 2372 agent startmsg 2 or agent startmsg NONE The agent importantmsg parameter defines displaying the messages on the updating error on the reboot request etc to a user 0 do not display 1 display a pop up notification Now we create a nonstandard installation scenario in which SplDer Guard is not installed and maximum detailed logging is set 1 Create a win setup inst rexx file in the 20 drwagntd folder and write to it spider install Eno agent loglevel all 2 Create the custom install script file in the 20 drwagntd folder and write to it include install script platform name win setup scripts win setup inst rexx 3 Reboot the Server or instruct to reboot the repository for UNIX OS kill USR1 cat drwcsd pid for Windows drwcsd exe rerepository Ta J N
201. eeBSD OS usr local etc rc d drwcsd sh upgradedb 8 Launch Enterprise Server 9 Set up repository upgrade and perform the upgrade 10 Restart the Server Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components If using an external database Stop Enterprise Server If you plan to use any files besides files which are copied automatically during Server uninstall at step 4 backup these files manually For instance copy the report templates to a backup folder Remove the contents of the repository Remove Enterprise Server software see the l Uninstalling the Dr Web_ Enterprise Server Software for UNIX system based OS section You will be prompt to create backup copies for this specify a folder where to store the backup or accept the default folder Install Enterprise Server version 6 0 2 see p Installing the Dr Web Enterprise Server for UNIX system based OS Move the automatic saved files see above to for Linux OS to var opt drwcs etc except for the public key The latter must be saved to opt drwes Installer and to opt drwcs webmin install for FreeBSD OS to var drwcs etc except for the public key The latter must be saved to usr local drwcs Installer and to usr local drwces webmin install for Solaris OS to var drwcs etc except for the public key The latter must be saved to opt drwcs Installer and to opt drwcs webmin in
202. een_For_A Long_Time MSG StationName station name MSG StationID station UUID e MSG Days Ago number of days since the last visit MSG LastSeenFrom address the station was seen at the last visit Processing Error MSG Component component name MSG RunBy component is launched by this user SG ServerTime event receipt time GMT SG ObjectName object name MSG ObjectOwner object owner MSG Error error message Q p t oo ted_Newbie MSG AdminName administrator name MSG AdminAddress administrator Dr Web Control Center address Station Already Logged In MSG ID station UUID MSG StationName name of the station MSG Server ID of the Server at which the station is registered is sent if the station is already currently registered at this or another Server Station Authorization_Failed MSG ID station UUID MSG Rejected values rejected access to a station is denied newbie there was an attempt to assign the newbie status to a station Statistics Ta J N ax Appendices MSG Component component name SG ServerTime event receipt time GMT SG Scanned number of scanned objects MSG Infected number of infected objects MSG Modifications number of objects infected with known modifications of viruses MSG Suspicious number of suspi
203. elect the primary group in which the station will be added By default the primary group which was set before station deletion is selected If you restore several stations simultaneously the Former primary group is selected by default It means that for each selected station its own primary group in which station was resides before deletion will be specified If the definite group is selected for all restoring stations the same specified group will be set In the Member of section you can change the list of groups in which the station will be included By default the list of groups in which the station has been included before deletion is set To include the station in user groups click names of accessible user groups in the Groups list section To exclude the station from user groups in which it has been included before deletion click names of corresponding user groups in the Member of section 4 To restore the station with specified parameters click Restore 168 Ta J N s Chapter 7 Administration of Workstations 169 7 2 Management of Stations Configuration Station Settings To view and edit the properties of a workstation 1 Select the Network item in the main menu then select the station in the hierarchical list and click the General L Edit element of the Toolbar 2 A panel with properties of the station will be opened in the right part of the Dr Web Control Center This panel contains t
204. emoval of Dr Web Enterprise Security Suite Components select I accept the terms of the license agreement and click Next 3 A window for changing the default installation folder C Program Files DrWeb Enterprise Proxy wil be opened If necessary click Change and specify the installation folder Click Next 4 A window for setting Proxy server parameters will be opened In the Listen to field specify an IP address which will be listened by the Proxy server By default it is any 0 0 0 0 value which means listen to all interfaces In the Port field specify a port which the Proxy server listens By default it is 2193 port or 23 port for NetBIOS protocol In the Protocol drop down list select a type of the protocol for accepting incoming connections by the Proxy server Set the Enable discovery flag to enable the Server imitation mode This mode allows Network scanner to detect the Proxy server as an Enterprise Server In the Multicast group specify an IP address of a multicast group in which the Proxy server is included Specified interface will be listened by the Proxy server for interaction with Network installers during active Enterprise Servers searching In the Redirect to section specify an address or the list of addresses of Enterprise Servers where the connection established by the Proxy server should be redirected to After you specify Proxy server settings click Next 5 A win
205. ents of the list press and hold CTRL or SHIFT during selection Add a new server to the list on the toolbar click Create server and select server properties as described below Select a proxy server set the Use proxy server flag Proxy server settings are similar to those of the Update servers e Change the server address and user authorization parameters click the server icon When editing or adding a server a window for editing updates server settings appears To configure the Update servers 1 Click the icon of certain the server 2 Fill the Server entry fields with the server address and the port of the server 3 Fill in the User and the Password entry fields If authorization on the server is not required leave these fields empty 4 To save changes in the settings click Save 242 A Q T A A yy v Chapter 8 Configuring the Dr Web Enterprise Server You can set a proxy server to access all update servers To add the proxy server 1 Set the Use proxy server flag 2 In the opened window of a proxy server settings specify the parameters that a similar to update server parameters 3 Click Add 4 Click Save Pay attention to the authorization type when you configure a proxy server The current Dr Web Enterprise Security Suite version supports only base HTTP and proxy HTTP authentication If t is necessary to disconnect the update server from the proxy server cl
206. er the anti virus network hierarchical list displays only those computers which are already included into the antivirus network The program allows also to discover computers which are not protected with Dr Web Enterprise Security Suite and to install anti virus components remotely To quickly install the Agent software on workstations it is recommended to use Network Scanner which searches for computers by IP addresses To install the Agent via the Network Scanner 1 Open the Network scanner On the Administration menu of the Dr Web Control Center select Network scanner A Network scanner window with no data loaded will be opened 2 In the Networks field specify networks in the following format e with a hyphen for example 10 4 0 1 10 4 0 10 separated by a comma with a whitespace for example 10 4 0 1 10 4 0 10 10 4 0 35 10 4 0 90 e with a network prefix for example 10 4 0 0 24 If necessary change the port and the timeout value 3 Click Start Scanner The catalog hierarchical list of computers demonstrating where the Dr Web ESS anti virus software is installed will be loaded into this window 4 Unfold the catalog elements corresponding to workgroups domains All elements of the catalog corresponding to workgroups and individual stations are marked with different icons the meaning of which is given below 67 Ta 2 i ax Chapter 2 Installation and Removal of Dr Web 68 Enterpr
207. er Configuration in the control menu 2 Go to the Alerts tab and select the necessary mode of alerts in the Alert sender drop down list None do not send messages default mode eMail send by e mail Windows network message send through Windows Messenger for Servers under Windows OS only E Mail Notifications To send notifications by e mail specify From address of message sender e To address or addresses of message receivers To add a new receiver click e SMTP server Port address and port of the SMTP server to send e mails User Password Enter password again if necessary set a user name and a password for authorization on the SMTP server A N T A A yy v Chapter 8 Configuring the Dr Web Enterprise Server Set the following flags is necessary Debug mode get detailed log of the SMTP session Use TLS SSL encoding use TLS SSL encoding to encrypt traffic when sending e mail notifications Allow plain text authorization use plain text authentication on mail server Allow CRAM MD5 authorization use CRAM MD5 authentication on mail server In the Allowed messages section set flags against the events on which the notifications should be sent Windows Network Message Windows network message system functions only under Windows OS with Windows Messenger Net Send service support Windows Vista OS and later do not support Win
208. er for Windows OS The set and the order of steps may somewhat differ depending on the distribution file version 32 Ta 2 i ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components Before installing please consider the following A If Terminal Services are installed on Windows OS you should install the software through the Add or Remove Programs Wizard only The distribution file and other files requested during the program installation should reside on local drives of the computer on which the Server software is installed these files should be made accessible for the LocalSystem user Enterprise Server should be installed by a user with the administrator s rights to the computer After Enterprise Server is installed it is necessary to update all Dr Web ESS components see p Manual Updating of the Dr Web ESS Components In case an external database is to be used it is necessary to create the database first and set the ODBC driver see Appendix B The Description of the DBMS Settings The Parameters of the DBMS Driver Figure 2 1 illustrates the flowchart of Enterprise Server installation procedure Steps in the flowchart correspond with the detailed description of the installation procedure shown below 33 Ta 2 N ax Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 15 Step 16 Step 17 Chapter 2 Installation and Removal of Dr Web 34 En
209. er on line On computers operated by Windows NT OS Windows 2000 OS Windows XP OS Windows 2003 OS Windows Vista OS it is run with specified user permissions For proper operation the Agent requires standard Windows Explorer as a user shell or any other program fully compatible with it The start instruction format drwagnui lt switches gt Possible switches admin rights or no admin rights enable or disable the administration mode in Windows 98 OS Windows ME OS that is to consider the user working in these environments as an administrator or not The administrator can for example change the Agent settings For Windows NT OS Windows 2000 OS Windows XP OS Windows 2003 OS Windows Vista OS it is determined by the OS permissions system By default it is disabled 352 Ta J N ax Appendices delay lt number gt specifies in how many minutes after the load the welcome message should be displayed to the user By default it is 2 minutes the 1 value disables the welcome message help to display help on the format of commands trace to log in detail the location of error origin H3 Dr Web Enterprise Agent Settings of the Agent are stored in the Windows OS registry in the HKEY LOCAL MACHINE SOFTWARE IDAVLab Enterprise Suite Dr Web Enterprise Agent Settings branch For the parameters set by switches the parameter name coincides with the switch name The l
210. er than bc Because there may be many capturing parentheses in a pattern all digits following the backslash are taken as part of a potential back reference number If the pattern continues with a digit character some delimiter must be used to terminate the back reference If the PCRE EXTENDED option is set this can be whitespace Otherwise an empty comment can be used A back reference that occurs inside the parentheses to which it refers fails when the subpattern is first used so for example a 1 never matches However such references can be useful inside repeated sub patterns For example the pattern al b 1 matches any number of a s and also aba ababbaa etc At each iteration of the subpattern the back reference matches the character string corresponding to the previous iteration In order for this to work the pattern must be such that the first iteration does not need to match the back reference This can be done using alternation as in the example above or by a quantifier with a minimum of zero Assertions An assertion is a test on the characters following or preceding the current matching point that does not actually consume any characters The simple assertions coded as b B A G Z z and are described above More complicated assertions are coded as subpatterns There are two kinds those that look ahead of the current position in the subject string and those that look behind
211. ers of the selected task will change its look the parameters of different types of tasks are described in Table 8 3 3 On the Time tab select time intervals at which the task is to be launched and set the time accordingly it is similar to scheduling tasks for a workstation as described in p Editing Scheduled Tasks on a Station above 4 Click Save Table 8 3 Tasks types and settings Runa For tasks of this type you need to enter the procedure procedure name in the Name filed The name of the procedure must correspond to the name of the executable lua script with no extension located at the var extensions folder of the Server installation folder see also scripts description at the Appendix M 237 7 ax A J AN Chapter 8 Configuring the Dr Web Enterprise Server Shutdown and Restart Run License expiration reminder Update Log Backup critical server data Stations that nave not visited for a long time Purge unsent IS events There are no additional parameters for tasks of this type Use these tasks to stop and restart the Server Specify the path to the executable file of the Server in the Path field and the command line parameters at launch in the Arguments field Set the Execute synchronously flag for the synchronization with Server wait while task finishes before executing other tasks with Run type If the Execute synchronously flag is cleared the Server logging only the star
212. ested once again as specified in p Key Files 437 Ta J N ax Frequently Asked Questions To Restore a Dr Web Enterprise Server for Windows OS Install Enterprise Server software of the same version as the lost one on a working PC see p Installing the Dr Web Enterprise_Server for Windows OS During the installation If there is a copy of the DB internal or external on another PC and t is not damaged in the respective dialog boxes of the installer specify it along with the saved files of the Server license key private encryption key and Server configuration If the Server DB internal or external was lost but a backup of its contents database dz is saved then in the respective dialog boxes of the installer select creating a new database specify the saved files of the Server and Agent license keys private encryption key and Server configuration After the installation import the DB contents from the backup see p Restoring the Database of Dr Web Enterprise Security Suite To Restore a Dr Web Enterprise Server for UNIX System Based OS 1 Install Enterprise Server software of the same version as the lost one on a working PC see p Installing the Dr Web Enterprise Server for UNIX system based OS 2 Put the saved files to e for Linux OS var opt drwcs etc except for the public key Put the latter to opt drwcs Installer for FreeBSD OS var drwcs etc except for the public key Put the latter t
213. etected station deleted ds called when station deleted station noauth ds called just after Agent connection rejected due authorization error unload_ plugin ds called when plugin module unloaded unload_protocol ds called when protocol module unloaded virus ds caled when virus detected event received from Agent virusbases ds called when Agent sent virus bases information 413 A N T A A A yy v Appendices 414 Appendix N Integration of XML Web API and Dr Web Enterprise Security Suite The XML Web APTI is described in the XML API for Dr Web Enterprise Security Suite manual see also Help section Application XML Web API when integrated to the Dr Web Enterprise Security Suite provides functions for operation of transactions with accounts and automatisation of service users management You can use it for example to create dynamic pages to receive requests from users and send them installation files Authentication The HTTP s protocol is used to interact with the Enterprise Server XML API accepts RESET requests and replies with the XML To get access to the XML API the Basic HTTP authentication is used in compliance with RFC 2617 standard In violation of RFC 2617 and related standards the Server does not request credentials from the client you must supply standards to succeed Ta J N s Appendices Appendix O Procedures for Authent
214. ettings SpIDer Guard Settings SpIDer Mail settings Firewall Network access Outlook plug in System protection gt Self protection SpIDer Gate SpIDer Guard SpIDer Mail About Help Doctor Web Ltd Prepare logs Support Exit Figure 3 1 The context menu of Enterprise Agent The range of settings accessible through the context menu of the Agent icon depends on the configuration of the workstation specified by the administrator A AN 1 v A A y Chapter 3 Components of an Anti Virus Network 96 and Their Interface You can find info about the set of Agents parameters and description of corresponding administrative functions in the Enterprise Agent help About the settings of Enterprise Agent read p Editing the Parameters of the Dr Web Enterprise Agent Start and Stop the Dr Web Enterprise Agent under Windows OS The Exit command in the Agent context menu only stops A the Agent GUI see the Management Interface under Windows OS section and removes the icon from the notification area of the Taskbar The Agent will remain running To terminate the program itself execute the following command net stop drwagntd It is not recommended to stop the Agent because in this case the anti virus package software will not be updated and the Server will not receive any information on the status of the workstation although the permanent protection will not be disabled The Agent will be launch
215. f Administrative Accounts 5 3 1 Creating and Deleting Administrators 5 3 2 Editing Administrators Chapter 6 Groups Integrated Workstations Management 6 1 System and User Groups 6 2 Group Management 6 2 1 Creating and Deleting Groups 6 2 2 Editing Groups 6 3 Adding a Station to a Group Removing a Station from a Group 6 4 Using Groups to Configure Stations 6 4 1 Inheriting Stations Configuration from Groups Primary Groups 6 4 2 Propagation of Settings to Other Groups Stations 6 5 Comparison of Stations and Groups 118 128 132 132 135 139 139 144 146 146 148 150 150 154 154 155 157 159 160 162 163 Xeon K4 Chapter 7 Administration of Workstations 7 1 Management of Workstation Accounts 7 1 1 New Stations Approval Policy 7 1 2 Removing and Restoring Stations 7 2 Management of Stations Configuration 7 2 1 Setting Users Permissions 7 2 2 Viewing Installed Components List of the Anti Virus Package 7 2 3 Anti Virus Package Composition 7 3 Editing Parameters of the Dr Web Enterprise Agent for Windows OS 7 4 Editing Scheduled Tasks on a Station 7 5 Anti Virus Scanning of Stations 7 5 1 Viewing and Terminating Running Components 7 5 2 Terminating Running Components by Type 7 5 3 Launching Scan on Station 7 5 4 Managing Scanner Settings for Windows OS 7 6 Viewing Statistics 7 6 1 Tables 7 6 2 Charts 7 6 3 Summary Data 7 6 4 Quarantine 7 7 Setting S
216. f Workstations Setting Users Permissions for details and configure access to local resources Server settings have priority over user defined settings To update access configuration at the station connect to Enterprise Server edit and reapply Office Control settings for the station If you limit access to a critical system folders or enter A incorrect path to the resource Office Control settings will be updated at the station but incorrect access right will be ignored No warning is displays in case of this error 7 7 2 Configuring MailD Component for Email Protection Under UNIX System Based OS and Mac OS When running Agents under UNIX system based and Mac OS operating systems you can specify 15 30 or 50 email addresses to protect from viruses using the Dr Web MailD component To check the maximum number of protected emails addresses check your Agent key file agent key To specify the list of protected e mails 1 Select the workstation or group in the hierarchical list and click Emails list in the control menu panel on the left 2 In the opened window enter one email address you want ot protect 3 To add a new address click i Each address must be specified in a new line 4 To remove an address from the list click next to the corresponding item 5 Click Save to save changes Ta J N s Chapter 7 Administration of Workstations 7 8 Sending Notifications to Users The sys
217. from unauthorized access and prevents leak of vital data through networks This component monitors connection attempts and data transfer and helps you block unwanted or suspicious connections both on network and application levels 1 4 Benefits Dr Web ESS offers the following benefits Cross platform Server software enables using both Microsoft Windows and UNIX system based operated computers Cross platform Agent software enables anti virus protection 18 A Q T A A A yy V Chapter 1 Welcome to Dr Web Enterprise 19 Security Suite of computers operated under Microsoft Windows OS Microsoft Windows Mobile OS Novell NetWare OS UNIX system based OS and Mac OS X e Anti virus protection of Microsoft Outlook mail system and mail system based on IBM Lotus Domino server or Microsoft Exchange Server e Network traffic can be reduced to minimum special compression algorithms are applicable e Data transferred between system components can be encrypted e Grouping of anti virus stations facilitates administering of the anti virus network e Remote administration of the anti virus protection via the Dr Web Control Center almost from any computer under any OS Centralized installation of Enterprise Agents the Agents software can be set up prior to the installation on client machines Spam filters can be used on anti virus stations provided that it is authorized by the
218. g Started General Information Dr Web Enterprise Agents Setup During the Agent installation the Server address IP address or hostname of the computer on which the Server is launched can be directly set in installation parameters drwinst lt Server_Address gt For the Agent installation it is recommended to use the Server name registered in DNS service This will simplify the setting of the anti virus network in case of moving Enterprise Server to another computer By default the drwinst instruction launched without parameters will scan the network for Enterprise Servers and will try to install Agent from the first found Server the Multicast mode with using Server Detection Service Thus the Server address become known for the Agent during installation You can change the Server address in the Agent settings manually later To view and edit the settings of connection to the Server use the Agent context menu item Settings Connection Dr Web Enterprise Server Detection Service In this connection scheme client does not know the Server address preliminary Before establishing each connection the Server will be searched in the network To do this the client sends the broadcast query and waits for the respond that includes Server address After the client gets respond it will establish a connection with the Server To realize this scheme the Server must listen the network for such queries Several variants of re
219. gate the class but only if the first character indicates character range POSIX character class only if followed by POSIX syntax terminates the character class Ta AN ax Appendices K3 Use of Metacharacters Backslash The backslash character has several uses When it is followed by a non alphanumeric character it takes away any special meaning that character may have This use of backslash as an escape character applies both inside and outside character classes For example if you want to match a character you should write in the pattern This escaping action applies whether or not the folowing character would otherwise be interpreted as a metacharacter so it is always safe to precede a non alphanumeric with backslash to specify that it stands for itself In particular if you want to match a backslash you write al If a pattern includes the PCRE EXTENDED option whitespaces other than in a character class in the pattern characters between outside a character class and the next newline character will be ignored An escaping backslash can be used to include a whitespace or character as part of the pattern If you want to remove the special meaning from a sequence of characters you can do so by putting them between Q and E The Q E sequence works both inside and outside character classes Non printing characters Backslash provides a way of encoding non printi
220. ght of the logo If you leave the field blank a text about the Agent will be displayed in its place instead In the URL field specify the link to an Internet resource witch opens by clicking the logo also by clicking the message title if it will be specified in the Name field If the logo is not set or the size of the logo exceeds the allowable limits see Logo File Format p 3 Enterprise Agent logo will be displayed in its place instead If the Show the company logotype in the message flag is set the Use transparency flag will become active Set the flag to apply transparency to the logo image see Logo File Format p 4 Show link in the message set the flag to use hyperlinks to web resources in messages to users To insert a link 1 In the URL field insert a link to an Internet resource 2 In the Text field type the name of the link a text shown instead of the link in the message 3 In the Message text field put the link tag in all places where you want the link to appear In the resulting message the link with the specified parameters will be shown instead of the tag You may use an unlimited number of Link tags in a text all of them having the same parameters from the URL and Text fields correspondingly For example 216 Ta i ax Chapter 7 Administration of Workstations 217 To send the message displayed in figure 7 1 the following parameters were set for the link
221. gs and temporary files 4 Operating systems see Appendix A The Complete List of Supported OS Versions a Microsoft Windows 98 OS Windows Me OS Windows NT4 OS SP6 and later Depending on OS the following components can be installed A AN T V A A yy Chapter 1 Welcome to Dr Web Enterprise Windows 2000 with SP4 and later SpIDer Gate SelfPROtect and Office Control FireWall Security Suite Windows 2000 with SP4 Update Rollup 1 and later SpIDer Guard NT4 e e SpIDer Guard G3 SpIDer Mail NT4 e SpIDer Mail Windows 98 Windows ME Windows NT4 SP6a Windows 2000 with SP4 without Update Rollup1 Windows XP without SP and with SP1 Windows 2003 without SP Windows 2000 with SP4 and Update Rollup1 Windows XP with SP2 or later Windows 2003 with SP1 or later Windows Vista or later Windows 98 Windows NT4 with SP6 a All supported OS later than systems for SpIDer Mail NT4 version which are above listed Dr Web Browser Plugin for Outlook Windows 2000 with SP4 and later b Microsoft Windows Mobile OS c Novell NetWare OS d Mac OS X e UNIX system based OS Linux OS FreeBSD OS or Solaris OS 5 For Dr Web for Outlook plug in the the Microsoft Outlook client from the Microsoft Office package is required e Outlook 2000 Outlook 9 24 Ta N ax Chapter 1 Welcome to Dr Web Enterprise 25 Security Suite Outlook 200
222. gt By default depending on lt connection protocol gt Ta J N ax Appendices 323 tcp 127 0 0 1 2193 means loopback port 2193 tcp 2193 means loopback port 2193 for IPv6 spx 00000000 000000000001 2193 means loopback socket 0x2193 lt drwcs name gt Dr Web Enterprise Server Location Using the Given Family of Protocols and Endpoint lt drwces name gt lt datagram protocol gt lt endpoint socket address gt lt interface gt By default depending on lt datagram protocol gt drwes udp 231 0 0 1 2193 0 0 0 0 location of a Server with the drwcs name for a TCP connection using a multicast group 231 0 0 1 2193 for all interfaces e drwes ipx 00000000 FFFFFFFFFFFF 2193 00000000 000000000000 location of a Server with the drwcs name for an SPX connection using broadcasting messages on socket 0x2193 for all interfaces Ta J N ax Appendices Appendix F Administration of the Repository To administrate the functions of the repository the following files located in the program root folder are used Configuration file config specifies the set of files and the parameters of the updates server The file has a text format its structure is described below in Appendices Fi The Syntax of the Configuration _File__ confi and F2 The Meaning of config File Instructions Status file id displays the generalized state of a product revision number and
223. h SP1 and later Ta AN ys Appendices 292 Windows Server 2008 also with SP1 and later Windows Server 2008 R2 Windows 7 SelfPROtect Spider Gate Office Control FireWall 32 bit Windows 2000 Professional SP4 also with Update Rollup 1 Windows 2000 Server SP4 also with Update Rollup 1 Windows XP Professional also with SP1 and later Windows XP Home also with SP1 and later Windows Server 2003 also with SP1 and later Windows Vista also with SP1 and later Windows Server 2008 also with SP1 and later Windows 7 64 bit Windows Server 2003 also with SP1 and later Windows Vista also with SP1 and later Windows Server 2008 also with SP1 and later Windows Server 2008 R2 Windows 7 Windows Mobile OS Windows Mobile 2003 Windows Mobile 2003 Second Edition Windows Mobile 5 0 Windows Mobile 6 0 Windows Mobile 6 1 Windows Mobile 6 5 Novell NetWare OS Novell NetWare 3 12 Ta J N ys Appendices 293 Novell NetWare 3 2 Novell NetWare 4 11 Novell NetWare 4 2 Novell NetWare 5 1 Novell NetWare 6 0 Novell NetWare 6 5 Mac OS X Mac OS 10 4 Tiger Mac OS 10 4 Server Tiger Server Mac OS 10 5 Leopard Mac OS 10 5 Server Leopard Server Mac OS 10 6 Snow Leopard Mac OS 10 6 Server Snow Leopard Server Mac OS 10 7 Lion Ta J i ax Appendices 294 Appendix B The Description of the DBMS Settings The Parameters of the DBMS Driver You can get the stru
224. h means do not use rotation always write to the same file of unlimited size In the rotation mode log file names are generated as follows file lt N gt log or file lt N gt log dz where lt N gt sequence number 1 2 etc For example the log file name is set to file log see the log switch above then e file log current log file e file 1 log previous log file 367 Ta 2 N ax Appendices 368 e file 2 log and so on the greater the number the older the version of the log var root lt folder_for_modified gt path to a folder to which the Server has a write access and which is designed to store modified files for example logs and the repository files By default it is the var subfolder of the root folder verbosity lt details_level gt log level of detai ARNING is by default Allowed values are ALL DEBUG3 DEBUG2 DEBUG1 DEBUG MTRACE3 TRACE2 TRACE1 TRACE INFO NOTICE WARNING ERROR CRIT The ALL and DEBUG3 values are synonyms see also Appendix L Log Files Format This key defines the log level of detail set by the subsequent log key read above One instruction can contain several switches of this type The verbosity and log switches are position relative In case of using these keys simultaneously the verbosity switch must be set before the log switch the verbosity switch redefines detail level of
225. hapter 3 Components of an Anti Virus Network 109 and Their Interface Interface My Account Using this section you can manage the current account of the administrator of the anti virus network see also p Management of Administrative Accounts wy Values of fields marked by the sign must be obligatory specified You can edit the following settings if necessary e Administrator account Login for Dr Web Control Center access Set the ReadOnly flag for administrator s rights limitation First name Middle name and Last name of the administrator Language of the interface used by the administrator Date format which is used by this administrator during editing settings that contain dates The following formats are available e European DD MM YYYY HH MM SS e American MM DD YYYY HH MM SS Account Description Set the Can manage a limited number of groups flag to set groups access for the groups administrator To change the password click New password at the toolbar The following parameters are read only Dates of creation and last modification of the account e Status Displays the network address of the last connection under this account Ta AN ax Chapter 3 Components of an Anti Virus Network and Their Interface Click Save after you have changed all necessary parameters For read only accounts only the following fields can be edited Interface language Descri
226. he resource via Scanner launched by scheduler or manually 2 3 1 Installation Files Installation Package esinst After a new user account is created esinst Agent installation package is generated Link for the Agent installation package for the concrete station downloading is available 1 After adding a new station see the 11 step in the Creation of a New User Account section 2 In any time after station adding in station properties after its creation in the Selected objects section for the station selected in hierarchical list Network Installer drwinst The drwinst Agent network installer and the drwcsd pub public encryption key reside in the Installer folder the shared 52 Ta J N s Chapter 2 Installation and Removal of Dr Web 53 Enterprise Security Suite Components hidden resource of the Enterprise Server installation folder Network sharing at the 8 step during Enterprise Server installation is set You can change this resource further The Agent instaler and the public key are also available at the installation page of the Dr Web Control Center Installation Page At the instalation page of the Dr Web Control Center you can download 1 The drwinst Agent network installer Installers for different OS in corresponding named folders are located 2 The drwcsd pub public encryption key From any computer with network access to the Server installation page is available at the
227. he SelfPROtect component is active on the station with the Agent disable it via the Agent context menu to do this you must have administrative rights at the station and rights for disabling the component which are set at the Server Copy the drwcsd pub public key from the new Server to the Agent installation directory 2 Run the following command to specify the Agent settings drwagntd lt new_server_ip gt where lt new_server_ip gt is the address of a new Server to which the Agent must be connected The address must be set according to the The Specification of Network Addresses 3 Restart the Agent service see the The Dr Web Enterprise Agent section Ta J N ax Frequently Asked Questions Changing the Type of the DBMS for Dr Web Enterprise Security Suite For Windows OS 1 2 Stop the Enterprise Server see Start_and Stop the Dr Web Enterprise Server Run drwcsd exe using the exportdb switch to export the content of the database to a file The full command line for Windows looks as follows C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all exportdb D esbase es It is presumed that Enterprise Server is installed to the C Program Files DrWeb Enterprise Server folder and the database is exported to a file esbase es which is in the
228. he files constructions for the given platform in the install script installation routine read below At the same time the summary script is created on the basis of the scripts constructions 3 The Server receives the general list of files and the summary script 4 The Server sends the files and the script which will be executed by the network installer 378 Ta gt N s Appendices 379 Now we consider install script by example of the 20 drwagntd folder master part of installation Agent amp its stuff drwscr dll goes with upgrader so unlisted here platform r name win Seri psa win inst rexx files win for all Windows OS name XXX MUST go first r r r r r r mandatory stanza this platform name include scripts files can go in any order optional script being merged with all others and executed after transfer all files for all platforms requested by installer Windows installer request order win setup optional for customization common win win nt OR win 9x optional this platform files being transfered to installer Ta 2 N ax platform win 9x for Windows 95 MI Appendices 380 win uninstall rexx win drwinst exe win drwagntd exe win drwagnui exe win drwhard dll a name win 9x scripts win 9x inst rexx platform 7 win nt for Windows NT 2003 na
229. he following settings General Configuration Groups Location These settings are described below 3 To save changes in the settings click Save General In the General section the read only fields are listed ID station unique identifier Name station name Also you can specify the following fields In the Password field specify a password to authorize the station at the Server retype this password in the Retype password field If you change the password you must repeat this action in the Agent connection settings at the station to permit Agent connection in the Description field add comments wy Values of fields marked by the sign must be obligatory specified A AN T V A A Y Chapter 7 Administration of Workstations Configuration In the Configuration section the folowing stations parameters are presented fe setting permissions for the workstation see p Setting Users Permissions m changing schedule settings Centralized schedule setting described in p Editing Scheduled Tasks on a Station R setting the licence key file for the station o setting restrictions for anti virus software updating For more details about update restrictions see p Update Restrictions for Workstations e instaling components list see p Anti Virus Package Composition the settings of the anti virus components Dr Web Scanner for Windows SpIDer Guard for Windows
230. he kill Instruction The version of the Server for UNIX OS is administrated by the signals sent to the Server processor by the kil1 utility Use the man kill instruction to receive help on the kill utility Below are listed the utility signals and the actions performed by them Ta J N ax Appendices SIGWINCH log statistics to a file CPU time memory usage etc SIGUSR1 reread the repository from the drive SIGUSR2 reread templates from the drive SIGHUP restart the Server SIGTERM shut down the Server SIGQUIT shut down the Server SIGINT shut down the Server Similar actions are performed by the switches of the drwcsd instruction for the Windows version of the Server read Appendix H5 4 H9 Dr Web Scanner for Windows OS This component of the workstation software has the command line parameters which are described in Dr Web Anti Virus for Windows User Manual The only difference is that when the Scanner is run by the Agent the go st parameters are sent to the Server automatically and without fail H10 Proxy Server To configure some of the Proxy server parameters run with corresponding switches the drwcsd proxy executable file which resides in For Windows OS Proxy server installation folder e For UNIX system based OS bin subfolder of the Proxy server installation folder The start instruction format drwcsd proxy lt switches gt Ta N ax
231. he package on a station with the help of the uninstall script see the script switch If the script is not explicitly provided the internal script will be executed If such switch is missing equals to no uninstall installation is performed script lt script_name gt sets a file with the executable script It is used with the uninstall switch for the anti virus software deinstallation interactive run the installer in the interactive mode The Agent installation in the installer interactive graphical mode is described in the Installing the Dr Web_ Enterprise Agent section If the interactive switch is not set the Agent installation will be launched in the background mode of the installer see the Installing the_Dr Web_ Enterprise_ Agent section But the interactive graphical mode of the installer can be displayed if installation error or launch installation error is occurred 357 Ta J i ax Appendices 358 When installing Agent software remotely through the Dr A Web Control Center this key will not work The interactive key can not be used with variables simultaneously If variables are set they will be ignored retry lt quantity gt similar to Agent timeout lt time gt similar to Agent compression lt mode gt the compression mode of the traffic with the Server Possible values are yes no possible the no value is set by default home lt folder gt
232. he pattern itself CI Option i is equivalent to PCRE_CASELESS If this option is set letters in the pattern match both upper and lower case letters This option can be changed within a pattern by a i option setting Option x is equivalent to PCR T EXTENDED Tf this option is set whitespace data characters in the pattern are totally ignored except when escaped or inside a character class Whitespaces do not include the VT character code 11 In addition characters between an unescaped outside a character class and a newline character inclusively are ignored This option can be changed in the pattern by setting a x option This option enables including comments inside complicated patterns Note however that this applies only to data characters Whitespaces may not appear in special character sequences in a pattern for example within the sequence which introduces a conditional subpattern Option m is equivalent to PCRE_ MULTILINE By default PCRE treats the subject string as consisting of a single line of characters even if it actually contains newlines The start of line metacharacter matches only in the beginning of a string while the end of line metacharacter matches only in the end of a string or before a terminating newline unless PCRE_ DOLLAR ENDONLY is set T When PCRE_MULTILINE is set the start of line and end of line metach
233. he table To change the update mode for a row full day click the corresponding color in the right part of the table row To change the update mode for a column a particular 15 minutes interval of each day of the week click the corresponding color under the table column 4 After editing click Save to accept changes In the toolbar the following options are available GS Propagate these settings to another object copy the update settings of the current station or group to the settings of other station or group Q amp Q Remove these settings set the update settings to the default values all updates are enabled E Export shown settings to file save the update settings in a file of special format 5 Import settings from file load the update settings from a file of special format Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components 9 6 Updating Mobile Dr Web Enterprise Agents If your computer laptop has no connection to the Enterprise Server s for a long time to receive updates opportunely from the Dr Web GUS you are well advised to set the Agent in the mobile mode of operation To do this on the context menu of the Agent icon in the notification area of the Taskbar select Mobile mode Enabled The icon will turn yellow In the mobil mode the Agent tries to connect to the Server three times and if unsuccessful performs an HTTP update The Agent
234. here Click the icon of component at the station connected to this Server to open component settings window Interaction with Dr Web Enterprise Agents Network Scanner has been included in Dr Web ESS starting from version 4 44 Network Scanner can detect the Agents of version 4 44 and older but cannot interact with Agents 4 33 Enterprise Agents 4 44 and older installed on protected stations process respective calls of Network Scanner received at a certain port By default port udp 2193 is using but also port udp 2372 is supported for compatibility with older versions Correspondingly it is the default port offered by the Scanner to call at Network Scanner decides whether there is an Agent on the workstation based on the assumption of the possibility to exchange information with the station request response through the specified port If the station is forbidden for example by a firewall to A accept packages at udp 2193 the Agent will not be detected and consequently Network Scanner considers that there is no Agent installed on the station Quick Scan If the Quick scan option is enabled the following actions will be performed 1 ping requests are sent to network computers 2 the parallel poll for Agents detection is performed only for A Q T A A A yy V Chapter 3 Components of an Anti Virus Network and Their Interface computers which has answered to ping requests 3 Agents detection proced
235. hierarchical list e Show station name show names of stations in the hierarchical list if such are given e Show station address show IP addresses of stations in the hierarchical list Ta J N ax Chapter 3 Components of an Anti Virus Network 108 and Their Interface e Show station server show names or addresses of Enterprise Servers to which stations are connected for all elements e Display personal settings enables disables marker on icon of workstations and groups which shows whether individual settings are present e Show descriptions enables disables showing of groups and stations descriptions the descriptions are set in the properties of an element Property Pane The property pane shows the properties and settings of workstations To display the property pane 1 To display the attributes click the General L Edit element of the Toolbar 2 A pane with properties of the station will be opened in the right pane of the Dr Web Control Center This panel contains the folowing settings General Configuration Groups Location For more details about this settings see p Management of Stations Configuration 3 3 3 Preferences Select the Preferences item in the main menu of Dr Web Control Center All settings of this section are valid only for the current administrator account The control menu consists of the following items My account Ta J N ax C
236. his administrator during editing settings that contain dates The following formats are available e European DD MM YYYY HH MM SS e American MM DD YYYY HH MM SS In the Description field you can set optional description of the account For group administrator account set the Can manage a limited number of groups flag to specify available groups The Supervised groups section become available In the Supervised groups list specify groups managed by this administrator To do this click the group name in the Known groups list To exclude customer groups managed by this administrator click the group name in the Supervised groups list Values of fields marked by the sign must be obligatory specified 147 Ta J N ax Chapter 5 Anti Virus Network Administrators 148 4 After you set all necessary parameters click Save to create a new administrator account Deleting Administrators To delete administrator account 1 Select the Administration item in the main menu of the Dr Web Control Center and then the Administrative accounts item in the control menu 2 Select the account you want to delete in the administrators list 3 Click the X Remove account icon in the toolbar 5 3 2 Editing Administrators To edit administrator account 1 Open the account settings section For administrators with full rights you can do this by one of the following ways Select the Administration item in
237. horization server is not available domain controller Unknown bad password user name or The ADMIN resource does not exist at the remote station At this step result of installation is checked Unknown error 2 Installation is not required on this computer 4 Protocol violation 6 Cannot initialize scripting engine 7 Connection to server timed out 8 Ask for the technical support of the Doctor Web company The Agent is already installed or has been incorrectly deleted in this case use the drwebremover utility at this station The drwinst exe installer is not matched with the Server version Make sure that the installer is from the Server installation package System error Ask for the technical support of the Doctor Web company The Enterprise Server is not available fromthe remote station Ta 2 ax N Remote Installation Trouble Shooting 446 System should be Restart the station to complete rebooted to finish previously uninstallation previous deinstallation 9 Aq P P v 447 Index A access restriction local resources 212 144 146 Active Directory accounts Agent installing 71 Agent uninstalling 85 Administrators accounts 146 permissions 144 Agent functions 91 installing 51 installing Active Directory 71 installing remote 67 71 91 93 mobile mode 276 settings 179 start instruction switches 3
238. ical list 103 mainmenu 99 search panel 100 toolbar 104 creating 154 user account 53 D DB database backup files DBMS 425 294 Oracle 299 PostgreSQL 305 restoring 430 settings 231 SQLCE 302 demo key files 28 distribution kit 25 DMBS settings 294 Dr Web Browser Plugin groups 430 internal installing 48 uninstalling for UNIX 87 Aq P P v 449 Index Dr Web Browser Plugin uninstalling for Windows 82 Dr Web Enterprise Agent functions 91 installing 51 installing Active Directory 71 installing remote 67 71 91 93 mobile mode 276 settings 179 start 96 start instruction switches 354 interface uninstalling 82 85 updating 276 Dr Web Enterprise Server configuration file 335 installation folder structure 42 installing for Unix 44 installing for Windows 32 interface 90 log 89 logging 235 moving 420 restoring 437 schedule 236 setting connections 247 settings 220 start 90 start instruction switches 360 tasks 88 types of connections 245 uninstalling for UNIX 85 uninstalling for Windows 82 upgrading for UNIXOS 263 upgrading for Windows OS 258 E encryption key files generating 373 traffic 229 environment variables 377 extensions 410 F force update 269 functions Agent 91 anti virus Server 88 Dr Web ES 15 groups 150 adding a station 157 configuration inheriting 160 primary 160 removing a station 157 settings 159 settings propagation 162 GUS
239. ication of Administrators w General information on authentication of administrators at the Enterprise Server is described in p Authentication of Administrators Active Directory Authentication Only enabling of using authentication method and the order in authenticators list are configured in the lt enabled gt and lt order gt tags of the auth ads xml configuration file Operation principle 1 Administrator specifies username and password in one of the following formats username e domain username username domain e user s LDAP DN Server registers with these name and password at the default domain controller or at the domain controller which specified in the username If registration failed transition to the next authentication mechanizm is performed LDAP DN of registered user is determined For the object with determined DN the DrWeb Admin attribute is read If it has FALSE value authentication is admitted failed and transition to the next authentication mechanizm is performed The DrWeb AdminReadOn1y attribute is read If it has TRUE value administrator has read only rights The DrWeb AdminGroupOn1y attribute is read If it has 415 Ta J N Ws Appendices TRUE value administrator has rights to manage certain groups only The DrWeb AdminGroup attribute is read It must contain the list of groups for managing by this administrator If any of attributes are not
240. ified range period at the end a reserved character which indicates completion of a rule lt line gt lt instruction gt lt separator gt lt comment gt lt instruction gt lt name gt lt parameter gt lt name gt description sync with syne delay syne only Usivne Tonore sitate omliy state ignoren Wnotity onily TnoOtiiy tonere nosh y ofi lt parameter gt lt text gt lt text gt lt word gt lt separator gt lt word gt lt symbol gt lt sign gt lt symbol gt a zA Z 0 9 ssigna e met et fc NE eet ge Hh SY ea E lt separator gt r t n s lt comment gt lt text gt 4 lt M1 gt lt symbol gt lt M1 gt min Ta J N ax Appendices 326 lt M2 gt lt text gt lt M2 gt lt M1 gt lt symbol gt lt M2 gt lt sign gt The configuration file is a sequence of words separated by separators A separator is any sequence of the following characters space s tab t carriage return r line feed n A word beginning with a semicolon means the beginning of a comment which lasts till the end of the line Examples ghgh 123 this is a comment 123 this is not a comment requires a separator at the beginning A word beginning with a number sign means the beginning of a stream comment the rest of the word is specifie
241. iles excluded from scanning list enter a path to scan for viruses To add a new path click a Add then enter a path in the new line Ta J N ax Chapter 7 Administration of Workstations To remove a path from the list click Remove next to the appropriate line The Paths selected to scan list contains in explicit form the paths disks and catalogs to be scanned The list of paths excluded from scanning can contain the following elements 1 Direct path in the explicit form to the excluded object And A character or excludes the entire disc with the Windows OS installation folder A character at the end of a path excludes the folder from checking A path without a character at the end all subfolders of the selected folder are excluded from checking For example C Windows skip scanning files of the C Windows folder and all its subfolders 2 Masks of objects excluded from the scan The and the symbols can be used to specify masks For example C Windows dll C Windows skip scanning all files with the d11 extension at all subfolders of the C Windows folder 3 Regular expression Paths can be specified through regular expressions Any file whose full name with the path corresponds to a regular expression is excluded from checking Before starting Dr Web Scanner for Windows familiarize yourself with recommendations on virus scanning for computers operated by Wind
242. in menu select Network then in the hierarchical list click the workstation name In the control menu left pane select Virus bases in the Tables subsection This opens a window with information on installed virus databases including information on the file containing a particular database virus database version the total number of virus records in the database the database creation date If the Virus bases itemis hidden to view the item select Administration in the main menu and then select Configure Dr Web Enterprise Server in the control menu of the window On the Statistics data tab set Stations status monitoring and Virus database monitoring flags then restart the Server 177 Ta J aw ys Chapter 7 Administration of Workstations 7 2 3 Anti Virus Package Composition To change the installing components list of the anti virus package 1 Open the list of components select the Network item in the main menu then select the station and click the Installing Components item in the control menu panel on the left 2 Select an option for necessary components in the drop down list e must means that a component must be present on the workstation When a new workstation is created the component is installed with the anti virus package If the must option is specified for an existing workstation the component will be added to the available anti virus package e may means that the component can potenti
243. in name lt fo der gt the name of destination directory A N T A A v Remote Installation Trouble Shooting 443 Remote Installation Trouble Shooting Principle of the installation 1 The browser Dr Web Browser Plugin module connects to the ADMINS resource at the remote station lt remote_station gt ADMINS and copies instaler files drwinst exe drwcsd pub specified in the Dr Web Control Center to the lt remote_station gt ADMI N Temp folder 2 The plug in runs drwinst exe file at the remote station with the switches according to the Dr Web Control Center settings Successful installation requires that at the station from which the installation will be performed 1 The ADMINS resource must be available at the remote station The availability can be checked in the following way In the address line of the Windows Explorer application enter the following lt remote_station gt ADMI N You will get the prompt for entering login and password for assess to this resource Enter the account data which have been specified on the installation page The ADMINS resource can be unavailable for the following reasons a account does not have administrative rights b the station is powered off or firewall blocks assess to the 455 port Ta J i ys Remote Installation Trouble Shooting c limitations of remote assess to the ADMIN resource at the Windows Vi
244. incremental number of transaction The format is described below in Appendix F3 id Files When setting up interserver links for product mirroring read p Peculiarities of a Network with Several Servers please remember that configuration files are not the part of the product and therefore are not properly handled by the mirror system To avoid errors during the updating for peer Servers use identical configuration for subordinate Servers disable synchronizing of components through HTTP protocol or keep the configuration identical After the configuration file and the status file have been edited reboot the Server Fi The Syntax of the config Configuration File Formal grammar based on the Extended Backus Naur Form EBNF notation is used for description of the Server configuration file It uses the following symbols 324 Ta J N ax Appendices 325 group of symbols fragment of the configuration file terminal symbol lt gt nonterminal symbol e symbol for selecting one of the given elements 2 symbol or group of symbols to the left of the operator is not obligatory may occur 0 or 1 time symbol or group of symbols to the left of the operator may be repeated any number of times or may be omitted symbol or group of symbols to the left of the operator may occur 1 or more times any symbol from the spec
245. ing square bracket on its own is not special If a closing square bracket is required as a member of the class it should be the first data character in the class after an initial circumflex if present or escaped with a backslash A character class matches a single character in the subject A matched character must be in the set of characters defined by the class unless the first character in the class definition is a circumflex in which case the subject character must not be in the set defined by the class If a circumflex is actually required as a member of the class ensure it is not the first character or escape it with a backslash For example the character class aeiou matches any lower case vowel while aeiou matches any character that is not a lower case vowel Note that a circumflex is just a convenient notation for specifying the characters that are in the class by enumerating those that are not A class that starts with a circumflex is not an assertion it still consumes a character from the subject string and therefore it fails if the current pointer is at the end of the string When caseless matching is set any letters in a class represent both their upper case and lower case versions The minus hyphen character can be used to specify a range of characters in a character class For example d m matches any letter between d and m inclusive If a minus character is required in a class it must be escaped with a ba
246. ing with the Database 1 Select the Administration item in the main menu 2 Click Dr Web Enterprise Server Configuration in the control menu 3 Go to the Database tab and select the type of DB in the Database drop down list IntDB internal DB a component of Enterprise Server MS SQL CE external DB for Servers running under Windows OS The MS SQL CE is a low production external DB and it is inferior to the internal DB in this parameter It is not recommended to use this DB if more than 30 stations are connected to the Server But the MS SQL CE DB can be successfully used to create reports using API ADO NET If you do not need this feature it is recommended to use an internal DB or any other external DB ODBC for Servers running under Windows OS or PostgreSQL for Servers operated by UNIX system based OS external DB 7 ax A J AN Chapter 8 Configuring the Dr Web Enterprise Server Oracle external DB for all platforms except FreeBSD install the latest version of the ODBC driver delivered with this DBMS It is strongly recommended not to use the Oracle ODBC driver supplied by Microsoft 1 If an Oracle external DBMS is used it is necessary to For an internal DB if necessary enter the full path to the database fie into the Path entry field and specify the cache size and the data log mode The parameters of an external DB are described in detail in Appendix B The Desc
247. install In case of using external DB restore the DB on the new Server and specify the path to this DB in the configuration file drwcsd conf Run the drwcsd exe with upgradedb switch for DB upgrading The command line will look as follows C Program Files DrWeb Enterpris Server bin drwesd exe upgradedb C Program Files DrWeb Enterprise Server update db Start the Server see Start and Stop the Dr Web Enterprise Server 262 Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components 9 1 2 Upgrading Dr Web Enterprise Server for UNIX System Based OS Upgrading the Server software over the previous version is possible not for all UNIX system based OS Thus under UNIX system based OS in which upgrading is not supported it is recommended to delete the Server software of previous versions and install the 6 0 2 version If you update the Server from 5 XX version to 6 0 2 version for Linux OS instead of deleting old version and installing new version of the Server you can use the following commands to update the Server for rpm rpm U lt package_name gt for dpkg dpkg i lt package_name gt All automatically saved files will be stored in corresponding directories and manual replacement is not required All actions must be performed under the root administrator account During Server update to 6 0 2 version from 5 0 1 and earlier versions
248. ion NAP is a policy enforcement platform built into Windows OS that allows you to better protect network assets by enforcing compliance with system health requirements With NAP you can create customized health requirement policies to validate computer health in the following cases before allowing access or communication e automatically update compliant computers to ensure ongoing compliance optionally confine noncompliant computers to a restricted network until they become compliant Detailed description of NAT technology specified at http www microsoft com windowsserver2008 en us nap product home aspx NAP in Dr Web Enterprise Security Suite Dr Web ESS allows you to use the NAP technology to check health of Dr Web anti virus software on protected workstations This functionality is provided by use of Dr Web NAP Validator Means of Health Validation A NAP health policy server which is installed and configured in the network The Dr Web NAP Validator which is an implementation of NAP System Help Validator SHV with use of Dr Web custom policies plug ins This component is installed on the computer where the NAP server resides e System Health Agents SHAs which are installed automatically on the workstations during installation of Enterprise Agents 284 Ta J i Chapter 10 Configuring the Additional 285 Components ys The Dr Web Enterprise Server which serves as the NAP remediation server an
249. ion limit and disable user intervention into the administration of the anti virus software on the workstation see p Setting Users Permissions Full rights Administrator can view and edit the list of current administrator accounts Read Only Administrators Administrators with read only rights can only view the settings of the anti virus network and its separate elements but cannot modify them Group Administrators with Full Rights Group Administrators have access to all system group and those custom groups which they are allowed to manage including nested groups Group Administrator accounts could be created for custom groups only see System and User Groups Only those groups which such administrators are allowed to access are displayed for them in the hierarchical tree The list of current administrator accounts is not available for Group Administrators Group Administrators with Read Only Rights You can grant Group Administrators with full rights to manage their groups as well as read only rights 145 Chapter 5 Anti Virus Network Administrators 146 Ta 2 i ax Default Administrators After Server is installed the admin account for administrator with full rights is created automatically Access password for this account is specified during the Server installation step 15 in the installation procedure 5 3 Management of Administrative Accounts account data of which is stored in the Enterpri
250. ion is ascribed to one Server which allows to distribute the load between them The connections between the Servers can have a hierarchical structure which allows to optimally distribute the load between the Servers When you beginning to plan structure of your antivirus network take into account the peculiarities of licensing multi server environments For details refer to Key Files To exchange information between the Servers software updates and information about the operation of the Servers and the workstations connected to them a special interserver synchronization protocol is used 244 Ta J N s Chapter 8 Configuring the Dr Web Enterprise 245 Server The most significant feature of this protocol is the efficient transfer of updates the updates are distributed as soon as received e the scheduling of updates on Servers becomes unnecessary except for those Servers which receive updates from the Dr Web GUS servers via HTTP 8 5 1 Building a Network with Several Dr Web Enterprise Servers Several ESS Servers can be installed in an anti virus network Each Enterprise Agent connects to one of them each Server with connected anti virus workstations functions as a separate anti virus network as described in previous Chapters Dr Web ESS allows to connect such anti virus networks by transferring data between Enterprise Servers A Server can send to another Server e software and virus database update
251. is required by Enterprise Server settings the anti virus package will be automatically installed 4 Restart the computer on Agent request 2 3 3 2 Installation of the Dr Web Enterprise Agent in the Graphical Mode of the Installer To install the anti virus software Dr Web Enterprise Agent and anti virus package in the graphical mode of the installer 1 From the workstation on which you want to install the anti virus software enter the network catalog of Agent installation located at the Server by default it is Installer folder and run the drwinst exe with the interactive parameter A window of the Installation Wizard of the Dr Web anti virus will be opened A T 2 ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components Before the installation the Wizard asks you to confirm that there is no anti virus plug ins on you computer Make sure that there is no anti virus software including other versions of Dr Web programs installed on your computer and set the I do not have other anti viruses installed on my computer flag Click Next In the next window choose type of installation Quick Recommended the most simple type of installation All parameters are set automatically Next go to step 7 Custom the type of the installation that allows you to choose the anti virus components to install on your computer e Administrative the most detailed type of insta
252. is not recommended to launch the Network Scanner possible insufficiencies of network review The functioning of the Network Scanner is guarantied under UNIX system based operating systems and Windows XP or later Microsoft Windows operating systems The Network scanner requires Dr Web Browser Plugin Network Scanner function as follows Scan browse the network for workstations Detect Enterprise Agents on stations Install Enterprise Agent on the detected stations as instructed by the administrator Enterprise Agent installation is described in detail in p Installing the Dr Web_ Enterprise Agent Software through the Dr Web Control Center To scan browse the network 1 Open the Network Scanner window select the Administration item in the main menu of the Dr Web Contro Center and select Network Scanner item in the control menu 2 If necessary set the Quick scan flag for express scanning 3 In the Networks field specify networks in the following format e with a hyphen for example 10 4 0 1 10 4 0 10 Ta J i ax Chapter 3 Components of an Anti Virus Network 116 and Their Interface separated by a comma with a whitespace for example 10 4 0 1 10 4 0 10 10 4 0 35 10 4 0 90 e with a network prefix for example 10 4 0 0 24 Specify the port to connect with the Agent If necessary change the value of timeout which defines time limit for receiving an answer from inquired st
253. ise Security Suite Components Table 2 1 Icons of the Network scanner ao fF ENM Workgroups The work groups containing inter alia computers on which the Dr Web ESS anti virus software can be installed Other groups containing protected or unavailable by network computers Workstations The detected station is registered in the DB and active i e the workstation with installed anti virus software The detected station is registered in the DB as deleted i e the workstation is listed in the table of deleted stations The detected station is not registered in the DB i e there is no anti virus software on the station The detected station is not registered in the DB the station is connected to another Server The detected station is registered in the DB bus it is not active and the port is closed You can also unfold catalog items corresponding to computers with the or icon and check which program components are installed there To open the component settings window click the station component icon Select an unprotected computer or several unprotected computers in the Network scanner window Select Install Dr Web Enterprise Agent in the toolbar A window for a remote installation task will be opened In the Dr Web Network Installer section you can set up the installation parameters of the Agent software In the Computer names field enter the target computer IP addresses Ta J N ax
254. ise Server Database tab Ta 2 N ax Frequently Asked Questions 428 You can also reconfigure the Server to use another database DBMS by editing the Server configuration file drwcsd conf directly To do this you should comment delete the entry about the current database and enter the new database for more details see Appendix G1 Dr Web Enterprise Server Configuration File You will be prompted to restart the Server Reject restarting 4 Stop Enterprise Server see step 1 5 Run drwcsd using the initdb switch to initialize a new database The command line will look as follows for Linux OS and Solaris OS etc init d drwesd initdb root keys agent key root for FreeBSD OS usr local etc re d drwesd sh initdb root keys agent key root It is presumed that the agent key resides in the root keys folder 6 Run drwcsd using the importdb switch to import the database from a file The command line will look as follows for Linux OS and Solaris OS etc init d drwcsd importdb var esbase es for Solaris OS etc init d drwcsd importdb var drwcs etc esbase es for FreeBSD OS usr local etc re d drwesd sh importdb var esbase es 7 Start Enterprise Server see step 3 Frequently Asked Questions 429 Ta 5 N ys If you want to change the parameters at Server start for example specify the Server installation folder change the log level etc yo
255. ist of GUS servers the Agent can connect to is stored in config files in repository subfolders for Windows OS DrWeb Enterprise Server var repository When the Agent is started with explicitly specified parameters the specified settings are used not only in the current session but are also written to the registry and become constant Thus if the Agent is run for the first time with all necessary settings at subsequent starts it is unnecessary to specify any parameters Under Windows NT OS Windows 2000 OS Windows XP OS Windows 2003 OS Windows Vista OS the Agent is run by the system as a service and is administrated through Control Panel Under Windows OS 98 Windows OS Me the Agent is run as a Windows 98 OS Windows Me OS service and cannot be administrated The start instruction format drwagntd lt switches gt lt servers gt 353 Ta J N Appendices ax Switches Possible switches home lt folder gt the folder to which the Agent is installed If the switch is not set the folder where the executable file of the Agent resides is meant key lt public_server_key gt a file of the Server public key by default it is drwcsd pub in the folder set by home drweb key lt license_key gt user license key file This key will be used by the client software if it does not visit the Server for a long time and in case the key received from the Server has expired When the Agent is c
256. ist of the License manager main pane drug and drop this station or group on the key record small delay can occur during update of the main pane list If the list of components licensed for installation at the station in the new key differs from the list in the old key request for specifying settings according to the components list from the new key will be prompt In the offered objects list stations and groups for which lists in the old key and in the imported key are differ and the differences list which components are absented and added in the new key are presented Set flags for objects for those you want to set new settings for installing components list For other objects with cleared flags settings specified before key changing will remain the same 124 Ta J N ys Chapter 3 Components of an Anti Virus Network and Their Interface Removing the License Keys for the Agent You can not delete a record for an Agent key file assigned for the Everyone group To remove the Agent licence key 1 In the main pane of the License manager select the key you want to delete or the object station or group for which this key is specified and click the x Remove key at the toolbar In the dialog box confirm the key deletion If for the object with deleted key personal settings for installed components list are set request for deleting personal settings will be prompt In the offered objects list st
257. it An assertion subpattern is matched in the normal way except that it does not cause the current matching position to be changed 402 Ta AN ax Appendices Assertion subpatterns are not capturing subpatterns and may not be repeated because it makes no sense to assert the same thing several times If any kind of assertion contains capturing subpatterns within it these are counted for the purposes of numbering the capturing subpatterns in the whole pattern However substring capturing is carried out only for positive assertions because it does not make sense for negative assertions Lookahead assertions Lookahead assertions start with for positive assertions and for negative assertions For example wt matches a word followed by a semicolon but does not include the semicolon in the match and foo bar matches any occurrence of foo that is not followed by bar Note that the apparently similar pattern foo bar does not find an occurrence of bar that is preceded by something other than foo it finds any occurrence of bar whatsoever because the assertion foo is always true when the next three characters are bar A lookbehind assertion is needed to achieve the other effect If you want to force a matching failure at some point in a pattern the most convenient way to do it is with because an empty string always matches so an assertion that requires there not to b
258. it is necessary to delete the repository and install the new repository After the Server has been removed the following files will remain dbinternal dbs internal database drwcsd conf Server configuration file the name may vary webmin conf Dr Web Control Center configuration file e drwesd pri and drwcsd pub encryption keys enterprise key and agent key Server and Agent license key files names may vary certificate pem SSL certificate 263 Ta J ww ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components private key pem RSA private key Starting from version 5 0 anti virus package includes SpIDer Gate and Office Control components For using this components they must be included in you license Antivirus Antispam If you license does not include this components it is recommended to perform the actions described below If using an internal database 1 2 Stop the Enterprise Server If you plan to use any files besides files which are copied automatically during Server uninstall at step 4 backup these files manually For instance copy the report templates to a backup folder Remove the contents of the repository Remove Enterprise Server software see Uninstalling the Dr Web Enterprise Server Software for UNIX system based OS You will be prompt to create backup copies for this specify a folder where to store the backup or accept th
259. ith any of them integration of search values according to the OR principle 3 After you specify all the necessary parameters click Search 4 All the found elements or the message Nothing found will be displayed in the hierarchical list 3 3 1 Administration Select the Administration item in the main menu of the Dr Web Contro Center The control menu in the left part of the window is used to view and edit information in the opened window The control menu consists of the following items 1 Administration Dr Web Enterprise Server opens the panel which shows basic information about the Server and lets you restart or shutdown it via the and is absent under Solaris OS buttons in the top right part of the panel Unapproved stations opens the panel with the list of unapproved workstations see New Stations Approval Policy 101 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface License Manager helps you to manage the license key files of Server and Agent see License Manager Encryption keys allows to export save locally public and primary encryption keys 2 Tables Audit log lets you view the log of events and changes carried out by the Dr Web Control Center Jobs execution log contains a list of Server tasks with completion marks and comments e Server statistics contains statistics of this Server operating 3 Configuration
260. ive Servers wil be opened Specify the necessary fields in format lt Server_name gt lt P address gt lt network_prefix gt lt port gt and click Find In the list of founded Servers choose one for installation of the anti virus software and click OK In the Dr Web Enterprise Server public key field specify the path to the public key drwcsd pub on your computer if launching the installer from the Server via network the key will be copied to the temporary files and after the installation it will be moved to the installation folder In the Installation directory field specify the path to your computer for the anti virus software installation By default it isthe Dr Web Enterprise Suite folder located at the Program files at the system disk In the Use compression during download section select the traffic compression option Yes use compression No do not use compression Maybe Server choice e The Add Dr Web Agent to windows firewall exclusion list flag prescribes to add ports and interfaces of Agent for an exception for your operating system firewall except Windows 2000 OS It is recommended to set the flag It will help to avoid errors e g during the automatic updates of the anti virus software and virus bases Set the Register Agent in system list of installed software flag if necessary 7 For the Administrative type of the installation in the next window specify the settings of Age
261. iver on 64 bit OS to get access to drivers use administrative management panel resides in C WI NDOWS SYSWOW6 4 odbcad32 exe Parameters When setting access to PostgreSQL use the parameters described below A AN 7 v A A yy Appendices 307 Table B 5 PostgreSQL parameters only in the version for UNIX OS host lt UNIX PostgreSQL server host domain socket gt port PostgreSQL server port or name extension of the socket file dismama ENC Database name user drwcs User name password dewcs Password options Debug trace options for sending to the Server tty File or tty to output at debug requiressl 1 instructs to request a SSL connection 0 does not instruct to make the request Set a 2 or 2 5 times greater value than the number of workstations expected in the anti virus network max _expr_ dept h More information can be found at http www postgresql org docs manuals Dr Web Enterprise Server and PosrtgreSQL DB Interaction via the UDS If the Enterprise Server and the PostgreSQL DB are installed on the same computer their interaction can be set via the UDS UNIX domain socket Ta 2 N ax Appendices 308 To set interaction via the UDS 1 In the postgresql conf PostgreSQL configuration file specify the following directory for the UDS unix socket directory var run postgresql 2 Restart the PostgreSQL Ta J i ax Appendices 309 Appendix C The
262. k see above To delete an existing task 1 Set the flag next to the task 2 Click the fix Remove these settings button on the taskbar of the Dr Web Control Center Local Schedule To edit the local schedule on a workstation 1 On the Agent context menu select Schedule and then Local 2 A window for editing the local schedule of Enterprise Agent will be opened On the Agent context menu the Schedule item will contain the Local option provided that the Create local schedule flag has been set in the station permissions from the Dr Web Control Center Using the local schedule a user can plan scanning and set parameters of this task Variants of setting objects for scanning as well as command line switches which specify the program settings are described in Dr Web Anti Virus for Windows User Manual 3 When you are done click Close Ta J N ax Chapter 7 Administration of Workstations 188 With the default settings the anti virus Monitor runs on workstations updating tasks and anti virus scanning are launched from time to time without the anti virus network administrator s intervention 7 5 Anti Virus Scanning of Stations Users can scan their workstations themselves using Dr Web Scanner for Windows A Scanner shortcut is created on the desktop during the installation of the anti virus package The Scanner can be launched and operate successfully even in case of Agent malfunction or running
263. k archives flag is set by default and instructs the Scanner to search for viruses in files within archives of different types The Check e mail files flag is set by default and instructs to scan mailboxes The Scan running programs and modules Processes in memory for the Enterprise Scanner flag is set by default and instructs to scan the processes run in the RAM The Scan programs that run on OS start up Startup processes for the Enterprise Scanner flag is set by default and instructs to scan the files automatically launched at startup The Scan boot sectors flag is set by default and instructs the Scanner to scan the boot sectors of the drives selected for scanning or those drives where the files selected for scanning reside Both boot sectors of logical drives and main boot sectors of physical drives are scanned 192 Ta AN ax Chapter 7 Administration of Workstations The Scan subfolders flag it is absent for the Enterprise Scanner is set by default and used in case of scanning the paths This flag instructs the Scanner to scan not only files but specified nested subfolders In case of setting the Scanner parameters via the Dr Web Scanner for Windows item of the control menu the following parameters are available Protect the HOSTS system file forbid modifications of the HOSTS file The operating system uses this file when connecting to the Internet Changes to this file may indicate virus i
264. kware e Hacktools In the Reboot mode drop down list set the mode for restart the computer after the scan In the Infected archives drop down list set the Scanner reaction to the detection of an infected or suspicious file in a fie archive or container The reaction is to be applied to the whole archive In the Infected files drop down list set the Scanner reaction to the detection of a file infected with a known virus The Suspicious files drop down list sets the Scanner reaction to the detection of a file presumably infected with a virus upon a reaction of the heuristic analyzer When scanning with the OS installation folder included to A the list of objects it is advisable to select the Report action for suspicious files instead of the default Quarantine action The Incurable files drop down list sets the Scanner reaction to the detection of a file infected with a known incurable virus and in case an attempt to cure a file failed The Enable archive deletion flag allows to delete infected archives and e mail files If you set this flag the Infected archive and Infected e mail file lists will contain the Delete action If you clear this flag only Quarantine by default for archives Rename and Report by default for e mail files actions will be acceptable Excluded Files and Paths Lists To edit lists of excluded from scanning files and paths In an empty line of the Paths excluded from scanning or F
265. l esul esul esul ce Ee ce Ee ECs Ce CS EC 328 Ta J N ax Appendices msk4 drweb com update http proxy 10 3 0 74 auth user pass http esuite us drweb com update http proxy 10 3 0 74 auth user pass http esuite frl drweb com update where 10 3 0 74 IP address of the proxy server user name of the user to access the proxy server may be absent if the proxy do not require authentication pass password to access the proxy server may be absent if the proxy do not require authentication The sync only Instruction The sync on1y instruction explicitly specifies the sets of filenames specified both by regular expressions in a simple form as shown in this section and in full form qr as shown in p Launching and Terminating Anti Virus Scanning on Workstations which are subject to synchronization If the instruction is absent by default the whole content of the folder will be synchronized excluding files whose names begin with a period Example sync only common drw vdb instructs to update only virus databases The sync ignore Instruction The sync ignore instruction explicitly specifies the set of files which are not subject to synchronization 329 A N T A A A yy v Appendices 330 If some files have been locally added to a product which A were not present in the original set and
266. l Center You must edit Active Directory administrators settings manually at the Active Directory server To edit Active Directory administrators The following operation must be carried out from a computer with Active Directory Service snap in 1 To enable editing of administrator parameters do the following a b c Modify Active Directory scheme with the drwschema modify exe utility is included in the Enterprise Server distribution kit Modification may take some time Note that depending on the domain configuration it may take up to 5 minutes and more to synchronize and apply the modified scheme Register Active Directory Schema snap in execute the regsvr32 schmmgmt dll command with the necessary administrative privileges then run mmc and add the Active Directory Schema snap in Using the Active Directory Schema snap in add the auxiliary DrWebEnterpriseUser class to the User and if necessary Group classes has not finished the DrWebEnterpriseUser class may be not found In this case wait for a few minutes and retry to add the class wy If the scheme modification and application process 141 Ta J N ax Chapter 5 Anti Virus Network Administrators a With the necessary administrative privileges run the drweb esuite aduac 600 XXXXXXXXX windows nt xYY msi file is included in the Enterprise Security Suite 6 0 2 distribution kit and wat until the insatllation finishes 2 Visual editi
267. l workstations from this group y Merge stations Join workstations under a single account in the hierarchical list It can be used if a workstation had been registered under several accounts see p Merging Stations Remove personal settings Remove individual settings of selected objects Settings of the parent group will be used All workstations inside a group will also have their settings removed D Import key Set a key for workstation or group Send message Send notifications to users of workstations see Sending Notifications to the Users ix Uninstall Dr Web Agent Remove the Agents and anti virus software from the selected workstation s or group s install Dr Web Enterprise Agent Open the Network scanner for Agent installation to the selected stations This option is enabled only if new approved stations or stations with deinstalled Agent are selected S Restore deleted stations Allows to restore stations deleted earlier see also p Removing and Restoring Stations This option is active only if stations from the Deleted subgroup of the Status group are selected sP Add a station or a group Add a new element of anti virus network Click the corresponding item in the drop down menu E Add station Add a new station see Creation of a New User Account 105 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface a Add group Add a new group see Creating and Deleti
268. licence keys for example to renew the expired licence of anti virus network components either the Server and the Agent perform the folowing actions in the Licence Manager 1 Add the new Server key Activate the new Server key Delete the old Server key Replace the Agent licence key for the Everyone group and if necessary for all other stations and groups with the personal licence keys gai a 3 4 2 1 Dr Web Enterprise Server Keys Via the License Manager you can implement the following actions for the Dr Web Enterprise Server license keys 1 View the summaries about license 2 Add new license keys for the Server 3 Change the license activity 4 Remove the licence keys for the Server View the Summaries about License To view the summaries about the Server licence in the main pane of the License manager select the record to view the detail information and click the L Edit at the toolbar In the opened pane you can view the following information the owner of the license the dealer who sold the license identification number of the license license expiration date Inclusion of the Anti spam component Ta J N ax Chapter 3 Components of an Anti Virus Network 121 and Their Interface Add New License Keys for the Server To add new license keys for the Server 1 Click the sP at the toolbar and select the E Add server key in the drop down menu 2 At the opened pane click Br
269. llation Allows you to set change all parameters of the installation and the anti virus software If you choose Custom or Administrative types of installation in the next window you will be offered to overview the components of Dr Web anti virus package Set flags for the components you want to install on your computer In the Installation path field specify the path to install the anti virus software To set change the default path click the Browse and specify the necessary path Click Next If you chose Custom type of installation go to the step 7 For the Administrative type of the installation in the next window specify the settings of the Network installer 62 Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components e In the Dr Web Enterprise Server field set the network address of the Server from which the Agent and the anti virus package will be installed If you specified the Server address while launching the installer it will be automatically set in this field If you do not know the Server address click the Find button The window for network searching of active Servers will be opened Specify the necessary fields in format lt Server_name gt lt P address gt lt network_prefix gt lt port gt and click Find In the list of founded Servers choose the one for the installation of the anti virus software and click OK In the Dr Web Enterprise Server pu
270. mand usr local etc re d drwesd sh start During the installation of the Enterprise Server for Linux OS and Solaris OS an init script etc init d drwcsd for the launching and termination of the Server using opt drwcs bin drwcs sh will be created The latter cannot be launched manually 2 2 3 Installation of the Dr Web Browser Plugin Dr Web Browser Plugin is used to operate the Dr Web Control Center in full see also the System Requirements section The plug in is distributed with the Server installation package and can be installed Ta J 1 ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 1 Automatically by browser request when you use Dr Web Control Center particularly elements which require the plug in antivirus components remote updater or Network Scanner 2 Manualy via the Dr Web Browser Plugin installer Manually Installation of Dr Web Browser Plugin To download Dr Web Browser Plugin for manually installation 1 Open the Dr Web Control Center If Dr Web Browser Plugin for using browser is not installed yet under the main menu recommendation on plug in installation will be presented 2 Follow the Install Dr Web Browser Plugin link Spal Sat Dr WE Wi se all the features of Dr Web wo a d on enables a port scanner and Browser Plugin Dr Web Browser Plugin for Firefox 4 x86 Download 64 bit version of Dr Web Browser Plugin
271. me win nt scripts win nt inst rexx platform 7 common for any OS ancluding UNIC ES F name common scripts common inst rexx include file name optional this stanza tells to include other file including file will be searched in the same folder where current file ar located if file name does not include folder specificator Ta J N ax Appendices The script contains a list of the platform constructions and allows to include determinations from other files with the help of the include construction include is admissible on the upper level only and is inadmissible inside platform If filename in include does not contain paths but a file name only it is searched for in the same folder as the current one The use of include constructions in the included files is allowed The description of a platform begins with the name XXX construction Then the pair of files and scripts lists follows the order of these lists is inessential The lists may contain any number of elements The order of elements in the list is essential as it defines the order of files transferred to the station and the construction of the formed script The order of the platform constructions is also inessential The variables of the installation scripts the values for these variables can be specified from the command line of the network installer with their default values are list
272. ml Configuration file of the Dr Web Control Center webmin conf If on the computer with corresponding component the Agent with enabled self protection is installed before editing configuration files disable the Dr Web SelfPROtect component via the Agent settings After you save all changes it is recommended to enable the Dr Web SelfPROtect component G1 Dr Web Enterprise Server Configuration File The drwcsd conf Server configuration file resides by default in the etc subfolder of the Server root folder If the Server is run with a command line parameter a non standard location and name of the configuration file can be set for more read Appendix H5 Dr Web Enterprise Server To manage the Dr Web Enterprise Server configuration file manually do the following 1 Stop the Server see Start and Stop the Dr Web Enterprise Server 2 Disable self protection in case of installed Agent with the active self protection in the Agent context menu 3 Manage the Server configuration file Ta J N ax Appendices 336 4 Start the Server see Start and Stop the Dr Web Enterprise Server Dr Web Enterprise Server Configuration File Format Formal grammar based on the Extended Backus Naur Form EBNF notation is used for description of the Server configuration file It uses the following symbols group of symbols fragment of the configuration file terminal symbol lt
273. more than two alternatives in the subpattern a compile time error occurs There are three kinds of condition If the text between the parentheses consists of a sequence of digits the condition is satisfied if the capturing subpattern of that number has previously matched The number must be greater than zero Consider the following pattern which contains non significant white space to make it more readable assume the PCRE_ EXTENDED option and to divide it into three parts for ease of discussion AC 1 The first part matches an optional opening parenthesis and if that character is present sets it as the first captured substring The second part matches one or more characters that are not 406 Ta J N ax Appendices parentheses The third part is a conditional subpattern that tests whether the first set of parentheses matched or not If they did that is if subject started with an opening parenthesis the condition is true and so the yes pattern is executed and a closing parenthesis is required Otherwise since no pattern is not present the subpattern matches nothing In other words this pattern matches a sequence of non parentheses optionally enclosed in parentheses If the condition is the string R it is satisfied if a recursive call to the pattern or subpattern has been made At top level the condition is false If the condition is not a sequence of digits or R it m
274. most severe errors e err Error notify of operation errors e wrn Warning warn about errors e ntc Notice display important information messages e inf Info display information messages e tr0 3 Trace Trace 1 Trace 2 Trace 3 enable tracing events The options are displayed in the ascending order according to the level of detail Trace instructs to log in the minimum level of detail Trace 3 instructs to log in the maximum level of detail e dbO 3 Debug Debug 1 Debug 2 Debug 3 instruct to log debugging events The options are displayed in the ascending order according to the level of detail Debug instructs to log in the minimum level of detail Debug 3 instructs to log in the maximum level of detail Ta J N ax Appendices 409 The tr0 3 trace and db0 3 debug levels of detail are applicable for messsages for Dr Web ESS developers only lt process_id gt unique numerical identifier of the process within which the thread that wrote the message to the log file was executed Under certain OS lt process_id gt may be represented as lt process_id gt lt thread_id gt lt thread_name gt character representation of the thread within which the message was logged lt message_source gt name of the system that initiated logging the message The source is not always present e lt message gt text description according to the log level It
275. mport settings from a file click 5 Import settings 9 To save changes click Save If you have edited a workstation when it was not connected to the Server the new settings will be accepted once the Agent has reconnected to the Server 7 2 2 Viewing Installed Components List of the Anti Virus Package Components To check which components are installed on a workstation 1 Select the Network item in the main menu then click the name of a group or workstation in the hierarchical list 2 Select the Installed components item in the control menu the panel on the left to open a list of installed components Ta 2 i ax Chapter 7 Administration of Workstations Compound of installed components list depends on Components enabled in the licence key file Workstation OS Settings specified by administrator of anti virus network at the Server Administrator is able to change the list of anti virus package components either before Agent see Anti Virus Package Composition installation or at any time after its installation It is not recommended to install SpIDer Gate SpIDer Mail and Dr Web Firewall components on servers that implement significant network functions domain controllers licence distribution servers and etc to avoid probable conflicts between network services and internal components of Dr Web antivirus Virus Bases To view virus databases installed on a workstation 1 In the ma
276. myhost1 using broadcasting messages on port 9999 on myhostl interface E2 The Addresses of Dr Web Enterprise Server Receipt of Connections lt connection protocol gt lt socket address gt By default depending on lt connection protocol gt tcp 0 0 0 0 2193 which means all interfaces excluding those with IPv6 addresses port 2193 tcp 2193 which means all IPv6 addresses port 2193 spx 00000000 000000000001 2193 which means all interfaces port 0x2193 nbs drwes 23 0 Ta 3J AN ys Appendices 322 which means using NetBIOS stream protocol pot 23 computer drwcs Dr Web Enterprise Server Location Service lt datagram protocol gt lt endpoint socket address gt lt interface gt By default depending on lt datagram protocol gt udp 231 0 0 14 2193 0 0 0 0 which means using a multicast group 231 0 0 1 2193 for all interfaces udp 18 231 0 0 1 2193 0 which means using a multicast group 18 231 0 0 1 2193 on all interfaces ipx 00000000 FFFFFFFFFFFF 2193 00000000 000000000000 which means receipt of broadcasting messages on socket 0x2193 for all interfaces e nbd drwes 23 0 which means using NetBIOS datagram protocol port 23 computer drwcs E3 The Addresses of Dr Web Enterprise Agent Installer Direct Connection to the Dr Web Enterprise Server lt connection protoco l gt lt remote socket address
277. n Health Policy Requirements 1 Enterprise Agent must be started and running Agent health Dr Web virus databases must be up to date i e databases on the workstation must be similar to those on the Server Setting NAP Validator You need to configure Dr Web NAP Validator after installing it on a computer where a NAP server resides For more information on installation see Installing NAP Validator To configure Dr Web Nap Validator 1 To open NAP server configuration component run the nps msc command In the Policies section select Health Policies Configure the NAP DHCP Compliant policy To enable the policy select Dr Web System Health Validator in the settings window e To classify workstations as compliant only when all health policy requirements are met select Client passed all SHV checks in the drop down list Configure the NAP DHCP Noncompiliant policy To enable the policy select Dr Web System Health Validator in the settings window 286 Ta AN Chapter 10 Configuring the Additional Components ax e To classify workstations as noncompliant if any of the health policy requirements are not met select Client failed one or more SHV checks in the drop down list 287 Ta AN A v A Appendices 288 Appendices Appendix A The Complete List of Supported OS Versions For the Dr Web Enterprise Server UNIX system based OS ALT Linux School Server 5 0 ALT Linux
278. n contains records with license keys of Server Note that only one record is active using by Server at the moment Agent keys This section contains records with license keys of Agent Each license key can be assign for several stations or groups displayed as nested items of the key record To manage license keys use the items of the toolbar Padd key lets you to add a new record with the key file To do this select the option in the drop down menu 4 Add server key add a new key file for Server eI Add agent key add a new key file for Agent Remove key delete a records for a key files You can not delete a record for an Agent key file assigned for the Everyone group and the current active record of a Server key file 4 Edit view the information about the license its activation only for Server and replace the key file only for an Agent if necessary This option is active only if the record for Server or Agent key is selected in the main pane b Propagate these settings to another object allows to assign selected key tor the group or the station specified in the opened window This option is active only if the record for an Agent key is selected in the main pane D Export key allows to save local copy of file for the key selected in the list 119 Ta J N ax Chapter 3 Components of an Anti Virus Network 120 and Their Interface Replacing Keys Example If you want to change all
279. ned e main memory RAM boot sectors of all disks 106 Ta AN ax Chapter 3 Components of an Anti Virus Network and Their Interface autorun objects root directory of the boot sector root directory of the Windows OS installation disk system directory of the Windows OS My documents folder temporary directory of the system e temporary directory of the user oN Dr Web Scanner for Windows Complete scan In this mode all hard disks and removable disks including the boot sectors will be fully scanned E Dr Web Scanner for Windows Custom scan In this mode you will be able to choose files and folders to scan a Dr Web Enterprise Scanner for Windows In this mode the scan will be done via the Dr Web Enterprise Scanner 3 Tree settings Adjust the appearance of the list for groups e All groups membership show a station in all groups it is a member of only for groups under the white folder icon see Table 3 2 If the flag is set the station will be shown in all member groups If the flag is cleared the station will be shown only in the top white folder e Show hidden groups show all groups included in the anti virus network If you clear the flag all empty groups not containing stations will be hidden It may be convenient to remove extra data for example when there are many empty groups e for stations e Show station ID show unique identifiers of stations in the
280. network traffic correspondingly also see p Traffic Encryption and Compression In the Network scanner listen field specify the UDP port for the Dr Web Control Center to use when searching for working Enterprise Agents in a network To disable listening to ports enter NONE This parameter should be specified in the network addresses format described in Appendix E The Specification of Network Addresses By default the udp 2193 is used which means all interfaces port 2193 Mobility Tab On the Mobility tab you can set the Mobile Mode of the Agent e In the Update period field specify the time interval between anti vrirus software updates in seconds Set the Check Internet connection flag to enable checking 181 Ta J N ax Chapter 7 Administration of Workstations if there is a connection to the Internet before starting updating Set the Use proxy server flag to use an HTTP proxy server to receive updates from the Internet This will make the fields to set a proxy server available Log Control Tab On the Log control tab you can set the parameters of Agent logging In the Log file name field specify the path to the log file on the user s machine The Log level parameter determines the level of detail of logging see also p Dr Web Enterprise Server Logging The values of the Log rotation fields determine such parameters of logging as the number and size of log files and old files compre
281. next windows select the key file for the Server enterprise key and for Enterprise Agent agent key which are supplied with the distribution kit or for upgrade from the previous version are stored in the root esuite backup folder by default or in the folder specified by you During the installation in console mode quantity of wrong attempts of key input are restricted for FreeBSD 3 attempts for Solaris 2 attempts On the expiry of all given attempts the installation will be terminated 5 Next e In case you are installing a Solaris system compatible version you will be asked to create a new database for the Enterprise Server If you are upgrading an already installed Server and you want to use the existing database type no press ENTER and select the path to the DB If you are installing the Enterprise Server on your computer for the first time press ENTER and specify the administrative password login admin password to access the Server You can leave the default password root If you set you own password for safety reasons the typed password is not displayed on the screen You must type the password twice if specified passwords are differ you will have to repeat the procedure follow the instructions in appearing messages The password should not be less than 4 characters Next you will be asked to create new encryption keys If you have saved drwcsd pri and drwcsd pub 46 Ta J N ax
282. nfection The Scan files item defines the scan mode Select the mode in the drop down list e All files scan all files regardless of their names and extensions e User masks scan only files which names and extensions are included in the list specified at the Mask list tab e Selected types scan only files which extensions are included in the list specified at the Extensions list tab The Prompt on any action flag instructs to show messages about events and Scanner action confirmations to the user The Prompt to scan another floppy flag uses in case of scanning the removable data storages such as floppy or CD DVD disks flash drives etc and instructs to prompt the confirmation for change the current and check the next storage In case of setting the Scanner parameters via the Dr Web Scanner for Windows item of the toolbar select one of the two alternative modes 1 Scan all volumes For the Enterprise Scanner if Scan all volumes is selected specify what system volumes should be scanned To scan fixed hard drives select Fixed volumes 193 Ta AN ax Chapter 7 Administration of Workstations 194 e To scan all removable data storages such as floppy or CD DVD disks flash drives etc select Removable volumes The paths excluded from search can also be specified in the Scan all volumes mode Details of path selection are provided below 2 Scan specified paths If Scan specified paths
283. ng Groups Data Export Save common data about workstations in the anti virus network to a CSV HTML or XML file Select the file format in the drop down menu Change group visibility settings Change the appearance of groups in the list Select one of the following in the drop down list the icon of the group will change see table 3 2 Hide group means that the group will not be displayed in the hierarchical list Hide if empty means that the group will not be displayed if the group is empty does not contain any workstations E Show means that the group will always be displayed in the hierarchical list Managing components Manage the components on the workstation Select the necessary action in the drop down menu Update all components Update all installed components of the anti virus e g when the Agent has not been connected to the Server for a long time etc see also p Manual Updating of the Dr Web ESS Components fe Update failed components Force synchronization of the components that failed to update Gh Interrupt running components Stop all active scans at the station For more details about termination of scanning processes of a certain type see Terminating Running Components by Type Q Scan Scan stations in one of the modes selected in the drop down menu see also Launching Scan on Station a Dr Web Scanner for Windows Express scan In this mode the following objects are scan
284. ng characters in patterns to make them visible There is no restriction on the appearance of non printing characters apart from the binary zero at the end of a pattern But when a pattern is being created in a text editor it is usually easier to use one of the following escape sequences than the binary character it represents a alarm i e the BEL character hex 07 387 Ta J N ax Appendices cx control x where x is any character e escape hex 1B f formfeed hex 0C n newline hex 0A r carriage return hex 0D t tab hex 09 ddd character with octal code ddd or back reference xhh character with hex code hh The precise effect of cx is as follows if x is a lower case letter it is converted to upper case Then bit 6 of the character hex 40 is inverted Thus cz becomes hex 1A but c becomes hex 3B while c becomes hex 7B After x from zero to two hexadecimal digits are read letters can be in upper or lower case After 0 up to two further octal digits are read In both cases if there are fewer than two digits just those that are present are used Thus the sequence 0 x 07 specifies two binary zeros followed by a BEL character code value 7 Make sure you supply two digits after the initial zero if the pattern character that follows is itself an octal digit The handling of a backslash followed by a digit other than 0 is complicated Outside a character class PCRE reads it
285. ng of attributes is available from the Active Directory Users and Computers control pannel Users section in the Administrator Properties window for editing settings of selected user on the Dr Web Authentication tab The following parameters are available for editing yes no or not set values can be set for each attribute User is administrator indicates that the user is full rights administrator User is read only administrator indicates that the user is administrator with read only rights If the yes value is set for the User is administrator parameter only the user is full rights administrator If the yes value is set for both User is administrator and User is read only administrator parameters the user is administrator with read only rights Inherit permissions from groups parameter allows inheriting of the rest parameters values from the user groups If any parameter or several parameters has not set value and the Inherit permissions from groups parameter is set to yes values of not specified parameters are inherited from the user groups wy Algorithms of operating principles and attributes handling during authorization are described in the Appendix N 142 Ta J N ax Chapter 5 Anti Virus Network Administrators LDAP Authentication To enable LDAP authentication 1 Select Administration in the main menu of the Control Center 2 Select Authorization in the control menu 3
286. ng of the failed components as well as other components 270 Ta J N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components Critical Updating Error In case of a critical error occurs during the operation of Dr Web Enterprise Agent 1 2 9 3 Initiate a forced update of the workstation see p Manual Updating of the Dr Web ESS Components Through logs of the Agent and the updater stored on the workstation investigate the cause of the error By default both log files drwagntd log and drwupgrade log reside in the logs subfolder of the Agent installation folder Remove the cause of the error Run a forced update of the workstation again Scheduled Updates You can make a schedule on a certain Enterprise Server to regularly check for software updates and synchronize products in the repository with new versions on another Enterprise Server or the GUS server For more details on the schedule see p Setting the Dr Web Enterprise Server Schedule To schedule product updates on the Dr Web Enterprise Server 1 Select the Administration item in the main menu and click Dr Web Enterprise Server Schedule in the control menu The list with the current tasks of the Server will be opened To add a task click i New job in the toolbar In the opened window assign a name to the task in the Name field Go to the Action tab and select the Update action in the drop down lis
287. ngs for the group policy created on step 4 To do this a for Windows 2000 2003 Server OS in the hierarchical tree select Computer Configuration Software Settings Software Installations b for Windows 2008 Server OS in the hierarchical tree select Computer Configuration Policies Software Settings Software Installations On the context menu of Software Installations select New Package Specify the Agent installation package To do this specify the address of the network shared resource which contains the Agent image you created during the administrative installation The path should be specified in the network addresses format even if the catalog is a locally accessible resource Click OK A Deploy Software window will be opened Select the Assigned option Click OK In the Group Policy Object Editor window select the added package On the context menu of this element select Properties In the opened package properties window select the Deployment tab Click the Advanced button An Advanced Deployment Options window wil be opened Set the Ignore language when deploying this package flag Click OK twice Enterprise Agent will be installed on selected computers at their next registration in the domain 76 Ta J N ax Chapter 2 Installation and Removal of Dr Web 77 Enterprise Security Suite Components Policies Assignment in Consideration of Previous Agent Installations When
288. ninstall the software and agree to run the deinstallation scripts on behalf of the administrator root Enterprise Server software will be removed On FreeBSD OS and Linux OS the Server operations will be immediately terminated the database key and configuration files will be copied to HOME drwcs as a rule it is root drwcs under Linux OS Under FreeBSD OS you will be requested to enter a path by default it is var tmp drwcs On the Solaris OS operating environment after the Server has been removed the database key and configuration files will be copied to the var tmp DrWebESS folder Ta J N ax Chapter 2 Installation and Removal of Dr Web 87 Enterprise Security Suite Components To remove Dr Web Browser Plugin Execute the following command for deb packages dpkg P drweb esuite plugins for rpm packages rpm e drweb esuite plugins for other systems tar bz2 and tar gz packages rm f lt plugins_directory gt libnp so For exmaple for Mozila Firefox browser rm f usr lib mozilla plugins libnp so Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface Chapter 3 Components of an Anti Virus Network and Their Interface 3 1 Dr Web Enterprise Server An anti virus network buit with Dr Web ESS must have at least one Enterprise Server To increase the reliability and productivity of an anti virus network and distribute the comp
289. not require user intervention Once the installation is complete click Finish 41 As a rule Enterprise Server is administrated by means of the Dr Web Control Center Elements to facilitate adjusting and managing the Server are placed Ta N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components in the main Windows OS menu by the installation wizard On the Start Programs menu the installation wizard creates a Dr Web Enterprise Server folder which contains the following items The Server control folder in its turn contains the commands to start restart and shut down the Server as well as the commands to set up the logging parameters and other Server commands described in detail in Appendix H5 Dr Web Enterprise Server Web interface item opens the Dr Web Control Center and connects to the Server installed at this computer at the http localhost 9080 Documentation item opens administrator documentation in HTML format The installation folder of the Dr Web Enterprise Server for Windows OS has the following structure bin here reside executable files of Enterprise Server etc contains the files where main program settings are stored and licence keys of the Server enterprise key and the Agent agent key Installer contains a program initializing the installation of Enterprise Agent on a computer and the public encryption key file
290. nstaller for networks with Active Directory lt package_name gt msi After deployment the administrative package in the wy lt destination_dir gt Program Files DrWeb Enterprise Suite directory only the README txt file must resides 1 Issue the command msiexec a lt path gt lt package_name gt msi 2 An InstallShield Wizard window with information on the program selected for installation will be opened Click Next The Agent Installer uses the language specified in the language settings of the computer 3 In the next window specify the DNS name preferred form or the IP address of Enterprise Server see Appendix E3 Ta AN ax 4 5 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components Specify the location of the public key fie of the Server drwcsd pub Click Next In the next window type the name of a network catalog to which the image of the Agent is planned to be written The path should be specified in the network addresses format even if the catalog is a locally accessible resource the catalog should be accessible from the target stations Click Install After installation is finished the settings window displays which helps you configure installation of the package on network workstations Installation of the Package on Selected Workstations 1 3 4 In Control Panel or in the Start menu for Windows 2003 2008 Server OS in the Start
291. nt e In the Authorization section the parameters for Agent authorization at Server are set For the Automatic Default option the mode of the station access defines at Server For the Manual option you must specify the authorization parameters the station Identifier and its Password for the access to Server The station will have access permission without manually confirmation by the administrator at Server 58 A Q T gt N Chapter 2 Installation and Removal of Dr Web 59 Enterprise Security Suite Components ax If you use the installer created in the Control Center Identifier and Password fields will be set automatically In Compression and Encryption sections set modes of traffic between Agent and Server for more details see p Iraffic Encryption and Compression Click Next 8 The installation of Agent and anti virus components will start does not require user intervention 9 After the installation is complete the Installation Wizard will request to restat you computer Click Finish for the Installation Wizard closedown 10 Restart the computer Immediately after instalation Agents automatically establish a connection with the Server Once an Agent has connected to the Server the name of the respective workstation appears in the anti virus network catalog of the Dr Web Control Center Enterprise Agents can be installed on workstations remotely through the Dr Web Control Center 2 3 3
292. ntents Server license key private encryption key Server configuration key and Dr Web Control Center configuration key The backup files are stored in the following folders relatively to the Server installation folder for Windows OS var Backup for Linux OS var opt drwcs backup for FreeBSD and Solaris OS var drwcs backup For that purpose a daily task is included to the Server schedule If such task is missing it is strongly recommended to create t The copies are stored in the dz format unpackable with gzip and other archivers After unpacking all the files except for the database contents are ready to use To restore the data the database contents can be imported from the backup to another database of the Server by means of the importdb switch see p Restoring the Database of Dr Web Enterprise Security Suite It is also recommended to store copies of the following files on another PC drwcsd pri and drwcsd pub encryption keys nterprise key and agent key license keys certificate pem SSL certiiffcate private key pem RSA private key and regularly copy Server database contents backup database dz Server and Dr Web Control Center configuration files drwcsd conf and webmin conf to another PC Thus you will be able to avoid data loss should the PC on which Enterprise Server is installed be damaged and to fully restore the data and the functionality of the Server If license keys are lost they may be requ
293. o usr local drwcs Installer for Solaris OS var drwcs etc except for the public key Put the latter to opt drwcs Installer 438 Ta J N ax Frequently Asked Questions For all replaced files assign the same permissions as those set at the previous lost installation of the Server 3 Generate a new SSL certificate for Linux OS and Solaris OS etc init d drwesd selfcert for FreeBSD OS usr local etc rc d drwesd sh selfcert for other supported versions opt drwes bin drwesd var root var drwces log var drwes log drwcsd log selfcert 4 The next steps depend on the availabilty of the Server database a If you have a working external DB no further restoring procedures are needed provided that you have the configuration file and the Server build is the same as the old one Otherwise you will have to register the database in the configuration file and or update the structure of the database with the upgradedb switch see variant c below b If you have a backup of internal or external DB contents database dz start the Server remove the internal DB created at the installation initiate creating a new one and import the contents of the old DB from the backup copy see p Restoring the Database of Dr Web Enterprise Security Suite c If you have a saved copy of the internal DB replace the new file with it for Linux OS var opt drwces dbinternal dbs for FreeBSD OS and Solaris OS
294. of a local network and competent in anti virus protection as an administrator of the anti virus network Such employer should have full access to the installation folders of Enterprise Server Such employer should either be a local network administrator or work closely with such person To manage the Dr Web ESS anti virus it is not w necessary to have administrator rights on computers included in the anti virus network However remote installation and removal of the Agent software is possible within a local network only and requires administrator s rights in the local network and checkout of Enterprise Server requires full access to its installation catalog 5 1 Authentication of Administrators To connect to the Enterprise Server administrator can authenticate by the following ways 1 With storing administrator account information in the Server DB 2 Via the Active Directory for Servers under Windows OS 3 Via the LDAP protocol Authentication methods are used sequentially according to the following rules 1 Authentication of administrator from the Server DB is always tried first 2 By default LDAP authentication is used second via the Active Directory the third Ta J N ax Chapter 5 Anti Virus Network Administrators 3 Authentication methods via LDAP and Active Directory can be swapped in the Server settings but authentication of administrator from the Server DB is always used first 4 Authenti
295. of details for the installation log In the Installation timeout sec field specify maximum time to wait for the Agent installation to complete in seconds Valid values 1 600 180 seconds is set by default 69 Ta J N ax 16 17 18 19 20 Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components If network channel capacity between the Server and the Agent is low it is recommended to enlarge the value of this option If necessary set the Register installation in Add Remove Program database flag In the Install section select the anti virus components to install on the station Also specify the parameters of traffic compression during installation In the Authorization section specify the parameters of authorization for access to the remote computer You can set several administrator accounts To do this a Click bl to add specified account from the Authorization section to the list of accounts which are used during installation b To add one more account specify authorization parameters repeatedly and click i And etc c In the list of used accounts you can disable of enable accounts disabled earlier To do this clear or set flags for corresponding accounts During Agent installation the first account in the list is used at first If installation under this account failed the next account in the list is used and etc Having set up all the necessary par
296. oftware Installation Installation of other software components of Agent and anti virus package is proceeded without administrator intervention 134 Ta J N aX Chapter 4 Getting Started General Information Anti virus components specified at the primary group settings are installed on the station Later you can change the list of components at the station primary group settings or specify corresponding personal settings for a certain station To finish the installation of some components for anti virus workstations you will need to restart the computer In this case there will appear a red exclamation mark over the Agent icon in the Taskbar see also Dr Web_ Enterprise Agent 4 2 Setting the Network Connections General Information The following clients are connected to Enterprise Server Enterprise Agents Network Installers of Enterprise Agents other Enterprise Servers Connection is always initiated by a client The following schemas for connection to the Server are available 1 Using Direct connections This approach has a lot of advantages but it is not preferable in some situations also there are some situations that are not compatible with this approach 2 Using Server Detection Service Clients use this Service by default if the other is not set obviously You can use this approach if the resetting of all system is needed in particular if you need to move the Server to 13
297. ollowing files see Installation Files for details esinst exe Installation Package drwinst Agent Network Installer For installation of Enterprise Agent on LAN servers and cluster computers consider the following For installation on computers which implement terminal servers functions the Terminal Services are installed on Windows OS to provide Agents operation in user s terminal sessions Agents software must be installed locally via the Add or Remove Programs Wizard on Control Pannel of Windows OS It is not recommended to install SpIDer Gate SpIDer Mail and Dr Web Firewall components on servers which implement significant network functions domain controllers 51 A N T A A A yy v Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components licence distribution servers and etc to avoid probable conflicts between network services and internal components of Dr Web antivirus e Installation of the Agent on a cluster must be performed separately on each cluster node The operation principles for Agents and anti virus package on the cluster node are similar to those on a standard LAN server thus t is not recommended to install SpIDer Gate SpIDer Mail and Dr Web Firewall components on cluster nodes e If access to quorum resource of a cluster is severely restricted it is recommended to exclude it from the scan by the SpIDer Guard and confine by regular checks of t
298. ollows amp amp asan ampersand itself amp xr Carriage return e amp t tab amp n line feed amp v vertical tab e amp f format character amp b backspace character amp e equal sign amp 1 vertical bar amp s space An ampersand s at the end of a line is equal to n Thus a usual ampersand which is not used to set a special sequence should be doubled Comments begin with a semicolon and continue till the end of the line The Server settings are specified in the configuration file as instructions each of them is one word Instructions can be followed by instructions parameters one or several words Possible instructions and their parameters are described below The sequence of instructions in a file is inessential The parameters fragments of parameters set by a user are in angle brackets 337 Ta N ax Appendices Name lt name gt Defines the name of the Server it will respond to when the Server is being searched for by the Agent or the Dr Web Control Center The default value an empty line means using the computer name Threads lt number gt Number of Server threads which are serving clients By default it is set to 5 It is not advisable to change this parameter unless recommended by the customer support DBPool lt number gt Number of database connections with the Server For Windows
299. ols TCP IP IPv6 IPX and NetBIOS Data transmission between Enterprise Server and Enterprise Agents according to the Proxy server settings Caching of Agent and anti virus package updates which are translated by the Server In case of using cache of the Proxy server to translate updates following are provided reducing of network traffic reducing of Agent updates receiving time wy Proxy servers can be composed to hierarchical structure 280 Ta J i ax Chapter 10 Configuring the Additional 281 Components The general diagram of the anti virus network when a Proxy server is used is illustrated in the figure 10 1 Dr Web Enterprise Server LAN Internet Proxy Server CY Router a Protected computer Figure 10 1 Diagram of the anti virus network when a proxy server is used Principle of Operation When a proxy server is used the following operations are performed 1 Ifthe address of the Server is not specified on the Agent the Agent sends a multicast request according to the protocol of the network 2 Ifthe Proxy server is set up to translate connections the discovery yes parameter a message about the availability of an operating Proxy server is sent to the Agent Ta J i ax Chapter 10 Configuring the Additional Components The Agent sets the received Proxy server parameters for Enterprise Server Further intercommunication is performed transparently for the Agent
300. ome of Anti Virus Components 7 7 1 Configuring Office Control for Access to Resources and Web Sites under Windows OS 7 7 2 Configuring MailD Component for Email Protection Under UNIX System Based OS and Mac OS 165 165 165 167 169 174 176 178 179 183 188 188 189 190 191 202 202 207 209 210 212 212 214 Aq P aN A Yy v 7 8 Sending Notifications to Users Chapter 8 Configuring the Dr Web Enterprise Server 8 1 Setting the Dr Web Enterprise Server Configuration 8 1 1 Traffic Encryption and Compression 8 1 2 Setting the Mode of Operation with Databases 8 1 3 Setting Alerts 8 2 Dr Web Enterprise Server Logging 8 3 Setting the Dr Web Enterprise Server Schedule 8 4 Administration of the Dr Web Enterprise Server Repository 8 4 1 Introduction 8 4 2 Checking the Repository State 8 4 3 Editing the Configuration of the Repository 8 5 Peculiarities of a Network with Several Dr Web Enterprise Servers 8 5 1 Building a Network with Several Dr Web Enterprise Servers 8 5 2 Setting Connections between Several Dr Web Enterprise Servers 8 5 3 Using an Anti Virus Network with Several Dr Web Enterprise Servers 8 5 4 Using Several Dr Web Enterprise Servers with One Database Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components 9 1 Upgrading Dr Web Enterprise Security Suite 9 1 1 Upgrading Dr Web Enterprise Server for Windows OS 215
301. omposition in particular if you do not have Antispam license the cannot option for the SpIDer Gate and Office Control components must be set Update the components of Dr Web ESS To do this select the Administration item in the main menu and click Repository state in the control menu In the opened window click Check for updates Beforehand configure the proxy servers settings for GUS updating if necessary If necessary configure ports that is using by the Agents for communication with the Server To do this use the Administration Configure Dr Web Enterprise Server Transport tab Enable the use of communication protocols with Enterprise Agent and the Network installer disabled at step 1 267 Ta J i ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components 7 Upgrade the workstations software The upgraded anti virus program is ready for operation After the Server upgrading from the 4 XX version to 6 0 2 version the transport parameter must be present in the drwcsd conf configuration file of the Server Transport drwcs tcp 0 0 0 0 2193 udp 231 0 0 1 2193 where the drwcs is a Server name If this parameter is not specified add it manually and restart the Server 9 1 3 Upgrading Dr Web Browser Plugin To upgrade Dr Web Browser Plugin is used by the Dr Web Control Center delete Dr Web Browser Plugin software of current versions and install the
302. on If you selected more than one stations or one or more groups the windows displays a set of tables with quarantined objects for each station 3 To filter files by time when they were quarantined set a time slot on the toolbar and click Refresh 4 To manage files in Quarantine set the flag for the corresponding file group of files or for all files in the Quarantine at the table header On the toolbar select one of the following actions Ta J N ax Chapter 7 Administration of Workstations amp Restore the files from the Quarantine Use this option only then when you are sure that the objects are not harmful Select one of the options from the drop down list a P Restore the original location of the file i e restore the file to the folder where it had resided before it was moved to the Quarantine b Restore the file to the folder specified by the administrator Remove files delete the file from the Quarantine and from the system Q Scan files scan the file one more time gt Export save selected files at the local computer If files had been moved to the local Quarantine at the user computer you can copy these files to the computer on which the Dr Web Control Center is opened For example to send these files to the Dr Web virus laboratory ulteriorly Export data about the Quarantine to a file in one of the following formats a CSV format Er L
303. on or click Cancel to cancel Server installation A window with information about the program to be installed will be opened Click Next A window with the text of the license agreement will be opened You should read and accept the agreement To continue the installation in the bottom part of the window select I accept the terms of the license agreement and click Next A window for selection of license key files will be opened In the upper field click Browse and then specify the nterprise key license key file for the Server in the standard Windows OS window At first installation of the Server in the This installation will field select Initialize new database In the Initialize database with this Dr Web Enterprise Agent license key field specify the key file for the workstation software agent key If you want to keep the Server database of the previous installation select Use existing database You will be able to specify the database file later see step 10 For evaluation purposes a demo key file can be used Click the Demo keys button to go to the official web site of Doctor Web company and receive the license key file See Demo key files Click Next A window for selecting the installation type will be opened If you select Complete all components of Dr Web Enterprise Security Suite will be installed If you select Custom you will be able to specify the necessary components After selecting
304. on description sets the synchronization of the station description with the description in the Dr Web Control Center If the station description in the Dr Web Contro Center is absent the user description will be set to this field If descriptions differ the description in the Dr Web Control Center will be replaced by the user description Statistics Data Tab On the Statistics data tab you can configure statistics information to write in the log file and to the Server data base To add corresponding type of information to the DB set the following flags Quarantine logs stations Quarantine state List of the station modules in DB logs the list of the Anti virus modules at the station List of installed components in DB logs the list of Anti virus components Scanner Monitors etc that are installed at the station 222 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server Information on the start end of the components in DB logs the information about starting and stopping events of Anti virus components Scanner Monitors etc at stations Infection in DB logs the statistic data about infections detected at the stations Errors of scanning in DB logs information about all errors occurring during scanning at the stations Statistics of scanning in DB logs the results of stations scanning Information about installations in DB logs the information about Agent in
305. on item in the main menu Then in the opened window select the Network installation item in the control menu 2 Further steps are similar to 8 23 above See the Remote Installation Trouble Shooting section if an error has occurred 2 4 2 Installation of the Dr Web Enterprise Agent Software via Active Directory If the Active Directory service is used in the LAN you can remotely install the anti virus Agent on workstations using this service The Agent installation via Active Directory service is also available when using Distributed File System see the Using DFS During Installation the Agent via the Active Directory section A N T A A A yy v Chapter 2 Installation and Removal of Dr Web 72 Enterprise Security Suite Components Dr Web Enterprise Agent Installation To install the Agent using the Active Directory 1 Download a copy of Enterprise Agent installer for networks with Active Directory at http download drweb com esuite 2 Install Enterprise Agent on the local network server supporting the Active Directory service This can be made in the command line mode A or in the graphic mode of the installer B If you upgrade the Server you do not have to upgrade Enterprise Agent instaler for networks with Active Directory After upgrading the Server software the Agents and the anti virus software will be upgraded at the stations automatically A To Set All Necessary Installation Pa
306. on of Workstations Maximum archive size if the archive size exceed the limit Scanner neither unpacks nor scans the archive e Maximum compression ratio the maximum archives compression rate If the compression rate of the archive exceed the limit Scanner neither unpacks nor scans the archive e Maximum size of extracted files KB the maximum file size at unpacking If the size of extracted files will exceed the limit Scanner neither unpacks nor scans the archive Compression check threshold minimum size of file inside archive beginning from which compression ratio check will be performed Actions Tab On the Actions tab you can configure reactions of Scanner to various virus events For different types of compromised objects actions are assigned separately The following actions for detected virus threats are provided Cure instructs Scanner to try to restore the original state of an object before infection If the object is incurable or the attempt of curing fails the action set for incurable viruses is applied Available for known viruses only except Trojan programs that are deleted on detection and infected files within complex objectssuch as archives mail boxes or file containers Delete delete the object Quarantine move the object to the special Quarantine e Rename rename infected objects according to the rule from the Pattern used for renaming files field e Report report about the
307. on only You can restore DB from the backup created via the Server of 6 0 version using the Server of 6 0 version only 430 Ta J N ax Frequently Asked Questions e You cannot restore DB from the backup created via the Server of 5 0 or 4 XX version using the Server of 6 0 version If DB has been corrupted for some reasons during Server upgrade from previous versions to 6 0 version do the following 1 Remove the Server software of 6 0 version Backup copies of files used by the Server will be stored automatically 2 Install the Server of version which had been installed before upgrading and had been used to create backup copy According to the general upgrade procedure you should use all stored Server files except the DB file Create a new DB during the Server installation 3 Restore DB from the backup according to general rules see procedures below 4 Disable the Agent the Server and the Network Installer protocols in the Server settings To do this select the Administration item in the main menu and click Configure Dr Web Enterprise Server in the control menu go to the Modules tab and clear corresponding flags 5 Upgrade the Server to the 6 0 version according to general rules see p Updating the Dr Web Enterprise Security Suite Software and Its Components 6 Enable the Agent the Server and the Network Installer protocols disabled at the step 4 For Windows OS To restore DB from backup
308. one or several words a block of parameters which includes the block name one word followed by values in braces Before the simple parameters consisting of the parameter name one word and its value s one or several words groups of parameters consisting of the parameter name one word followed by a set of values in braces one or several words for each value the Access group of parameters which defines the rules for access to specified resources of the Server see below the Authorization group of parameters which defines authorization parameters for access to specified resources see below name of a block you can specify a prefix one word which defines how this block should be processed Ta J N ax Appendices Some of the possible instructions are described below The order of instructions is irrelevant Most simple single parameters are specified with default values and do not require any changes However it may be necessary to set the values for some of them ServerName lt DNS_name gt lt port_number gt defines name and port number of the Server It is used for connection requests to the Server It is necessary to specify the correct values after instaling the Server see Installing the Dr Web Enterprise Server Listen lt protocol gt lt interface gt lt port_number gt defines the parameters of interfaces which are being listened to It is used to set up access
309. onents list and they will be uninstalled from stations which are licensed with the new key 3 For all other components which were included into both old and new keys settings specified before key changing at the Installed components page will remain the same Ta J N ax Chapter 3 Components of an Anti Virus Network 127 and Their Interface When remaining settings Settings specified before key changing at the Installed components page will be remained Removing the Licence Key Settings for installed components lists can be inherited from the parental group or remain the same see Removing the License Keys for the Agent Remove the agent key from the object Comparing list of installed components of the deleted key with the list in the inherited key Lists are matched Delete personal settings for installed components Removing personal settings for installing components list Setting the inheriting Removing the agent key Procedure for removing Agent licence key When inheriting settings Personal settings specified before key changing at the Installed components page will be deleted and inheritance of settings from the parental group will be set A N T A A A yy v Chapter 3 Components of an Anti Virus Network and Their Interface When remaining settings On the Installed components page settings will remain as they were before key remo
310. only rights tnie SR Group administartors with full rights Group administartors with read only rights Middle Audit log name Jobs execution log Last name Server statistics Interface English at Configuration language E _ Administrator accounts Date DD MM YYYY HH MM SS Authorization format a Repository state Status tep 192 168 188 1 3111 Configure repository Contra men Created 1205 2017 161822 Configure Dr Web Enterprise r Modified 12 08 2011 17 12 22 Dr Web Enterprise Server Description Default administrator account schedul Edit templates Installations Network scanner eee ee Can manage a limited number of groups Figure 3 2 The Dr Web Control Center window Click the main menu option to see the description Ta AN ax Chapter 3 Components of an Anti Virus Network 100 and Their Interface Search Panel The search panel located in the top right part of the Dr Web Control Center and used to simplify searching for elements It can find both groups and separate workstations according to specified parameters To find a workstation or group of workstations 1 Select the search criterion in the drop down list of the search panel Station to search stations by name Group to search groups by name ID to search stations and groups by identifier e Description to search stations and groups by their description IP address to search stati
311. onnected to the Server this key is not required By default it is an arbitrary valid key in the folder set by the home parameter crypt lt mode gt the encryption mode of the traffic with the Server Possible values are yes no possible the default value is yes compression lt mode gt the compression mode of the traffic with the Server Possible values are yes no possible the default value is possible log lt log_file gt Agent log file By default it resides in the logs subfolder of the Agent installation folder When uninstalling the Agent software the deinstallation log is saved to the system temporary folder rotate lt N gt lt f gt lt M gt lt u gt Agent log rotation mode where e lt N gt total number of log files including current log file e lt f gt log files storage format possible values z gzip compress file uses by default or p plain do not compress files e lt Mp gt file size e lt u gt unit measure possible values k kilo m mega g giga 354 Ta 2 N ax Appendices 355 By default it is 10 10m which means storing of 10 files 10 megabytes each use compression Alternatively you can use the none format rotate none which means do not use rotation always write to the same file of unlimited size In the rotation mode log file names are generated as follows file lt N gt log or file lt N gt log dz where lt N gt
312. ons by their IP address 2 Enter a parameter value to search You can search values by specifying e specific string for full match with search value e a mask for search string the and symbols are allowed 3 Press ENTER to start the search 4 The search results contain a hierarchical list of elements according the search parameters If you searched for a workstation occurrence of the workstation in groups will be displayed If no elements are found the message Nothing found will be displayed in the empty hierarchical list You can also use the Advanced search option To perform an advanced search 1 Click the button in the search panel 2 Specify the following parameters on the Search for Groups and Stations panel rae BA Re Chapter 3 Components of an Anti Virus Network h d and Their Interface e Station name specify keyword s which will be searched for in the names of workstations Group name specify keyword s which will be searched for in the names of groups ID specify keyword s which will be searched in the identifiers IP address specify keyword s which will be searched for in the IP addresses of workstations Description specify the description in compliance to which the element will be searched for You can specify parameters for one several or all advanced search fields If you specify parameters in several fields the program searches for elements which comply w
313. op the Server before initiating this instruction drwesd rerepository reread the repository from the drive 363 Ta N a Appendices H5 5 Backup of Dr Web Enterprise Server Critical Data The folowing command creates backup copies of critical Server data database contents Server license key private encryption key Server configuration key and Dr Web Control Center configuration key drwcsd home lt path gt backup lt directory gt lt quantity gt copy critical Server data to the specified folder home sets the Server installation catalog lt quantity gt is the number of copies of each file Example for Windows OS C Program Files DrWeb Enterpris Server bin gt drwcsd home C Program Files DrWeb Enterprise Server backup C a The copies are stored in the dz format unpackable with gzip and other archivers After unpacking all the files except for the database contents are ready to use To restore the data the database contents can be imported from the backup to another database of the Server by means of the importdb switch see p Restoring the Database of Dr Web Enterprise Security Suite Starting from the 4 33 version ESS regularly stores backups of critical information to var Backup of the Server installation catalog For that purpose a daily task is included to the Server schedule which performs this function If such task is missing it is strongly recommended
314. opied repository On the main Server execute the command 273 Ta J N ax Chapter 9 Updating the Dr Web Enterprise 274 Security Suite Software and Its Components drwcsd rerepository Under Windows OS the command can be performed both from the command line C Program Files DrWeb Enterpris Server bin drwcsd exe home C Program Files DrWeb Enterprise Server rerepository or from the Start menu Start All Programs DrWeb Enterprise Server gt Server control gt Reload repository 7 Start the main Server If Dr Web SelfPROtect component was disabled before the repository update it is recommended to enable this component after updating 9 5 Update Restrictions for Workstations Via the Dr Web Control Center you can enable or disable the update mode for Dr Web ESS at workstations in particular time slots To do this 1 Select the Network item in the main menu then click the name of a station or group in the hierarchical list and select Update restrictions in the control menu panel on the left 2 In the opened table the update mode is specified using the following colors m green update is enabled Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components m red update is disabled The restrictions are set separately for each 15 minutes of each day of the week 3 To change the update mode click the corresponding block of t
315. order it is standard by default read Appendix J Using the Script of Dr Web Enterprise Agent Initial Installation pwd lt password gt set the Agent password for access to the Server help offer help Similar to the Agent interface module trace to log in detail the location of error origin Variables The variables are listed after switches The format of the elements is as follows lt variable gt lt value gt Some most important variables agent language C Program Files DrWeb Enterprise Suite RU ESAUI DWL this parameter switches the language of the Agent context menu to Russian You should specify the full path to the language resources By default English is used spider install no do not install SpIDer Guard Install if no variable is specified spiderml install no similarly do not install SpIDer Mail scanner install no similarly do not install Dr Web Scanner for Windows Ta J N ax Appendices spidergate install no similarly do not install SpIDer Gate agent id lt identifier gt agent password lt password gt the identifier and the password of a workstation if these parameters are set the workstation is connected not as the a newbie but with the specified parameters Servers The list of Servers is absolutely similar to the one described for the Agent H5 Dr Web Enterprise Server There are several
316. oring Statistics Tab General gt Quarantine Tables Modules General Installed components Tables Start End Tables Infections Tables Viruses Tables Errors Tables Statistics Tables Full statistics Tables All installations network Tables gt Jobs Tables Virus Bases Tables Status Tables Virus Bases Tables Virus Bases On the Statistics tab you can configure sending of the statistics on virus events to the Doctor Web company Set the Statistics flag to activate the sending process The following fields will become available Interval an interval in minutes for sending the statistics Server an IP address or DNS name and a port of statistics server by default stat drweb com 80 A N T A A A yy V Chapter 8 Configuring the Dr Web Enterprise 225 Server URL a path to the catalog on the statistics server by default update se ID an MD5 key of the Server located in the nterprise key Server key file User a user name for identification of the sent statistics contact the Dr Web Technical Support Service for your user name Password a password for authentication of the sent statistics contact the Dr Web Technical Support Service for your password Proxy if necessary the address of a proxy server for sending the statistics Proxy user if necessary the name of a user of the proxy se
317. otocol secure SSL connection the browser requests you to approve the Server certificate Warnings and indications of distrust to the certificate may display because the certificate is unknown to your browser You need to approve the certificate to connect to the Dr Web Control Center 97 Ta J i ax Chapter 3 Components of an Anti Virus Network and Their Interface Some browsers e g FireFox 3 and later report errors when connecting through https and refuse connection to the Dr Web Control Center To solve this problem add the Dr Web Control Center to the list of exceptions by clicking Add site in the warning message This allows connection to the Dr Web Control Center Dr Web Control Center Interface The Dr Web Control Center window see figure 3 2 is divided in header and working area The header contains the Dr Web Enterprise Security Suite logo which opens the main window of the Dr Web Contro Center if you click it the same as when you select the Network item in the main menu main menu the name of the current administrator logged into the Dr Web Control Center Logout close the current Dr Web Control Center session If automatic authorization in Control Center is enabled after clicking Logout information about administrator s login and password is deleted At next logon in the Control Center it is necessary to repeat standard authorization procedure with specifying login and passwor
318. oupOnly attribute equivalent q lt grouponly admin attribute name value DrWebAdmi lt DPrWebAdminGroup attribute equivalent OID J lt groups admin attribute name value DrWebAdminGr As a values of true value false value parameters regular expressions are specified 418 Ta J N a Appendices If undefined values of administrators attributes are present and the lt group reference attribute name value memberOf gt tag is set in the configuration file the value of the memberOf attribute is considered as the list of DN groups to which this administrator is included and the search of needed attributes is performed in this groups as for the Active Directory 419 Ta J N ys Frequently Asked Questions Frequently Asked Questions Moving the Dr Web Enterprise Server to Another Computer under Windows OS To transfer the Dr Web Enterprise Server for the similar Dr Web Enterprise Server versions under Windows OS 1 Stop the Server see Start and Stop the Dr Web Enterprise Server Run drwcsd exe using the exportdb switch to export the content of the database to a file The full command line for Windows looks as follows C Program Files DrWeb Enterpris Server bin drwcsd exe exportdb lt file_path gt Backup the C Program Files DrWeb Enterpris Server etc folder and the drwcsd pub key from the Program Files DrWeb Enterprise Server Installer folder Remov
319. ow The backslashed assertions are b matches at a word boundary B_ matches when not at a word boundary A matches at start of subject Z_ matches at end of subject or before newline at end z matches at end of subject G matches at first matching position in subject These assertions may not appear in character classes but note that b has a different meaning namely the backspace character inside a character class Ta AN ax Appendices Circumflex and dollar Outside a character class in the default matching mode the circumflex character is an assertion that is true only if the current matching point is at the start of the subject string Inside a character class circumflex has an entirely different meaning see below Circumflex need not be the first character of the pattern if a number of alternatives are involved but it should be the first thing in each alternative in which it appears if the pattern is ever to match that branch If all possible alternatives start with a circumflex that is if the pattern is constrained to match only at the start of the subject it is said to be an anchored pattern There are also other constructs that can cause a pattern to be anchored A dollar character is an assertion that is true only if the current matching point is at the end of the subject string or immediately before a newline character that is the last character in the string by default Dollar
320. owing of groups and stations descriptions the descriptions are set in the properties of an element Network scanner A The Network scanner requires Dr Web Browser Plugin The settings of this section let you configure the default parameters of Network Scanner To launch the Network scanner select Administration item in the main menu In control menu pane on the left select Network scanner Specify the following parameters of Network scanner 1 In the Networks field specify networks in the following format with a hyphen for example 10 4 0 1 10 4 0 10 separated by a comma with a whitespace for example 10 4 0 1 10 4 0 10 10 4 0 35 10 4 0 90 e with a network prefix for example 10 4 0 0 24 2 Change Port and Timeout parameters if necessary 3 Click Save to save these parameters as default After that when you use the Network scanner this parameters will be set automatically 111 A N T A A A yy v Chapter 3 Components of an Anti Virus Network and Their Interface Time Interval In this section you can specify settings of time interval to display statistics data see Viewing the Statistics section In the Default interval for reports drop down list specify the time interval which is set by default at the Reports section of the Dr Web Control Center main menu In the Default interval for statistics data drop down list specify the time interval which is set
321. ows Server 2003 OS Windows 2000 or Windows XP OS The information can be found at http support microsoft com kb 822158 en The article is meant to help you increase system performance The syntax of regular expressions used for excluding paths from 198 Ta J N ax Chapter 7 Administration of Workstations scanning is as follows qr expression flags As a flag mostly the character i is used It instructs to ignore letter case difference Some examples of specifying excluded paths through regular expressions are given below qr pagefile sys i skip scanning Windows NT swap files qr notepad exeS i skip scanning notepad exe files qr C i skip scanning disk C qr WINNT i skip scanning WINNT catalogs on all disks aqr C WINNT i skip scanning disk C and WINNT catalogs on all disks eqr C dirl dir2 file extS i 7 skip scanning the c dirl dir2 file ext file e qr c dirl dir2 file extS i skip scanning file ext if it is located in the c dirl dir2 catalog and its subcatalogs aqr c dirl dir2 i skip scanning c dirl dir2 and its subcatalogs qr dir i skip scanning the dir subcatalog located in any catalog but scan its subcatalogs qr dir i skip scanning the dir subcatalog located in any catalog and its subcatalogs Regular expressions briefly described in Appendix K See links
322. owse and select Server license key file 3 Click Save Several license keys records can be specified But only one record is active ID1 parameters of the Server in old and new key files are differ then the Server schedule connections between Servers and statistics of Server tasks will be lost 1 If during change procedure activating a new key file the To remain the Server schedule export it before changing the licence key file and import after the changing Change the Server License Activity In case of several license keys records only one record is active using by a Server at the moment To change the Server license activity 1 Select the record of a licence you want to set for a Server and click L Edit at the toolbar 2 At the opened pane click Activate 3 After the new key activation reload the Server to continue Ta J N ax Chapter 3 Components of an Anti Virus Network 122 and Their Interface Removing the License Keys for the Server You can not delete the current active record of a Server key file To remove the Server licence key 1 In the main pane of the License manager select the key you want to delete and click the abe Remove key at the toolbar 2 In the dialog box confirm the key deletion 3 4 2 2 Dr Web Enterprise Agent Keys Via the License Manager you can implement the following actions for the Dr Web Enterprise Agent license keys 1 View the summaries abo
323. owsers Opera 10 and later Safari 4 and later Chrome 7 and later Web browsers also can be used But operating under these Web browsers is not guaranteed Ta J i Chapter 1 Welcome to Dr Web Enterprise 23 Security Suite aX If you install Server on a computer with a _ underline character in the name configuration of Server with Dr Web Control Center by use of Windows Internet Explorer will not be available In that case use other Web browser Dr Web Browser Plugin to use Dr Web Control Center in ful The plug in is distributed with the Server installation package It installs by browser request when you use elements of Dr Web Control Center which require the plug in for instance for antivirus components remote updater or Network Scanner For operation of the Dr Web Browser Plugin at the A Network Scanner page under both Windows and GNU Linux OS you must have administrator root rights Under Safari Web browser the Dr Web Browser Plugin is available under Windows OS only e Recommended screen resolution to use the Dr Web Control Center is 1280x1024 pt The Dr Web Enterprise Agent and the full anti virus package require 1 Minimal requirements Intel Pentium IV 1 6 GHz RAM 512 MB 2 Recommended requirements Intel Pentium IV 2 4 GHz or faster e RAM not less than 1 GB 3 Not less than 180 MB of available disk space for executable files extra disk space for lo
324. p Ta J N ax Frequently Asked Questions 434 2 Remove dbinternal dbs from the for Linux OS var opt drwes for FreeBSD OS and Solaris OS var darwcs subfolder of the Server installation folder To clean an external DB use the clean sql script located at var opt drwcs etc for Linux OS var drwes etc for Solaris OS and FreeBSD OS 3 Initialize the Server database The command will look as follows for Linux OS and Solaris OS etc init d drwcesd initdb for FreeBSD OS usr local etc rc d drwesd sh initdb for other supported versions su drwcs c bin drwcsd var root var verbosity all log var server log initdb etc agent key lt password gt 4 Once this command is executed a new dbinternal dbs database of about 200 Kb will be generated in the var subfolder of Enterprise Server installation folder 5 Import the content of the database from the correspondent backup The command line will look as follows for Linux OS and Solaris OS etc init d drwesd importdb Ta 2 i ax Frequently Asked Questions 435 lt path_to_the_backup_file gt database dz for FreeBSD OS usr local etc rce d drwcsd sh importdb lt path_to_the_backup_file gt database dz for other supported versions bin drwcesd var root var verbosity all log logfile log importdb lt path_to_the_backup_file gt database dz 6 Start Enterpri
325. pache org licenses LICENSE 1 1 The source text can be downloaded from http jakarta apache org 29 Ta J N ax Chapter 2 Installation and Removal of Dr Web 30 Enterprise Security Suite Components Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 2 1 Planning the Structure of an Anti Virus Network To create an anti virus network 1 v1 Make a plan of the anti virus network structure taking including all protected computers and designating which ones are to function as the Servers Install Enterprise Server software on the selected computer or computers Through the Dr Web Control Center update the product software in the Server repository Configure the Server s and workstations software Install and configure the Proxy Server if necessary Install Enterprise Agent software on workstations and then register the anti virus workstations at Enterprise Server wy Agents establish a connection with the Server immediately after the installation Anti virus workstations are authorized at the Server according to the set policy see p New Stations Approval Policy Through the Dr Web Control Center set up and run the necessary modules When planning the structure of the anti virus network you should first of all select a computer to perform the functions of Enterprise Server Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise
326. pdates and controls the anti virus package as instructed by Enterprise Server Enterprise Agent reports virus events and other necessary information about the protected computer to Enterprise Server Optional components e Proxy server This component can optionally be included into the anti virus network The main function of the proxy server is to provide connection between Enterprise Server and Enterprise Agents in cases when direct connection is impossible E g if the Server and Agents are located in different networks which do not have packet routing between them At the expense of using caching function reducing of network traffic and time of receiving Agent updates can be provided e NAP Validator Allows to use Microsoft Network Access Protection NAP technology to check health of Dr Web anti virus software on protected workstations by enforcing compliance with system health requirements Ta J N aX Chapter 1 Welcome to Dr Web Enterprise Security Suite Enterprise Server can be installed on any computer of the local network not only on that functioning as a local network server It is crucial that this computer is connected to the Internet to communicate with other anti virus network computers and Global Update System servers The Dr Web Control Center can be run on a different computer than the Server there should be a network connection between them The anti virus network can incorporate several Ente
327. performed Agent messages on the configuration of the workstation statistics to be added to the centralized log on the operation of Agents and anti virus packages e messages on virus events and other events which should be logged The volume of traffic between the workstations and the Server can be quite sizeable subject to the settings and the number of the workstations Therefore the Dr Web ESS provides for the possibility to compress traffic See the description of this optional mode in p Traffic Encryption and Compression below Traffic between the Enterprise Server and Enterprise Agent can be encrypted This allows to avoid disclosure of data transferred via the described channel as well as to avoid substitution of software downloaded onto workstations By default traffic encryption is enabled for more please read p Traffic Encryption and Compression From the update web server to Enterprise Server a thick continuous line in the Figure 3 4 files necessary for replication of centralized catalogs of installation and updates as well as overhead information on this process are sent via HTTP The integrity of the information Dr Web ESS files and anti virus packages is provided through the checksums a file corrupted at sending or replaced will not be received by the Server Between the Server and the Dr Web Control Center a dashed line in Figure 3 4 data about the configuration of the Server including information about
328. perty name define discovery name Default drwes gt lt property discovery define should proxy run discovery server too gt lt property multicast define should proxy enter to multicast group gt lt kor example gt lt Listen on IN ADDRTANY port 2193 run duscovery opat ans le Oye sl eS lt listen spec ip multicast gt lt one or more forward tags gt lt forward to tcp serverl isp net 2193 gt lt forward to tcp server2 isp net 2193 gt lt listen gt lt I Listen on tpve ING _ADDR_ANY port 2194 run GUSCOVERY om EEV e 2 oil Ul ill e lt listen spec ip port 2194 multicast gt lt forward to tcp serverl isp net 2193 gt lt forward to tcp server2 isp net 2193 gt lt listen gt lt bisten on default ipx port 294 run sample discovery gt A T 2 ax Appendices 351 lt listen spec ipx discovery gt lt forward to tcp serverl isp net 2193 gt lt forward to tcp server2 isp net 2193 gt lt listen gt lt Listen on default netbios port 23 lana 0 run simple discovery gt lt listen spec netbios discovery gt lt forward to tcp serverl isp net 2193 gt lt forward to tcp server2 isp net 2193 gt lt listen gt lt drwcesd proxy gt Appendix H Command Line Parameters of the Programs Included in Dr Web Enterprise Security Suite H1
329. ppendices Installation and Supported Versions 1 The SQL CE DBMS is compatible only with Windows 2000 OS and higher x32 and x64 versions Dr Web Enterprise Security Suite supports Microsoft SQL Server Compact of 3 5 SP1 SP2 for x86 and x64 platforms Compatibility with all later versions of SQL CE DB is not guaranteed If you want to deploy SQL Server Compact Edition you need to download the instalation package from the web site of the manufacturer http www microsoft com sqlserver 2005 en us compact downloads aspx and install the corresponding version of the server see also System requirements for 3 5 It is not recommended to install more than one version of Microsoft SQL Server Compact on the same computer due to possible compatability issues Microsoft SQL Server Compact 3 1 does not support encryption Databases created on servers running under this version of Microsoft SQL Server may not be compartible with Microsoft SQL Server Compact 3 5 servers Use the Dr Web Enterprise Security Suite exportdb and importdb commands to import data from SQL Server Compact 3 1 databaes to SQL Server Compact 3 5 databases A client to access the database is included in the installation package of Dr Web ESS Parameters To adjust access to the SQL CE DBMS use the parameters described in Table B 4 303 Ta J i ax Appendices 304 Table B 4 Parameters of the SQL CE DBMS drwsqlce Driver name DBFI
330. prise Security Suite on stations under Windows OS The Enterprise Server distribution kit contains the following components Enterprise Server software for the respective OS Enterprise Agents software and anti virus packages software for supported OSs Dr Web Control Center software Virus databases e Manuals templates and examples In addition to the distribution kit serial numbers are also supplied Having registered these serial numbers one can get files with a Server key and an Agent key 1 7 Key Files Rights to use the Dr Web ESS are regulated by the following key files 1 Server key file enterprise key 2 Workstations key files agent key mechanism of electronic signature Editing the file makes it invalid Therefore it is not recommended to open your key file with a text editor which may occasionally corrupt it Key files have a write protected format based on the The Dr Web ESS license parameters and price depend on the number of protected computers which includes the servers protected by Dr Web ESS network Ta J i ax Chapter 1 Welcome to Dr Web Enterprise Security Suite Before purchasing a license for a Dr Web ESS solution you should carefully consider this information and discuss all the details with your local distributor You should state the exact number of Enterprise Servers to build the anti virus network with The number of independent Enterprise Servers the Se
331. ption Interface Tree settings Parameters of this section let you adjust the appearing of the list and they are similar to the settings located in the H option of the toolbar of the Network item of the main menu for groups e All groups membership show a station in all groups it is a member of only for groups under the white folder icon see Table 3 2 If the flag is set the station will be shown in all member groups If the flag is cleared the station will be shown only in the top white folder e Show hidden groups show all groups included in the anti virus network If you clear the flag all empty groups not containing stations will be hidden It may be convenient to remove extra data for example when there are many empty groups e for stations e Show station ID show unique identifiers of stations in the hierarchical list e Show station name show names of stations in the hierarchical list if such are given e Show station address show IP addresses of stations in the hierarchical list e Show station server show names or addresses of Enterprise Servers to which stations are connected 110 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface for all elements e Display personal settings enables disables marker on icon of workstations and groups which shows whether individual settings are present e Show descriptions enables disables sh
332. r Remove Enterprise Server software Install the new Server empty with the new DB at the necessary computer Stop the Server via the Windows OS service administrative loots or via the Dr Web Control Center Copy the automatic saved etc folder to the C Program Files DrWeb Enterprise Server etc folder and the drwcsd pub key to the C Program Files DrWeb Enterpris Server Installer folder Restore the DB on new Server and specify the path to the DB in the configuration file Run drwcsd exe using the upgradedb switch to upgrade the database The full command line for Windows looks as follows 421 Ta J i Ws Frequently Asked Questions 422 C Program Files DrWeb Enterpris Server bin drwcesd exe upgradedb C Program Files DrWeb Enterprise Server update db 9 Start the Server see Start and Stop the Dr Web Enterprise Server Ta J N ax Frequently Asked Questions Connecting the Dr Web Enterprise Agent to Other Dr Web Enterprise Server To connect the Agent to other Enterprise Server you must perform all actions at the station with the administrative rights To connect Dr Web Enterprise Agent to other Dr Web Enterprise Server do the following 1 If the drwcsd pub public key of the new Server does not match with the public key of the old Server you must change this key at the Agent 1 1 If the SelfPROtect component is active on the station wi
333. r Servers see also Peculiarities of a Network with Several Dr Web Enterprise Servers To view the summary tables with data from other Servers select the corresponding item in the Tables section 3 3 5 Help Select the Help item in the main menu of the Dr Web Control Center The control menu in the left part of the window contains the following elements 1 General Forum opens official forums of Doctor Web company Ask for support opens the web page of the Doctor Web technical support Send a virus opens a web form for sending a virus to the Dr Web Virus Laboratory Report a Parental Control error opens a web form for sending a message about false alarm or detection failure in Parental contro module 2 Documentation Administrator manual opens _ administrator documentation in HTML format e User manual opens user documentation in HTML format XML Web API opens administrator documentation on XML Web API see also Appendix N Integration of XML Web API and Dr Web Enterprise Security Suite in HTML format 114 Ta J N ax Chapter 3 Components of an Anti Virus Network 115 and Their Interface Release notes opens release notes for Dr Web Enterprise Security Suite of installed version 3 4 Dr Web Control Center Components 3 4 1 Network Scanner Enterprise Server contains the Network Scanner component under Windows 2000 and earlier operating systems due to 1 It
334. r 11 x86_64 Sun Solaris 10 x86 Sun Solaris 10 Sparc 32bit Sparc V9 processor UltraSparc or later Sun Solaris 10 Sparc 64bit Sparc V9 processor UltraSparc or later Ubuntu 8 04 Ubuntu 8 04 x86_64 Ubuntu 10 04 Ubuntu 10 04 x86_64 Ubuntu 10 10 Ubuntu 10 10 x86_64 Ubuntu 11 04 Ubuntu 11 04 x86_64 Windows OS 32 bit Windows 2000 Professional SP4 Windows 2000 Server SP4 Windows XP Professional SP3 Windows XP Home SP3 Windows Server 2003 SP2 Windows Vista also with SP1 and later Windows Server 2008 also with SP1 and later Windows 7 64 bit Ta AN ys Appendices 291 Windows Server 2003 SP2 Windows Vista also with SP1 and later Windows Server 2008 also with SP1 and later Windows Server 2008 R2 Windows 7 For the Dr Web Enterprise Agent and Anti Virus Package UNIX system based OS Linux glibc 2 7 and later FreeBSD 7 3 and later Sun Solaris 10 only for Intel platform Windows OS 32 bit Windows 98 Windows Millennium Edition Windows NT4 SP6a Windows 2000 Professional SP4 also with Update Rollup 1 Windows 2000 Server SP4 also with Update Rollup 1 Windows XP Professional also with SP1 and later Windows XP Home also with SP1 and later Windows Server 2003 also with SP1 and later Windows Vista also with SP1 and later Windows Server 2008 also with SP1 and later Windows 7 64 bit Windows Server 2003 also with SP1 and later Windows Vista also wit
335. r bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all importdb D esbase es Copy this line to the clipboard and paste to the cmd file Run the file 7 Start the Enterprise Server see Start and Stop the Dr Web Enterprise Server For UNIX OS 1 Stop Enterprise Server using the script for Linux OS and Solaris OS etc init d drwcsd stop A Q T A A A y V Frequently Asked Questions 427 for FreeBSD OS usr local etc re d drwesd sh stop or via Dr Web Control Center except the Solaris OS Start the Server with the exportdb switch to export the database to a file The command line from the Server installation folder will look as follows for Linux OS etc init d drwcsd exportdb var esbase es For Solaris OS etc init d drwesd exportdb var drwcs etc esbase es for FreeBSD OS usr local etc re d drwesd sh exportdb var drwcs esbase es It is presumed that the database is exported to esbase es which resides in the specified folder Start Enterprise Server using the script for Linux OS and Solaris OS etc init d drwesd start for FreeBSD OS usr local etc re d drwesd sh start connect Dr Web Control Center to the Server and configure the Server to use another database through the Dr Web Control Center menu Administration Configure Dr Web Enterpr
336. r of database connections with the Server Change the default setting on advice of the technical support only The Authorization queue parameter sets the maximum number of workstations which can be added to the Server authorization Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server queue Any natural number is alowed In the Updates bandwidth drop down list the maximal network traffic bandwidth for updates from Server to Agents is set If this parameter is set to Unlimited updates for Agents will be transferred without limitation of network traffic bandwidth If this parameter is variant from Unlimited has a numerical value updates for Agents will be transferred in ranges of specified bandwidth of summary network traffic for all Agents updates In the Newbie drop down list the connection policy for new workstations can be set for more read p New Stations Approval Policy The Reset unauthorized to newbie flag instructs to reset the parameters of connection with Server for unauthorized workstations which have not passed authorization check This option can be helpful when you change Server settings such as public key or change the DB In such cases workstations will not be able to connect to the Server and will need to get the new parameters to assess to the Server The Statistics flag instructs to send statistics on the operation of Enterprise Server for analysis to the Internet server at http s
337. rameters in the Command Line Mode Issue the following command with all necessary parameters and the obligatory parameter qn which disables the graphic mode msiexec a lt package_name gt msi qn lt parameters gt The a parameter launches installation of the administrative package Package name The name of the installation package for the Agent through Active Directory usually has the following format drweb es agent lt version gt lt release_date gt windows nt lt capacity gt msi Ta J N ax Parameters Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components qn disable the graphic mode With this switch the following parameters are to be specified ESS ERV ERADDR ESS lt DNS_name gt set the address of ESS ERV ERPATH Enterprise Server to which the Agent is to be connected For the possible formats see Appendix E3 lt path_filename gt specify the full path to the public encryption key of the Server and the file name by default drwcsd pub in the Installer subfolder of the Server installation folder TARGI ETDIR the network folder for the Agent image modified installation package which will be select via the Group Policy Object Editor for the selected installation This folder must have read and write access The path should be given in the network addresses format even if the folder is a
338. rated at the Server automatically and the mode of the station access is defined at Server For the Manual option you must specify following authorization parameters the station Identifier and its Password for access to the Server The station will have access permission without manually confirmation by administrator at Server In Compression and Encryption sections set modes of traffic between Agent and Server for more details see p Traffic Encryption and Compression Click Next 7 Installation of Agent will start When installation is complete click Finish for Installation Wizard closedown 8 After the station has been approved at the Server if it is required by Enterprise Server settings or if the Manual option has not been set at step 6 during Administrative installation the anti virus package will be automatically installed 9 Restart the computer on Agent request 2 4 Remote Installation of the Dr Web Enterprise Agent under Windows OS The Dr Web ESS anti virus allows to detect the computers which are not yet protected by Dr Web ESS and in certain cases to install such protection remotely Remote installation of Enterprise Agents is only possible on workstations operated by Windows 2000 and later OS except the Starter and Home editions To install the anti virus software on workstations you must have administrator rights on the correspondent computers Ta J i ax Chapter 2 Installation
339. rbitrary password to access the Parent Server To the right of the Key field clck View and specify the drwcsd pub key of the Parent Server In the Address field type the address of the Parent Server You can browse the list of Servers available in the network To do this a Click the arrow on the right of the Address field 248 Ta J N s b c d In the Administrative console web address field specify the address of a start web page for the Dr Web Control Center Chapter 8 Configuring the Dr Web Enterprise Server In the opened window specify networks in the folowing format with a hyphen for example 10 4 0 1 10 4 0 10 separated by a comma with a whitespace for example 10 4 0 1 10 4 0 10 10 4 0 35 10 4 0 90 with a network prefix for example 10 4 0 0 24 Click to scan the network on available Servers Select the Server in the list of available Servers Its address wil be set to the Address field to create connection of the main Server see p Dr Web Control Center Flags in Updates and Events sections are set according to parent child type of connection and can not be changed main Server sends updates to child Servers main Server receives information about events from child Servers Click Save 249 A AN v Aq A Y Chapter 8 Configuring the Dr Web Enterprise 250 Server New neighbor Save General Type Parent O child Peer Name MAIN Pass
340. re updated according to the settings of the repository read p Introduction and further 4 After the check updated components will have current date in the Last revision since column el BA Re Chapter 9 Updating the Dr Web Enterprise Yr Security Suite Software and Its Components Updating of the Software To update the software of an anti virus station through the Dr Web Control Center 1 Select the Network item in the main menu then click the name of the station or group in the hierarchical list 2 In the toolbar click Managing Components In the opened submenu select the necessary forced update mode fe Update failed components instructs to reset the error state and update only those components that failed at the previous update Update all components instructs to force the update of all components including those updated successfully The same operation can be carried out with the help of Enterprise Agent To update the software of an anti virus station through the Dr Web Enterprise Agent 1 Permit the user of the given workstation to change the local policy for information on how to do it read p Setting Users Permissions 2 On the context menu of the Agent icon select Re sync now 3 On the opened submenu select Only failed components if you want to update only those components the updating of which was failed and to reset the error state All components if you want to launch updati
341. reflects whether stations may be automatically included in the group automatic membership support and group contents automatically adjusted during Server operation e Membership administration The parameter reflects whether the administrator can manage group membership add stations to or remove from the group Primary group The parameter reflects whether the group can be primary for a station Possibility to have own settings The parameter reflects whether the group can have own settings of anti virus components to be propagated to its stations Table 6 1 Groups and supported parameters Everyone Status Transport Operation system l l l Ungrouped l ab ft fs User groups 153 Ta J N ax Chapter 6 Groups Integrated Workstations Management Under group administrator account the user group which he manages will be the root of the hierarchical tree even if it has the parent group All nested groups of managing group is available 6 2 Group Management 6 2 1 Creating and Deleting Groups Creating Groups To create a new group 1 Select Padd a station or a group on the toolbar and the Add a group in the submenu A window for creating a group will be opened The ID entry field is filed in automatically You can edit it during creation if necessary The identifier should not contain blank spaces In the sequel group ID can not be changed Type the group name
342. rictions pane while creating the connection The window for editing update modes opens See Update restrictions for details 8 5 3 Using an Anti Virus Network with Several Dr Web Enterprise Servers The peculiarity of a multi server network is that updates from the Dr Web GUS servers can be received by a part of Enterprise Servers as a rule one or several parent Servers and update tasks 254 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server should be scheduled on these Servers only for information on how to set Servers schedule read p Setting the Dr Web Enterprise Server Schedule Any Server which has received updates from the Dr Web GUS servers or some other Servers distributes them immediately to all connected child Servers and those peer Servers for which this option is enabled The Dr Web ESS anti virus automatically monitors the situations when due to an imperfect structure of the network or incorrect Server configuration an update already received is sent again to the same Server and cancels the updating The administrator can receive consolidated data about important events on the anti virus stations linked to any Server via intersever connections To view information on virus events on all Dr Web Enterprise Servers linked to the current Dr Web Enterprise Server 1 Select Neighborhood item in the main menu of the Dr Web Control Center 2 In the opened window in the Tables item of the con
343. ring upgrade of anti virus network components w The 2371 port is required for connection via TCP and UDP The Dr Web Enterprise Server requires Intel Pentium III 667 MHz or faster Ta J N s Chapter 1 Welcome to Dr Web Enterprise Security Suite e 512 MB RAM 1 GB in case a built in database is used up to 12 GB of free available disk space up to 8 GB for a built in database installation catalog and up to 4GB for the system temporary catalog for work files To install the Server it is required at least 2 5 GB of free A system disk space it does not depend on Server installation disk for the full distribution kit or 650 MB for the lite version of distribution kit to launch the installer and unpack temporary files e Microsoft Windows 2000 OS or later Linux OS FreeBSD OS or Solaris OS see Appendix A The Complete List of Supported OS Versions e MS Installer 2 0 for the installation of Enterprise Server for Windows OS Windows Script 5 6 or later for the installation of Enterprise Server for Windows OS For the installation of Enterprise Server for UNIX system based OS libiconv library v 1 8 2 or later pcre ncurses openssl libxml2 libpq only in case of using PostgreSQL database in case of installation via the generic packages the library is already included in the package libcurl The Dr Web Proxy Server requires Intel Pentium III 667 MHz or faster
344. ription of the DBMS Settings The Parameters of the DB MS Driver Using an internal DBMS is selected by default This mode considerably increases the load on the Server It is recommended to use an external DBMS in large anti virus networks An internal DB can be used if at most 200 300 stations are A connected to the Server If the hardware configuration of the computer with Enterprise Server and the load level of other executing tasks are permissible up to 1000 stations can be connected Otherwise you must use an external DB If you use an external DB and more than 10 000 stations are connected to the Server it is recommended to perform the following minimal requirements 3 GHz processor CPU RAM at least 4 Gb for the Enterprise Server and at least 8 Gb for the DB server UNIX system based OS 232 Ta J N s Chapter 8 Configuring the Dr Web Enterprise 233 Server It is possible to perform transactions connected with clearing the database used by Enterprise Server in particular to delete records of events and data about the workstations which have not visited the Server for a certain period of time To clear the database open the Server schedule and add a corresponding job 8 1 3 Setting Alerts To set the mode of sending alerts about the events connected with the operation of the Dr Web ESS anti virus 1 Select the Administration item in the main menu and click Dr Web Enterprise Serv
345. rol Center menu Administration Configure Dr Web Enterprise Server 247 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server on the General tab in the Name entry field In this example we name the Parent Server MAIN and the Child Server AUXILIARY On both Enterprise Servers enable the server protocol To do this on the Dr Web Control Center Administration menu select Configure Dr Web Enterprise Server On the Modules tab set the Dr Web Enterprise Server flag see p Setting the Dr Web Enterprise Server Configuration If the server protocol is disabled the message about enabling this protocol will be shown and the link to the corresponding section of the Dr Web Control Center will be given during creation of new connection Restart both Enterprise Servers Connect the Dr Web Control Center to the Child Server AUXILIARY and add the Parent Server MAIN to the list of neighbor Servers of the Child Server To do this select Neighborhood item in the main menu A window with the hierarchical list of the anti virus network Servers neighboring with the given Server will be opened To add a Server to the list click the Create neighbor fe in the toolbar A window to describe the connection between the current Server and the new Server will be opened see Figure 8 2 Select the Parent type In the Name entry field type the name of the Parent Server MAIN in the Password field type an a
346. root if it was set at Server launch otherwise it is the var subfolder of the root folder Ta J N ax Appendices Appendix J Using the Script of Dr Web Enterprise Agent Initial Installation The installation routine of the Agents onto workstations by using the network instaler drwinst exe is set by install script These files reside in the products root folder in the repository In standard distributions they are located in the 10 drwupgrade and 20 drwagntd catalogs and describe the default installation If the custom install script file is present in the folder it is used instead of the standard installation routine updated during the product update and do not influence wy Files with other names beginning with a period are not the operation of the repository The sequence of operations during the installation 1 The network installer requests the Server for the installation of the following platforms win setup common win win nt and win 9x this is the list of standard platforms in the default order The order of use of the platforms can be changed by the platforms pl1 p2 p3 switch when calling drwinst The win setup platform is not included into a standard distribution and is designed for creation of its own installation routines if necessary 2 The Server forms a list of files according to the list of platforms viewing all products step by step in alphabetical order and lists of files set by t
347. root sete rotate verbosity log conf pid user group hooks Table H 1 DRWCS_HOME DRWCS_VAR DRWCS_ETC DRWCS_ROT DRWCS_LEV DRWCS_LOG DRWCS_CFG DRWCS_PID DRWCS_USER DRWCS_GROUP DRWCS_HOOKS e usr local drwcs for the FreeBSD OS e usr drwcs for all other OS DRWCS_VAR etc 10 10m trace3 DRWCS_VAR log drwcsd log DRWCS_ETC drwesd conf Ta J AN ax Appendices 370 trace DRWCS_TRACE wy DRWCS_HOOKS and DRWCS_TRACE variables do not have any parameters If variables have been defined corresponding switches will be added during the script execution If variables have not been defined switches will not be added Other variables are described in the Table H 2 Table H 2 DRWCS_ADDOPT DRWCS_CORE unlimited The core file maximal size DRWCS_FILES 8192 The maximal number of file descriptors that the Server is able to open DRWCS_BIN DRWCS_HOME bin The directory to start the drwcsd from DRWCS_LIB DRWCS_HOME lib The directory with Server libraries Default values of parameters will be used if these variables have not been defined in the etc init d drwcsd script Ta 2 N ax Appendices 371 DRWCS HOME DRWCS_VAR DRWCS_ ETC DRWCS_ USER DRWCS GROUP DRWCS_ HOOKS variables are already defined in the etc init d drwesd script file If the TGT_ ES ETC common conf file exists this file will be included to the etc init d drwcsd that
348. rough the Dr Web Control Center 3 3 2 Anti Virus Network Select the Network item in the main menu of the Dr Web Control Center The control menu in the left part of the window is used to view and edit information in the opened window Hierarchical list In the middle part of the window there is a hierarchical list of the anti virus network The list catalog represents the tree structure of the anti virus network elements The nodes in this structure are groups and workstations within these groups You can perform the following through the hierarchical list elements Left click the the name of the corresponding element to open the control menu left part of the window of a group or workstation e Left click the icon of the group to see the contents of a group To select several elements of the hierarchical list press and hold CTRL or SHIFT during selection The appearance of the icon depends on the type and status of this element see table 3 2 103 Ta 2 aw ax Chapter 3 Components of an Anti Virus Network 104 and Their Interface Table 3 2 Icons of elements in the hierarchical list Groups Ly yellow folder Groups always shown on the hierarchical list Ga white folder If groups marked with this icon are empty their showing on the hierarchical list may be disabled Workstations green icon Available workstations with installed anti Ti virus software a gray icon The station is unavailable x
349. roxy server use the command usr local etc rc d 0 dwep proxy sh stop To manually start the Proxy server use the command Ta J N ax Chapter 2 Installation and Removal of Dr Web 82 Enterprise Security Suite Components usr local etc rc d 0 dwcp proxy sh start During the installation for Linux OS and Solaris OS an init script etc init d dwcp proxy for the launching and termination of the Server will be created 2 7 Removing the Dr Web Enterprise Security Suite Components 2 7 1 Uninstalling the Dr Web ESS Software for Windows OS Uninstalling the Dr Web Enterprise Server To remove the Server or the Dr Web Browser Plugin software run the installation file of the corresponding product of currently installed version The installation program will automatically detect the software product and offer to remove it To remove software click Remove The Server Dr Web Browser Plugin and Proxy server software can also be removed using standard Windows OS tools via the Add or Remove Programs element in Control Panel Uninstalling the Dr Web Enterprise Agent and Anti Virus Package Remotely Remote installation and removal of the Agent software is possible within a local network only and requires administrator s rights in the local network Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components If you uninstall the Agent and anti virus package via
350. rprise Servers The features of such configuration are described in the Manual in p Peculiarities of a Network with Several Dr Web Enterprise Servers below An anti virus package installed on protected workstations includes the following components Core components Dr Web Scanner for Windows is a part of the common product Dr Web for Windows Its executable file is drweb32w exe The Scanner is configured through group or personal settings for the workstation It scans the PC upon user s demand or according to the user s local schedule Additionally has an anti rootkit module not included in Dr Web Enterprise Scanner Dr Web Enterprise Scanner for Windows is one of Enterprise Agent functions It is also an anti virus scanner and uses the same virus databases and search engine But this functionality is built in Enterprise Agent Dr Web Enterprise Scanner is meant to scan for viruses on demand either according to the schedule or a direct task from the Dr Web Control Center It has no special interface and no independent settings it is configured only when run through the Dr Web Control Center when scanning is scheduled or initiated manually SelfPROtect System monitor which protects files and directories used by ESS from unauthorized or accidental removal and modification by user or malicious software With the system monitor running access to these resources is granted to Dr Web processes only 17 Ta AN ax
351. rprises small companies and nationwide corporations Dr Web antivirus solutions are well known since 1992 for continuing excellence in malware detection and compliance with international information security standards State certificates and awards received by the Dr Web solutions as well as the globally widespread use of our products are the best evidence of exceptional trust to the company products We thank all our customers for their support and devotion to the Dr Web products Ta gt AN aX Table of Contents Chapter 1 Welcome to Dr Web Enterprise Security Suite 1 1 Introduction 1 2 Conventions and Abbreviations 1 3 About Dr Web Enterprise Security Suite 1 4 Benefits 1 5 System Requirements 1 6 Distribution Kit 1 7 Key Files 1 8 Links Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components 2 1 Planning the Structure of an Anti Virus Network 2 2 Installation of the Dr Web Enterprise Server 2 2 1 Installation of the Dr Web Enterprise Server for Windows OS 2 2 2 Installation of the Dr Web Enterprise Server for UNIX System Based OS 2 2 3 Installation of the Dr Web Browser Plugin 2 3 Installation of the Dr Web Enterprise Agent under Windows OS 2 3 1 Installation Files 2 3 2 Installation of the Dr Web Enterprise Agent via the Installation Package 13 13 14 15 18 20 25 26 28 30 30 31 32 44 48 51 52 53 Ta AN aX
352. rs from the lt script gt file Database Upgrading drwesd upgradedb lt folder gt run the Server to update the structure of the database at a version upgrade see the update db folder Database Export drwcsd exportdb lt file gt export the database to the specified file A N T A A yy v Appendices Example for Windows C Program Files DrWeb Enterprise Server bin drwcsd exe home C Program Files DrWeb Enterprise Server var root C Program Files DrWeb Enterprise Server var verbosity all exportdb C Program Files DrWeb Enterprise Server esbase es Under UNIX OS the action is performed on behalf of the drwcs drwcs user to the directory DRWCS_ VAR except for FreeBSD OS which by default saves the file to the directory from which the script was run if the path is specified explicitly then the directory should have the recording right for the lt user gt lt group gt that had been created at installation by default it is drwcs drwcs Database Import drwcsd importdb lt file gt import the database from the specified file the previous content of the database is deleted Database Verification drwcsd verifydb run the Server to check the database Upon completion the Server saves the verification results in the log file drwcsd log by default H5 4 Repository Commands drwcesd syncrepository synchronize the repository with the GUS St
353. rs in curly brackets braces separated by a comma The numbers must be less than 65536 and the first must be less than or equal to the second For example 396 Ta J N ax Appendices z 2 4 matches zz zzz or zzzz A closing brace on its own is not a special character If the second number is omitted but the comma is present there is no upper limit if the second number and the comma are both omitted the quantifier specifies an exact number of required matches Thus aeiou 3 matches at least 3 successive vowels but may match many more while d 8 matches exactly 8 digits An opening curly bracket that appears in a position where a quantifier is not allowed or one that does not match the syntax of a quantifier is taken as a literal character For example 6 is not a quantifier but a literal string of four characters The quantifier 0 is permitted causing the expression to behave as if the previous item and the quantifier were not present For convenience and historical compatibility the three most common quantifiers have single character abbreviations e is equivalent to 0 is equivalent to 1 is equivalent to 0 1 It is possible to construct infinite loops by following a subpattern that can match no characters with a quantifier that has no upper limit for example a By default the quantifiers are greedy that is they match as much as possi
354. rver is not required for anonymous assess Proxy password if necessary a password to assess the proxy server is not required for anonymous assess Server and Interval are the only obligatory fields Click Save to accept changes in settings Security Tab On the Security tab restrictions for network addresses from which Agents network installers and other neighboring Enterprise Servers will be able to access the given Server are set To manage Server audit log use the following flags Audit operations allows to log operations of administrator with the Dr Web Control Center and writing the log into the DB Audit server internal operations allows to log Enterprise Server internal operations and writing the log into the DB To view the audit log select the Administration option in the main menu then Audit log item in the control menu Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server The Agents Installations and Neighbors additional tabs are designed to set the restrictions for the correspondent types of connections To set access restrictions for any type of connection 1 Go to the correspondent tab Agents Installations or Neighbors To allow all connections clear the Use this ACL flag To make the list of allowed or denied addresses set the Use this ACL flag To allow any TCP address include it into the TCP Allow or TCPv6 Allow list To deny any TCP address
355. rvers which do not interact with each other running the network does not affect the license price see also p Installing the Dr Web Enterprise Server Note that Dr Web ESS is licensed per connection When A calculating the number of licensed needed for the network count the number or connections between Enterprise Servers Each connection requires an additional license Furthermore an additional license is required for each connection between Enterprise Servers regardless of its type see p Building a Network with Several Servers for details that is a separate license for each connection is required for each Enterprise Server For example in case of one connection between two Servers you need two licenses When purchasing a license for the Dr Web ESS anti virus you receive registration keys or a registration card with a serial number License key files are generally sent to users by e mail after the product serial number has been registered at the special web site http buy drweb com register unless otherwise specified in the registration card attached to the product Visit the web site above in the form enter your personal data and in the corresponding field type the registration serial number it is written on the registration card An archive with key files will be sent to the designated address Or you will be alowed to download it directly from the web site As a rule key files come in a zip archive which contain
356. s 377 verbosity lt details_level gt log level of detai TRACE3 is by default Allowed values are ALL DEBUG3 EBUG2 DEBUG1 DEBUG TRACE3 TRACE2 RACE1 TRACE INFO NOTICE WARNING RROR CRIT The ALL and DEBUG3 values are synonyms AHO All switches for setting Proxy server parameters can be set simultaneously Writing log to the file and to the console simultaneously is not supported Meanwhile If none of switches is not specified log is written to the console If both of switches is specified log is written to the file Appendix I Environment Variables Exported by the Dr Web Enterprise Server To simplify the setting of the processes run by Enterprise Server on schedule the data on location of the Server catalogs is required To this effect the Server exports the following variables of started processes into the environment DRWCSD HOME path to the root folder installation folder The switch value is home if it was set at Server launch otherwise the current folder at launch DRWCSD_ EXE path to the folder with executable files The switch value is bin root if it was set at Server launch otherwise it is the bin subfolder of the root folder DRWCSD_VAR path to the folder to which the Server has a write access and which is designed to store volatile files for example logs and repository files The switchvalue is var
357. s only one of them is to receive updates from the Dr Web GUS servers GUS on subordinate Enterprise Servers in case the parent Enterprise Server is inaccessible This will allow the Agents connected to a subordinate Enterprise Server to receive updated virus databases and program modules For more read p Editing the Configuration of the Repository wy It is recommended to schedule a task for updating from the information on virus events statistics etc The program provides for two types of connections between the Dr Web Enterprise Servers a parent child type of connection where the principle Server transfers updates to the subordinate one and receives information about events Ta J aw ax Chapter 8 Configuring the Dr Web Enterprise 246 Server a peer to peer connection where data types and transfer directions are set up individually An example of a multi server structure is presented in Figure 8 1 Dr Web Enterprise TCP IPX NetBIOS Server network Transfer of updates via Protected computer unp Sending information on 5 Dr Web GUS vents Interserver transfer of updates Figure 8 1 A multi server network Here are some advantages of a multi server anti virus network receipt of updates from the Dr Web GUS servers by one principle Enterprise Server and their subsequent distribution to the other Servers directly or through intermediates distribution of workstations between several
358. s key files for the Server and for workstations 27 Ta J N ax Chapter 1 Welcome to Dr Web Enterprise Security Suite Users can receive key files in one of the following ways by e mail usually after registration of the serial number at the web site see above with the anti virus distribution kit if license files were included at kitting as a file on a separate carrier Please keep key files until they expire They are required during the installation and re installation of the anti virus as well as to restore program components In case a license key file is lost you need to complete the registration form at the web site specified above so that you can restore it Note that you will need to enter the same registration serial number and the same personal data as during the first registration you can change the e mail address only In this case the license key file will be sent to the new address To try the Dr Web ESS anti virus and familiarize yourself with the software you can order demo keys Such key files provide for the full functionality of the main anti virus components but have a limited term of use Demo key files are sent upon request made through the web form at http download drweb com demo Your request for demo keys will be examined and if approved an archive with key files will be sent to the designated address The use of obtained key files during the installation is described in p In
359. s mode To do this you should step by step switch the Server and other installed components to the Possible mode first avoiding formation of incompatible Network Installer Server and Agent Server pairs If you do not follow this recommendation it may result in loss of connection with the component and the necessity to reinstall it wy By default Enterprise Agent are installed with the Possible encryption setting This combination means that by default the traffic will be encrypted but it can be disabled by editing the settings of the Server without editing the settings of the components As traffic between components in particular the traffic between Enterprise Servers can be considerable the Dr Web ESS anti virus provides for compression of this traffic The setting of the compression policy and the compatibility of settings on different components are the same as those for encryption The only difference is that the default parameter for compression is No 230 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise 231 Server With the compression mode enabled traffic is reduced but the computational load on computers is increased considerably more than with encryption 8 1 2 Setting the Mode of Operation with Databases You can get the structure of the Enterprise Server DB via the init sql script located in the etc subfolder of the Enterprise Server installation folder To specify parameters of operat
360. s or click the calendar icons next to the date fields To load data click Refresh The tables with statistics will be loaded In the Summary statistics section the summary data is displayed if the stations are selected by selected stations if the groups are selected by selected groups If several groups are selected only non empty groups will be displayed If both the stations and groups are selected separately by all stations including stations from selected non empty groups To view the detailed statistics of anti virus components click the station name in the table If groups were selected click the group name in the summary statistics table then click the station name in the displayed table A windows or a section of current window with detailed statistics will be opened You can open the settings window of the anti virus component from the statistic table of station or group components To do this click the name of the component in the statistic table To sort the data in columns of a table click the certain point decrease or increase in the header of the table ot csv To save the table for printing or future processing click EE Save shown data in CSV format F Save shown data in HTML format or Al Save shown data in XML format To view the summary statistics not split in sessions click Summary statistics in the control menu A window of summary statistics will be opened To view the stati
361. se Server for Linux OS and Solaris OS etc init d drwesd start for FreeBSD OS usr local etc re d drwesd sh start for other supported versions bin drwces sh start Server installation directory change log details level and etc you must make all changes in the start script for FreeBSD OS usr local etc rc d drwcsd sh wy If you want to run the script with parameters e g set for Linux and Solaris OS etc init d drwcsd If some Agents were installed after the last backup had been made they will not be connected to the Server after the database has been restored from the backup You should remotely reset them to the newbie mode To do this on Dr Web Control Center Administration menu select Configure Server A Dr Web Enterprise Server configuration window will be opened on the General tab Set the Reset unauthorized to newbie flag Ta J i ax Frequently Asked Questions As soon as the database is restored from the backup it is recommended to connect the Dr Web Control Center to the Server On the Administration menu selectDr Web Enterprise Server schedule and check that the Back up critical server data task is on the list If this task is absent add it to the list 436 A N T A A A yy v Frequently Asked Questions Restoring the Dr Web Enterprise Server from Data Backup Dr Web Enterprise Security Suite regularly backs up important data database co
362. se Server w This section contains information about administrators DB Administrators with full rights can Add new and delete already existing administrators accounts Edit settings for all administrators of anti virus network Group administrators and administrators with read only rights can Edit some of settings of their account only 5 3 1 Creating and Deleting Administrators Creating Administrators To add administrator account 1 Select the Administration item in the main menu of the Dr Web Control Center and then the Administrative accounts item in the control menu 2 Click the i Create account icon in the toolbar Ta J N ax Chapter 5 Anti Virus Network Administrators 3 A window with account settings similar to the settings will be opened Specify the following parameters In the Login field specify administrator account login for the Dr Web Control Center access In the Password and Retype password fields set the password for the Dr Web Control Center access A It is not allowed to use national characters in administrator password Set the Read only flag to restrict access rights In the First name Middle name and Last name fields you can specify administrator s personal data In the Interface language drop down list select the language which will be used by the adding administrator In the Date format drop down list select the date format which will be used by t
363. should be made common ru dwl we need it common de dwl common pl dwl common es dwl win de May soil Wali OE pecs The Instructions of the notify Group The instructions of the notify group allow to set up the notification system for separate products the setting of the notification system is described in p Setting Alerts The repository generates the following types of notifications update when a product is successfully updated delay when a transaction is frozen flushfail when a flush error occurs loadfail when a load error occurs By default all the types are allowed Ta J N ax Appendices The notify off instruction alows to disable certain types of notifications for the given product The notify ignore and notify only instructions alow to limit or specify explicitly the list of files for which if changed the notification of the update type is sent H If at least two of the sync only sync ignore or sync delay instructions are present in a file the following rule is used sync only is applied first Files not specified in this instruction if any are not processed sync ignore Is applied to the rest of files sync delay is applied only to the remaining files after the two previous items have been applied The same rule is applied to the application order of state only and state ignore F3 id Files
364. sions contain hard links on existing files from old revisions and originals for changed files Thus files for each version are stored on a hard drive in a single exemplar all directories for next revisions contain only links on unchanged files Outdated revisions are cleared ones in an hour Not outdated are 3 last revisions only All other revisions are deleted In addition unused memory mapped files are unloaded each 10 minutes Settings The Proxy server does not have a GUI Its settings are adjusted via a configuration file The format of the configuration file is described in Appendix G2 Only user with administrative rights on the computer can manage settings edit configuration file of Proxy server Starting and Stopping To start and stop the Proxy server under Windows OS open Control Panel Administration Services then double click drwcsd proxy and select a necessary action in the opened window To start and stop the Proxy server under a UNIX based OS use the start and stop commands with scripts created during installation of the Proxy server see Installing the Proxy Server To start the Proxy server under both Windows OS and UNIX system based OS you can run the drwcsd proxy executable file with corresponding switches see the Appendix H10 Proxy Server 283 Ta J N ax Chapter 10 Configuring the Additional Components 10 2 NAP Validator Overview Microsoft Network Access Protect
365. ssion The Updater log files parameter determines the maximum number of updater log files Interface Tab On the Interface tab you can set the parameters of the Agent interface On the Interface tab you can select the type of events that the user is to be notified of For this set the respective flag Critical notifications receive only critical notifications Such notifications include periodical messages about e updating errors of the anti virus software or some of the components e the necessity to restart a computer after updating The notification shows if the user has administrator rights Virus notifications receive only notifications about viruses This type of notification includes messages about virus es detection by one of the anti virus software components 182 Ta J N ax Chapter 7 Administration of Workstations 183 e Major notifications receive only important notifications Such notifications include messages about e the launching errors of the anti virus software or some of the components e the updating errors of the anti virus software or some of the components is displayed right after error of update procedure e the necessity to restart a computer after updating is displayed right after update procedure e necessity of message with reboot requirement to finish components installation Minor notifications receive only minor notifications Such notifications includ
366. sta and later OS if the station is outside a domain 2 The drwinst exe and drwcsd pub files are available At the Dr Web Control Center the external information step and error code which can help to diagnose the error reason is displayed The list of the most frequently errors Validating user No such host is DNS name to address conversion inputs of the known 11001 failed No such DNS name or wrong remote name server settings stations 1 Checking if A socket operation 445 port is not available at the NetBIOS on failed because the remote station Possible reasons the remote destination host station is shut down station is was down available 2 10064 firewall blocks specified port the OS at the remote station is different fromthe Windows OS Connecting to At this step connection with the ADMINS administrative an resource at the remote station is performed administrative resource ADMIN on the remote station 1001 444 Ta J N ax Remote Installation Trouble Shooting 445 Checking installer exit code 1009 The system detected a possible attempt to compromise security Please ensure that you can contact the server that authenticated you 1265 Logon failure unknown user name or bad password 1326 The filename directory name or volume label syntax is incorrect 123 Sharing and security model for local accounts is not configured Aut
367. stall In case of manual backup replace the files in the same folders from which you copied the files before new install Assign the same permissions as those set at the installation of the new Server version for all backup files from the previous Server version see step 6 To upgrade the databases execute the following commands 266 Ta J N S 8 9 Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components e for Linux OS and Solaris OS etc init d drwcesd upgradedb e for FreeBSD OS usr local etc re d drwesd sh upgradedb Launch Enterprise Server Set up repository upgrade and perform the upgrade 10 Restart the Server In upgrading procedure of the Dr Web Enterprise Server to version 6 0 2 it is recommend to do the following 1 Before upgrading disable the use of communication protocols with Enterprise Agent and the Network installer To do this select the Administration item in the main menu and click Configure Dr Web Enterprise Server in the control menu go to the Modules tab and clear the Protocol Dr Web Enterprise Agent and the Protocol Dr Web Network Installer flags Click Save A request to restart the Server will be opened Click Yes Upgrade the Server to version 6 0 2 as described above using preserved Server configuration file After upgrading the Server configure the set of components installed at the workstations see p Anti Virus Package C
368. stallations at the stations Station jobs execution log log results of tasks execution on workstations and store the log in the DB Station status monitoring log status changes for workstations and store the log in the DB Virus databases monitoring log changes in virus databases status and contents on workstations and store the logs in the DB To view statistics information 1 Select the Network option of the main menu 2 Select a station or a group in the hierarchical list 3 Open the corresponding section of the control menu see the table below Detailed information about statistic data is described in the Viewing the Statistics section The table below describes correspondence between flags in the Statics data tab of the Server settings and items of the control menu on the Network page If you clear flags on the Statistics data tab corresponding items of the control menu become hidden 223 Ta yas A A Y Chapter 8 Configuring the Dr Web Enterprise 224 Server Table 8 1 Correspondence between flags of Statistics data section and items of the control menu Quarantine List of the station modules in DB List of installed components in DB Information on the start end of the components in DB Infection in DB Errors of scanning in DB Statistics of scanning in DB Information about installations in DB Station jobs execution log Station status monitoring Virus databases monit
369. stalling the Dr Web Enterprise Server below The use of key files after the anti virus network is established is described in p Replacing Old Key Files with New Ones below The number of requests for a key file is limited to 25 times If more requests are sent a key file will not be delivered 1 8 Links Some parameters of Dr Web ESS are set as regular expressions Regular expressions are processed by the PCRE program library developed by Philip Hazel 28 Ta J N ax Chapter 1 Welcome to Dr Web Enterprise Security Suite The library is distributed with open source codes the copyright belongs to the University of Cambridge Great Britain All source texts of the library can be downloaded from http www pcre org The Dr Web ESS software uses the Regina REXX interpreter legally protected by the GNU license To download the source texts of the software or receive additional information please visit the website of Regina at http regina rexx sourceforge net The Dr Web ESS software uses the JZlib library by JCraft Inc The library is legally protected by the BSD based license For more information please visit http www jcraft com jzlib LICENSE txt The source text can be downloaded from http www jcraft com jzlib index html The Dr Web ESS software uses the Common Codec package derivative from Apache Jakarta Project distributed and protected by the Apache Software License For details go to http www a
370. stations Automatic Access Approving In the Allow access automatically mode all stations that request an access to the Server wil be approved automatically without requesting the administrator The Everyone group will be set as a primary Access Denying In the Always deny access mode the Server denies access for requests from new stations The administrator should manually create an account for new stations and set access password for them 7 1 2 Removing and Restoring Stations To remove a workstation account 1 Select the Network item in the main menu then click General Remove selected objects in the toolbar of the opened window 2 You will be prompts to remove the station Click OK After a station is removed from the hierarchical list it is added to the deleted stations table You can restore the removed station via the Dr Web Control Center 167 Ta J N ax Chapter 7 Administration of Workstations To restore a workstation account 1 Select the Network item in the main menu in the opened window in the hierarchical list select deleted station or several stations you want to restore All deleted stations are located in the Deleted subgroup of the Status group 2 On the toolbar select General S Restore deleted stations 3 The section for station restoring will be opened You can specify the folowing station parameters which will be set during restoring Primary group s
371. stations 7 6 Viewing Statistics Via the control menu of the Network section you can view the following information Tables to view tabular data on anti virus components functioning at the stations stations and anti virus components status Charts to view charts with information on infections detected at the stations e Summary Data to view and save the reports that contains all statistic data or selective statistic tables Quarantine to view and remotely manage station Quarantine contents 7 6 1 Tables To view tables 1 Select the Network item in the main menu 2 Click the name of the station or group in the hierarchical list and select a necessary item in the Tables section of the control menu panel on the left The Tables section contains the following items Summary data view and save the reports that contains all statistic data or selective statistic tables see Summary data section Infections view information on virus events list of infected objects viruses actions etc Errors view a list of scanning errors on the selected workstation during a certain period Statistics view statistics on the operation of anti virus facilities on a workstation see Statistics section Start End view a list of components which operated on the workstation 202 A AN T v A A Y Chapter 7 Administration of Workstations 203 e Viruses view informa
372. stations 204 Jobs Station jobs execution log Full statistics Statistics of scanning in DB Virus Bases Station status monitoring Virus databases monitoring Station jobs execution log Modules List of the station modules in DB All network installations Information about installations in DB The windows with the statistics for different components and the total statistics of workstations have the same interface and the actions to set the information to be provided are similar Below is given an example how to get statistics for anti virus components operation on a certain workstation Below are several examples for viewing the statistics via the Dr Web Control Center Statistics To view the statistics on operation of anti virus programs on a workstation 1 In the anti virus network catalog select the necessary station o group If you want to view records for several stations select these stations keeping the SHIFT or CTRL key pressed 2 Select Statistics item from the Tables section of the control menu panel on the left 3 The Statistics window will be opened The statistics for last 24 hours are displayed by default 4 To view the data for certain time period specify the certain time period relatively today in the drop down list or select the arbitrary date range on the toolbar To select the Ta AN ax 10 11 Chapter 7 Administration of Workstations arbitrary date range enter required date
373. stations 208 Depending on the object selected in the hierarchical list station or group different collections of charts are displayed In the table below charts and sections of the control menu in which these charts are displayed are listed Table 7 5 Correspondence between charts items selected in the hierarchical list and sections of the control menu Top 10 viruses Infection Viruses Charts Stations having the maximum of Infection the reported infections Infection Types Viruses Installations results All network installations Average infection activity Statistics Having the maximum of errors Errors Components errors Errors Job resolutions Jobs Infection classes Charts Infection treatment Charts Daily virus activity Charts The most infected stations of the d gt Charts group Stations having the maximum of the reported infections displays the list of 10 stations which are infected by the most number of infected objects Chart displays numerical data on number of objects founded at these stations Infection Types pie chart that displays the number of detected infected objects by the type of these objects Installations results pie chart that displays the number of Ta AN ax Chapter 7 Administration of Workstations all installations launched from this Server divided by installation result For the failed installations with error reasons
374. stems for example Linux FreeBSD Solaris etc e Windows family groups This family includes a set of groups which correspond to specific version of Windows operation system e Windows CE group This group contains stations which operate under Windows Mobile OS Transport The following groups elicit the protocol of workstations connection to the Server These groups are completely virtual may not have any settings or be primary groups e TCP IP group The group contains workstations connected at the moment through the TCP IP protocol IPX group The group contains workstations connected at the moment through the IPX protocol NetBIOS group The group contains workstations connected at the moment through the NetBIOS protocol Ungrouped This group contains stations which are not included in any of user groups User Groups These groups are assigned by the anti virus network administrator for his her own needs The administrator may create own groups and include workstations in them The contents and names of such groups are not restricted by Dr Web Enterprise in any manner In the table bellow all possible groups and group types are given for 152 Ta J g ax Chapter 6 Groups Integrated Workstations Management your reference along with the specific parameters supported or not supported by the groups The following parameters are considered Automatic membership The parameter
375. stics as a charts click Charts in the control menu A statistics charts window will be opened described below 205 A Q T A A A yy V Chapter 7 Administration of Workstations 206 Status To view the data on an unusual state of workstations which might need your attention for a certain period 1 On the control menu in the Tables section select Status To show the Status item in the control menu select Administration Configure Dr Web Enterprise Server On the Statistics data tab clear the Station Status monitoring flag then restart the Server 2 Status information displays automatically in compliance with parameters specified on the toolbar 3 To view only data of certain severity specify the severity level by selecting the respective level in the Severity drop down list By default the Very low gravity level is selected all data being displayed 4 The list will also include the stations disconnected for several days from the Server Type this number of days in the entry field in the left of the Severity list In case of excess of this count situation is rated as critical and it will displays in the Status section 5 You can format the way the data are presented just like in the statistics window above workstations select those workstations in the network wy To view operation results and statistics for several catalog Ta 3J AN ys Chapter 7 Administration of Works
376. string First there is a check that the previous three characters are all digits and then there is a check that the same three characters are not 999 This pattern does not match foo preceded by six characters the first of which are digits and the last three of which are not 999 For example it doesn t match 123abc foo A pattern to do that is lt d 3 lt 999 foo This time the first assertion looks at the preceding six characters checking that the first three are digits and then the second assertion checks that the preceding three characters are not 405 Ta J N ax Appendices 999 Assertions can be nested in any combination For example lt lt foo bar baz matches an occurrence of baz that is preceded by bar which in turn is not preceded by foo while lt d 3 999 foo is another pattern that matches foo preceded by three digits and any three characters that are not 999 Conditional subpatterns It is possible to cause the matching process to obey a subpattern conditionally or to choose between two alternative subpatterns depending on the result of an assertion or whether a previous capturing subpattern matched or not The two possible forms of conditional subpattern are condition yes pattern condition yes pattern no pattern If the condition is satisfied the yes pattern is set otherwise the no pattern if present is set If there are
377. string and the definition is placed on the right as in the Backus Naur form E1 The General Format of Address The network address looks as follows lt protocol gt lt protocol specific part gt By default lt protoco gt has the TCP value IPX and NetBIOS are also possible The default values of lt protocol specific part gt are determined by the application IP Addresses lt interface gt lt ip address gt lt ip address gt can be either a DNS name or an IP address separated by periods for example 127 0 0 1 e lt socket address gt lt interface gt lt port number gt lt port number gt must be specified by a decimal number Ta J N ax Appendices 319 IPX Addresses lt interface gt lt ipx network gt lt mac address gt lt ipx network gt must contain 8 hexadecimal numbers lt mac address gt must contain 12 hexadecimal numbers e lt socket address gt lt interface gt lt socket number gt lt socket number gt must contain 4 hexadecimal numbers NetBIOS Addresses e Datagram oriented protocol nbd NAME PORT LANA Connection oriented protocol nbs NAME PORT LANA where NAME NetBIOS computer name PORT port by default 23 LANA number of the network adapter important for NetBEUI Examples 1 tep 127 0 0 1 2193 means a TCP protocol port 2193 on an interface 127 0 Or Ty 2 tcp
378. sts e The Secure group defines access rights for protected connections via HTTPS e The InSecure group defines access rights for unprotected connections via HTTP The Priority lt priority gt parameter defines the priority for processing lists of allowed and forbidden connections If you specify the deny value all addresses which are not included into both groups Allow and Deny will be forbidden If you specify allow they will be allowed The Allow group list of parameters defines addresses access to which is alowed from the Server The Deny group list of parameters defines addresses access to which is forbidden from the Server Addresses are added to the allowed forbidden lists in the following format for TCP IP tcp lt P address gt lt prefix gt for SPX spx lt network_number gt lt station_address gt The Authorization group of parameters defines the necessary parameters for user authorization when the Server is accessed to process a corresponding request G3 Proxy Server Configuration File The drwcsd proxy xml configuration file of the Proxy server is presented in the XML format and located in For Windows OS Proxy server installation folder Ta J i ax Appendices e For UNIX system based OS etc subfolder of the Proxy server installation folder or in the current user work directory The drwcsd proxy root element contains one or several obligatory Proxy Se lis
379. subpattern that can itself be repeated an unlimited number of times the use of an atomic group is the only way to avoid some failing matches taking a very long time indeed The pattern D lt d gt matches an unlimited number of substrings that either consist of non digits or digits enclosed in lt gt followed by either or When it matches it runs quickly However if it is applied to aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa it takes a long time before reporting failure This is because the string can be divided between the internal D repeat and the external repeat in a large number of ways and all have to be tried The example uses rather than a single character at the end because PCRE has an optimization that allows for fast failure when a single character is set They remember the last single character that is required for a match and fail early if it is not present in the string If the pattern is changed so that it uses an atomic group like this 400 Ta J N ax Appendices gt D lt d gt sequences of non digits cannot be broken and failure happens quickly Back references Outside a character class a backslash followed by a digit greater than 0 and possibly further digits is a back reference to a capturing subpattern earlier that is to its left in the pattern provided there have been that many previous capturing left parentheses However if
380. t In the drop down list select the component to be updated by this task 271 Ta J N ax Chapter 9 Updating the Dr Web Enterprise 272 Security Suite Software and Its Components Dr Web Enterprise Agent Dr Web Enterprise Server Dr Web Enterprise Updater Dr Web for Unix Dr Web Virus Bases All Dr Web Enterprise Products if you want to set a task for updating all Dr Web ESS components For Server 5 0 and later versions updates from the GUS servers are not supplied To upgrade the Server use the installer of corresponding version and make the upgrade procedure according to general rules described in Upgrading Dr Web __ESS__for Windows OS or Upgrading Dr Web ESS for UNIX System Based Systems 6 Go to the Time tab and in the Time drop down list set the time span of running the task and specify time according to the time span selected similarly to setting the time in the schedule of a workstation read p Editing Scheduled Tasks on a Station above 7 Click Save to accept the changes 9 4 Updating the Repository of a Server not Connected to the Internet If the anti virus Server is not connected to the Internet its repository can be updated manually Copy the repository of another ESS Server which has been updated normally This way is not meant for upgrading For Server 5 0 and later versions updates for the Server itself fromthe GUS servers are not supplied Ta J N ax Chapter
381. t in the Encryption and Compression drop down lists e Yes enables obligatory traffic encryption or compression for all components is set by default for encryption if the parameter has not been modified during the Server installation e Possible instructs to encrypt or compress traffic with those components whose settings do not prohibit it No encryption or compression is not supported is set by default for compression if the parameter has not been modified during the Server installation When coordinating the settings of the encryption policy on the Server and other components the Agent or the Network Installer one should remember that certain combinations are incompatible and if selected will result in disconnecting the corresponding component from the Server 229 7 ax A J AN Chapter 8 Configuring the Dr Web Enterprise Server Table 8 2 describes what settings provide for encryption between the Server and the components when the connection will be non encrypted and what combinations are incompatible Error Table 8 2 Compatibility of the encryption policy settings Yes Error Possible No Error Encryption of traffic creates a considerable load on A computers whose capacities are close to the minimal system requirements for the components installed on them read p System Requirements So when traffic encryption is not needed you can disable thi
382. t of the program If the Execute synchronously flag is set the Server logging the start of the program the returned code and the time of the program shutdown Select the period till the license expiration when to execute the task licenses of Server and Agent either See paragraph Updating Mobile Agents for details Specify the message to be logged Use these tasks to create backups of the Server database the license key file and private key Specify the folder where to store the backup files empty by default and the maximum number of backup copies allowed for unlimited number of copies use 0 Appendix H5 5 for details Specify the absence period after which the station should be considered absent for too long After this period a reminder displays Specify the period after which the event should be purged This task affects only the event which the secondary Servers fail to deliver to the main Server If the secondary Server fails to send an event the event is moved to the list of unsent events which the Server tries to resend periodically When you execute the Purge unsent IS events task the events older than the specified period are purged 238 Ta J FQ ax Chapter 8 Configuring the Dr Web Enterprise Server Purge old Specify the time period 90 days is by default stations Stations which do not visit the Server during specified period will be considered outdated and deleted Purge old
383. tat drweb com If necessary you can set up the connection parameters in the field below It is not recommended to set the interval of sending less than 1 hour To configure statistics via the Dr Web Control Center use the Settings tab In the Encryption and Compression drop down lists the policy of traffic encryption and compression between Enterprise Server and Enterprise Agents is selected for more read p Traffic Encryption and Compression You can also use the following options Set the Show host name flag to log host names instead of workstations IP addresses e Set the Replace NetBios name flag to display host names instead of workstation names in the catalog of the anti virus 221 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server network when host names cannot be detected IP addresses are displayed A Show host name and Replace NetBios name flags are cleared by default If the DNS service is not set up properly enabling these boxes may considerably slow down the Server operation When using any of these options it is recommended to enable cashing names on the DNS server If the Replace NetBios name flag is set and anti virus network contains the Proxy server when for all stations connected to the Server via the Proxy server in the Dr Web Control Center the name of computer on which the Proxy server is installed will be shown instead of stations names Synchronize the stati
384. tations 207 7 6 2 Charts Infection Charts To view general charts with information on detected infections 1 In the main menu select Network then in the hierarchical list click the station or group name 2 In the control menu left pane in the General section select Charts This opens a window with the following charts Top 10 viruses lists top ten widespread viruses that infected the most number of files The chart displays numerical data on infected objects per a virus Daily virus activity displays the total number of viruses detected per day at all selected workstations and groups during the selected time period Infection classes displays numerical data on objects with the specified types of infections Infected stations in the group displays numerical data on infected stations in each group that contains such stations Infection treatment displays numerical data on infected objects which were processed by anti virus 3 To view data for a certain time slot specify it in the drop down list on the toolbar view the certain day or month Or you can select the arbitrary date range To do this enter required time and date or click the calendar icons to set the time period and then click Refresh Total Statistics Charts Graphical data is displayed in the Charts entry of the General section and in some entries of the Table section Ta J g ak Chapter 7 Administration of Work
385. ted when computing the number of any subsequent capturing subpatterns For example if the string the white queen is matched against the pattern the red white king queen 395 Ta J N ax Appendices the captured substrings are white queen and queen and are numbered 1 and 2 The maximum number of capturing subpatterns is 65535 and the maximum depth of nesting of all subpatterns both capturing and non capturing is 200 As a convenient shorthand if any option settings are required at the start of a non capturing subpattern the option letters may appear between the and the Thus the two patterns i saturday sunday 1 saturday sunday match exactly the same set of strings Because alternative branches are tried from left to right and options are not reset until the end of the subpattern is reached an option setting in one branch does affect subsequent branches so the above patterns match SUNDAY as well as Saturday Repetition Repetition is specified by quantifiers which can follow any of the following items a literal data character the metacharacter the C escape sequence an escape such as d that matches a single character a character class a back reference see the next section a parenthesized subpattern unless it is an assertion The general repetition quantifier specifies a minimum and maximum number of permitted matches by giving the two numbe
386. tem administrator may send the users informational messages including message text hyperlinks to Internet resources company logo or any other graphic presentation exact date of message receipt in the title of the window These messages are displayed on user s PC as popup windows see figure 7 1 Dr Web Anti virus 2010 09 27 18 02 07 Dear users The Dr Web Firewall component was installed on ved computer For details about functionality of this component look here Sincerely Administration Figure 7 1 Message window on user s PC To send a message to a user 1 Select the Network item in the main menu 2 Select the workstation or group in the hierarchical list and click the General 4 Send message button on the toolbar Fill in the following fields in the opened window 215 Aq P AN y v Chapter 7 Administration of Workstations Message text an obligatory field containing the message itself Show the company logotype in the message set this flag if you want a graphical object to be displayed in the message window title To load the file of the object from the local resource click the Browse button to the right of the Logotype file field and select the necessary object in the opened file system explorer You can also set the title of the message or the company name in the Name field This text will be displayed in the message window title to the ri
387. ten elements which define basic settings of the rver for receiving connections A listen element contains one obligatory attribute spec attributes of which define an interface to listen incoming client connections and whether the discove ry mode is enabled on this interface The spec attribute contains following properties protocol type of the protocol for receiving incoming conn ections Address which the Proxy server listens is set as an attribute port port which the Proxy server listens imitation mode the mode of Server imitation Allows dete ction of the Proxy server as Enterprise Server by the Network scanner multicast multicast group where the Proxy server is locat Properties ed values of the spec attribute and their parameters are specified in the table G 1 Table G 1 Properties of the lt element protocol P 0 0 0 0 IO T netbios port no port 2193 imitation mode no discovery yes no no multicast no multicast 2S Os Os 1 348 Ta J FQ ax Appendices The spec attribute contains one obligatory protocol property and three non obligatory properties which are port imitation mode and multicast Depending on value of the protocol property the list of non obligatory properties in the s pec attribute may vary The G 2 table contains the list of non obligatory properties which can be set or can not be set in the spec attribute depending on val
388. terprise Security Suite Components Set installation language elfPROtection is on YE NO Message about necessity to turn off SelfPROtection YES Repeat the check NO Display information about product Set enterprise key file YE Create new DB oO Procedure Procedure use initialize new D8 existing DB Set properties of repository update E Server installation Figure 2 1 The Dr Web Enterprise Server installation procedure flowchart click any block in the flowchart to see its description The flowchart contains three built in procedures The Server installation procedure step 17 does not require user intervention see description below and is performed directly by the installer Figure 2 2 and Figure 2 3 illustrate installation procedure flowcharts for cases when a new DB is created and when an existing DB is used Ta J i ax Step 5 Step 6 Step 7 Step 8 Step 9 Step 11 Step 12 Step 13 Step 14 Step 15 Set primary key file Display information about DB Chapter 2 Installation and Removal of Dr Web 35 Enterprise Security Suite Components Procedure with new DB Set agent key YES omplete installation Set components catalogs Set parameters of the templates and logging Use old primary ke NO nternal DB elected Set DB parameters Set network parameters Set proxy and statistics parameters Set password
389. th the Agent disable it via the Agent context menu to do this you must have administrative rights at the station and rights for disabling the component which are set at the Server 1 2 Copy the drwcsd pub public key from the new Server to the Agent installation directory Change the Server address at the Agent settings Via the Dr Web Control Center for the old Server Network option of the main menu Dr Web Enterprise Agent for Windows option of the control menu gt Network tab Server field At the station Settings submenu of the Agent context menu gt Connection option gt Server field Set the station to the Newbie reset parameters of connection with the Server Via the Dr Web Control Center for the new Server Administration option of the main menu gt Dr Web Enterprise Server Configuration option of the control menu General tab set the Reset unauthorized to newbie flag 423 Ta J N ax Frequently Asked Questions 424 At the station Settings submenu of the Agent context menu Connection option Newbie button 4 Restart the Agent service see the Dr Web_ Enterprise Agent section If rights for changing the Dr Web Enterprise Agent settings are not allowed for the station use the following procedure 1 If the drwcsd pub public key of the new Server does not match with the public key of the old Server you must change this key at the Agent If t
390. the Control Center the Quarantine will not be deleted from the station To uninstall the anti virus software from a workstation for Windows OS only 1 Select the Network item in the main menu of the Dr Web Control Center 2 In the opened window select the necessary group or certain anti virus stations 3 Click General ix Uninstall Dr Web Agent in the toolbar of the anti virus network catalog 4 The Agent software and the anti virus package wil be removed from the workstations selected connection between Enterprise Server and the anti virus workstation the Agent software will be uninstalled from the selected computer once the connection is recovered wy In case Agent removal is instructed when there is no Uninstalling the Dr Web Enterprise Agent and Anti Virus Package Locally To remove the Agent and the anti virus package locally this option must be allowed at the Server in the Rights section You can remove the station anti virus software Agent and anti virus package 1 By means of standard Windows OS services 2 By using the Agent installer 83 Ta J N ax Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components Ifthe Agent and anti virus package are uninstalled via the standard Windows OS services or via the Agent installer user will be prompt for Quarantine deleting Removing by Means of Standard Windows OS Services This removing method will be avail
391. the domain name or the IP address The port construction may be absent in this case by default 80 will be regarded the port number for the HTTP server and 3128 for the proxy server The servers in the list are polled consequently once the updating is successful the polling procedure terminates Ta J g ys Example Appendices The current version supports only base HTTP and proxy HTTP authentication Constant HTTP redirects code 301 are cached in memory till sync with httpf httpf httpf httpf httpf esuite esuite esuite esuite esuite server reboot us drweb com Jp drweb com If using the proxy server sync wi jp drwe http proxy http proxy msk3 drweb com update 10 3 0 74 auth user http proxy http proxy msk7 drweb com update http proxy tp proxy tp proxy EP proxy th b com update msk3 drweb com update msk4 drweb com update msk drweb com update update update 10 3 0 74 auth user 10 3 0 74 auth user E 10 3 0 74 auth user msk5 drweb com update E 10 3 0 74 auth user msk6 drweb com update E 10 3 0 74 auth user msk drweb com update 10 3 0 74 auth user usl drweb com update 10 3 0 74 auth user ee ey ee pass pass pass pass pass pass pass pass http http http hee esul esul esul esul esu
392. the Dr Web Enterprise Server For more about the repository please refer to Appendix F Administration of the Repository 8 4 2 Checking the Repository State To check current repository state or update the Dr Web Enterprise Security Suite components select the Administration item in the main menu of the Dr Web Control Center and click Repository state in the control menu In the opened window the Dr Web Enterprise Security Suite components list their last revision date and current state are displayed To check updates availability and download available components updates from the GUS click the Check for updates button 8 4 3 Editing the Configuration of the Repository A repository configuration editor allows to specify the repository configuration parameters common to all products update the repository to change its state according new settings After repository settings have been changed you must 241 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server To edit the configuration of the repository select the Administration item in the main menu and click Configure repository in the control menu Dr Web GUS Setup On the Dr Web GUS tab you can set parameters of the Global Update System The Dr Web Control Center allows you to Remove a server from the list select one or more servers necessary object and on the toolbar click Remove servers from list fx To select several elem
393. the installation type click Next 37 Ta J N s Chapter 2 Installation and Removal of Dr Web Enterprise Security Suite Components If you are going to use the ODBC for Oracle as an external A database select the Custom option and disable the installation of Oracle client in the Database support Oracle database driver section in the opened window Otherwise Oracle DB functioning will fail because of the libraries conflict If you selected Complete in the previous step a window for changing the default installation folder Cc Program Files DrWeb Enterprise Server will be opened If necessary click Change and specify the installation folder Click Next If you selected Custom in the previous step a window for selecting the necessary components will be opened You can change the installation parameters for each component in the context menu install component locally for network access or do not install component If you wish to change the installation folder for a component click Change and specify the installation folder Click Next Next you can choose the language of the notification l templates set the Agent shared installation folder hidden by default and set up installation logging If you want the Server to be started automatically after the installation set the Start service during setup flag If you want to add an exception for your operating system firewall except the Windows 2000
394. the opened pane click Browse and select the Agent license key file 3 Click Save 4 If the list of components licensed for installation at the station in the new key differs from the list in the old key request for specifying settings according to the components list from the new key will be prompt In the offered objects list stations and groups for which lists in the old key and in the imported key are differ and the differences list which components are absented and added Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface in the new key are presented Set flags for objects for those you want to set new settings for installing components list For other objects with cleared flags settings specified before key changing will remain the same Change the Current Agent License Key for the Already Included To change current Agent license key for key already included in the anti virus network 1 In the main pane of the License manager select the Agent key record you want to assign for the object station or group and click the Propagate these settings to another object at the toolbar In the opened pane select the necessary station or group must not be empty To select several objects left click them similarly to clear selection Click Save If the license key is already assigned to the station or wy group in their personal settings to assign a new key from the l
395. the sync only instruction is not used the added files should be listed in sync ignore otherwise they will be deleted during synchronization The sync delay Instruction The sync delay instruction sets the list of files which if changed disable the product transition to a new revision The repository continues to distribute the previous revision and it is not synchronized the state of product is frozen If a user finds this revision acceptable for distribution he must edit the ia status file and restart the Server read Appendix F3 id Files Examples The automatic distribution of new revisions is disabled syne dellay 7 no automatic dilsitributaen I will test everything myself The automatic distribution of revisions where the executable files are updated is disabled sync delay exe dll The state only and state ignore Instructions The state only and state ignore instructions set limit the list of files for distribution Example For Enterprise Agent e german polish and spanish interface languages should not be received others will be received Ta 2 N a Appendices 331 no components designed for Windows 98 OS Windows Me OS should be received sync ignore As soon as the listed files are in th repository they are to be propagated Therefore they should be deleted or listed in state ignore or full synchronization in this configuration
396. these settings in the toolbar 3 To edit a task select it in the list This will bring up the Job editor window which is described below 4 To add a new task to the list click the i New job item in the toolbar This will bring up the New job window where you should specify necessary parameters described below and click Save 5 You can also enable or disable certain tasks 6 To export the schedule to a special file click the button in the toolbar 7 To import the schedule from a file click the 5 button in the toolbar Ta J i ax Chapter 8 Configuring the Dr Web Enterprise Server wy Values of fields marked by the sign must be obligatory specified To edit the parameters of a task 1 On the General tab In the Name entry field assign a name to the task which will be displayed in the schedule To enable the job set the Enable execution flag To disable the job clear the flag The job will remain on the list but will not be executed The Critical job flag instructs to perform the job at next Enterprise Server launch if execution of this job is omitted theEnterprise Server is switched off at the due time If a task is omitted several times within a certain period of time then it will be performed only once after the Enterprise Server has been launched 2 On the Action tab select the type of task in the Action drop down list The bottom part of the window containing the paramet
397. tion on viruses detected on a workstation grouped by type e Status view information on unusual and possibly action demanding status of the workstation during a certain period see Status section Jobs view the list of tasks set for a workstation during a certain period Full statistics view full statistics which is not divided into sessions Virus bases view details on the Dr Web virus databases installed including information on the file containing a particular database virus database version the total number of virus records in the database the database creation date e Modules view detailed information on all Dr Web modules including module description and function the corresponding executable file the full module version etc All network installations view a list of software installed on a workstation To show hidden items select Administration in the main menu then select Configure Dr Web Enterprise Server in the control menu On the Statistics data tab set corresponding flags then click Save and restart the Server Table 7 4 Correspondence between items of Tables section and flags of Statistics data section Infections Infection in DB Errors Errors of scanning in DB Statistics Statistics of scanning in DB Start End Information on the start end of the components in DB Viruses Infection in DB Status Station status monitoring Ta J i ax Chapter 7 Administration of Work
398. to create it Particularly there will be no backup critical data task if the initially installed and then consequently upgraded Server version is 4 32 H5 6 Commands for Windows OS Only drwcsd lt switches gt install install the Server service in the system e drwcsd uninstall uninstall the Server service from a 364 Ta J N ax Appendices 365 system drwcesd kill perform emergency shutdown of the Server service if normal termination failed This instruction should not be used without extreme necessity drwcsd silent disable messages from the Server Used in command files to disable Server interactivity H5 7 Commands for UNIX System Based OS Only e drwesd config similar to reconfigure or kill SIGHUP commands restart the Server drwcsd dumpimportdb log imported data to a database drwcesd interactive run the Server but do not direct the control to the process drwcsd newkey generate a new encryption keys drwesd pri and drwesd pub drwcsd readtempl reread notification templates from the drive drwcsd readrepo reread repository from the drive drwesd selfcert generate a new SSL certificate certificate pem and RSA private key private key pem drwcesd shell lt file_name gt run the binary file drwcsd showpath show all program paths registered in the system drwcsd stat similartosend_signal WINCH orkill SIGWINCH comman
399. to detailed descriptions of the regular expressions syntax in p Links or refer to the User Manual Dr Web Anti Virus for Windows the section about the Scanner arguments 199 Ta AN ax Chapter 7 Administration of Workstations Extensions List for setting parameters via the item of the control menu To activate the Extension list section set the Selected types value for parameter Scan files on the General tab Only the files with extensions from this list will be scanned While changing extensions list use the tf button to add a new item of a list and the button to delete present item You can use special symbols and in extension list The list with extensions of executable and archive files are set by default To restore default values click the N button Mask List for setting parameters via the item of the control menu To activate the Mask list section set the User masks value for Scan files parameter on the General tab Only the files with names and extensions from this list will be scanned While changing mask list use the ha button to add a new item of a list and the button to delete present item You can use special symbols and in extension list The list with extensions of executable and archive files are set by default To restore default values click the S button Miscellaneous At the Miscellaneous tab set the additional parameters of the Scanner 200 Ta AN ax
400. to the Dr Web Control Center Blocks of parameters consist of the the following groups and parameters The prefix Static Script Handler or Mixed is specified before the name of the parameter block and defines how corresponding user requests are processed e The Static prefix defines a static processing method which implies that a user is given the final value the requested file without changes e g an image which is stored on the Server e The Handler prefix defines a processing method which implies execution of a script specified in the parameters of the block upon receiving the user request paths specified in the request do not have to be correct It is necessary to have the Script lt script_name gt instruction in the body of the instruction block e The Scripts prefix defines a processing method which implies execution of all files from the user request as scripts e The Mixed prefix defines a mix of Static and Scripts processing methods It is necessary to have the Scripts lt script_extension gt instruction in the body of the instruction block which defines executable scripts 346 Ta J N ax Appendices 347 according to extension Other files which do not comply with the values of the given group of parameters will be passed on statically without any processing The Access group of parameters contains access rights for the resources of the Server when processing the received user reque
401. to update workstations also after an updating error in this case the error state will be reset The administrator of the anti virus network can grant a user with the permissions to change the configuration of the workstation and launch tasks as well as restrict or prohibit such actions The configuration of workstations can be modified even when they are temporarily disconnected from the Server These changes will be accepted by the workstations as soon as they are reconnected to the Server 7 1 Management of Workstation Accounts 7 1 1 New Stations Approval Policy Procedure of stations adding via the Control Center is described in the Creation of a New User Account section Possibility of managing authorization of stations at the Enterprise Server depends on the following parameters Ta J N ax Chapter 7 Administration of Workstations 1 If during the Agent installation Automatic authorization is selected mode of stations access to the Server is defined according to settings specified at the Server used by defaut 2 If during the Agent instalation Manual authorization is selected and Identifier and Password parameters are specified when connecting to the Server station will be authorized automatically regardless of Server settings installation is described in p Installation _of the Dr Web Enterprise Agent in the Graphical Mode of the Installer step 6 wy Setting the type of the Agent authorization
402. tries continuously to find the Server at interval of about a minute The option Mobile mode will be available on the context menu provided that the mobile mode of using the Dr Web GUS has been allowed in the station permissions for more read p Setting Users Permissions When the Agent is functioning in the mobile mode the Agent is not connected to Enterprise Server All changes made for this workstation at the Server will take effect once the Agent mobile mode is switched off and the connection with the Server is re established In the mobile mode only virus databases are updated To adjust the settings of the mobile mode select Mobile mode Settings In the Update period field set the frequency of checking the availabilty of updates on the GUS If necessary set the Only when connected to Internet flag When using a proxy server set the Use proxy to transfer updates flag and below specify the address and the port of the proxy server and the parameters of authorization 276 Ta N ax Chapter 9 Updating the Dr Web Enterprise Security Suite Software and Its Components In the mobile mode to initiate updating immediately select Mobile mode Start update The Start update option is disabled if connection to the Server is active To switch off the mobile mode on the context menu of the Agent icon select Mobile mode and clear the Active flag The color of the icon will change from yellow to green and th
403. trol menu select the Summary data option to view the data on the total number of entries on events at neighbour Servers In the table with statistic data on neighbour Servers the following data is displayed Infections infections which are detected at stations connected to the neighbour Servers Errors scanning errors Statistics statistics on detected infections Start Stop the launch and termination of scan tasks e Status status of anti virus software on stations All network installations network installations of the Agent 3 To view the page with detailed tabular information on events at neighbour Servers click the number of entries on demand event at the table in Summary data section 255 Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server Also to view the page with detailed tabular information on events at neighbour Servers select the corresponding item see step 2 in the Tables section of the control menu To view the data for certain time period specify the certain time period relatively today in the drop down list or select the arbitrary date range on the toolbar To select the arbitrary date range enter required dates or click the calendar icons next to the date fields To load data click Refresh To save the table for printing or further processing click fe Save shown data in CSV format or Al Save shown data in HTML format or a Save shown data in XML format
404. tting Up the Database Driver for Oracle General Description The Oracle Database or Oracle DBMS is an object relational DBMS Oracle may be used as an external DB for Dr Web ESS The Dr Web Enterprise Server may use the Oracle DBMS as an external database on all platforms except FreeBSD see Installation and supported versions To use the Oracle DBMS 1 Install an instance of Oracle DB and set up the AL32UTF8 encoding Also you may use existence instance which is configured to use the AL32UTF8 encoding 2 Set up the database driver to use the respective external database You can do this in configuration file or via Dr Web Control Center Configure Dr Web Enterprise Server Database tab If you are going to use the ODBC for Oracle as an external A database select the Custom option and in the opened window disable the installation of Oracle client in the Database support Oracle database driver section in the installer settings during the Server installation or upgrade Otherwise Oracle DB functioning will fail because of the libraries conflict Ta J i ax Appendices Installation and Supported Versions To use Oracle as en external DB you must install the instance of the Oracle DB and set up AL32UTF8 CHARACTER SET AL32UTF8 NATIONAL CHARACTER SET ALI6UTF16 encoding This can be done in one of the following ways e Using an Oracle installer use an external mode of instance
405. u will have to edit the start script for FreeBSD OS usr local etc rc d drwcsd sh for Linux OS and Solaris OS etc init d drwcsd Aq P ry A v Frequently Asked Questions Restoring the Database of Dr Web Enterprise Security Suite Dr Web ESS regularly backs up important data database contents Server license key private encryption key Server configuration key and Dr Web Control Center configuration key The backup fies are stored in the folowing folders relatively to the Server installation folder for Windows OS var Backup for Linux OS var opt drwcs backup for FreeBSD and Solaris OS var drwcs backup For that purpose a daily task is included to the Server schedule If such task is missing it is strongly recommended to create t The copies are stored in the dz format unpackable with gzip and other archivers After unpacking all the files except for the database contents are ready to use To restore the data the database contents can be imported from the backup to another database of the Server by means of the importdb switch Restoring the DB for Different Versions of the Enterprise Server You can restore the DB from the backup copy only if it had been created via the Server of the same major version as the version of the Server which you use for restoring For example e You can restore DB from the backup created via the Server of 5 0 version using the Server of 5 0 versi
406. uction can be used only once in the configuration file Alert lt DRIVER gt from lt PATH gt using lt PARAMETERS gt Determination of the annunciator lt DR VER gt annunciator driver name lt PATH gt path where the driver is to be loaded from lt PARAMETERS gt annunciator parameters Read more in p Setting Alerts wy This instruction can be used only once in the configuration file In this and in the next instruction the parameters in the using field are separated by spaces The parameter name is separated from the value by an equal sign should not be surrounded by spaces If the parameter can have more than one value they are separated from each other by the vertical bars If the parameter value contains equal signs vertical bars or spaces they are replaced with the amp amp e amp amp 1 amp amp s sequences accordingly Transport lt NAME gt lt STREAM gt lt DATAGRAM gt It determines the transport protocols and assigns them to network interfaces lt NAME gt Server name set as in the name instruction above if an empty line is specified the name is taken from name lt STREAM gt for example tcp lt DATAGRAM gt for example udp have the format described A AN T V A A y Appendices 341 in Appendix D The Parameters of the Notification System Templates Disable Message lt message gt To disable sending messages of a specific type possible p
407. ue gt Enable audit logging of the operations performed by the administrator on the Dr Web Control Center and writing the log to the DB Possible values Yes or No AuditInternals lt value gt Enable audit logging of the Server internal operations and writing the log to the DB Possible values Yes or No G2 Dr Web Control Center Configuration File The Dr Web Control Center configuration file webmin conf is located in the etc subdirectory of the Server root directory Formal grammar based on the Extended Backus Naur Form EBNF notation is used for description of the Server configuration file It uses the following symbols group of symbols fragment of the configuration file terminal symbol lt gt nonterminal symbol e symbol for selecting one of the given elements 2 symbol or group of symbols to the left of the operator is not obligatory may occur 0 or 1 time Ta J N ax Appendices 344 symbol or group of symbols to the left of the operator may be repeated any number of times or may be omitted symbol or group of symbols to the left of the operator may occur 1 or more times any symbol from the specified range period at the end a reserved character which indicates completion of a rule The format of the Dr Web Control Center configuration file lt instruction gt lt parameter gt lt
408. ue of the protocol parameter Table G 2 Presence of non obligatory properties in dependence of the value of protocol parameter 1p ipx netbios ar T Redirection of incoming connections is adjusted via the forward element which is a chid element of listen The forward element contains one or more obligatory to attributes whose values define addresses of Enterprise Servers where the connection should be redirected to An address of Enterprise Server is specified according to the The Specification of Network Addresses in particular in the following format tcp lt DNS_name gt lt port gt The forward element is obligatory Each listen element can contain several forward elements The drwcsd proxy root element may contain non obligatory cache root element which defines the path to the cache directory of the Proxy server If cache root element has not been specified caching data will be saved in the temporary directory of OS user Example 349 Ta 2 AN ax Appendices 350 lt xml version 1 0 gt lt drwcsd proxy gt lt Specify path to cahe directory if not specified will create directory in user temp gt lt cache root gt C Work es head build a x86 bin var lt cache root gt lt property Lp 1p Met bios Unk derine protocol family and address of addapter gt lt property port define port ko listen on Detaulite 2193 on 22 for netoilos gt lt pro
409. uliarities of PCRE Regular Expressions A regular expression is a pattern that is matched against a subject string from left to right Most characters stand for themselves in a pattern and match the corresponding characters in the subject The power of regular expressions comes from the ability to include alternatives and repetitions in the pattern These are encoded in the pattern by the use of metacharacters which do not stand for themselves but instead are interpreted in a special way There are two different sets of metacharacters those recognized anywhere in a pattern except within square brackets and those recognized in square brackets Outside square brackets the metacharacters are as follows general escape character with several uses Ta J N ax Appendices 386 7 assert start of string or line in multiline mode assert end of string or line in multiline mode match any character except newline by default start character class definition end character class definition start alternative branch start subpattern end subpattern extends the meaning of also O or1 quantifier also quantifier minimizer 0 or more quantifier 1 or more quantifier also possessive quantifier start min max quantifier Part of a pattern that is in square brackets is called a character class In a character class the only metacharacters are general escape character ne
410. ure is implemented according to general rules Ping requests can be blocked because of network policies e g by firewall settings For example If in Windows Vista and later OS network settings the Public location options is set OS will block all ping requests During regular scanning ping requests are not sent and all stations in the network are sequentially scanned to detect Agents This method can be used as an addition to quick scan if there are stations in the network whereon ping requests are blocked Quick scan is parallel regular scan is sequential The Network scanner operating speed is different for these cases Maximal scanning time is calculated in the following way for regular scan lt N gt lt timeout gt for quick scan lt N gt 40 2 lt timeout gt where lt N gt stations quantity lt timeout gt value specified in the Timeout field 3 4 2 License Manager Enterprise Server contains the License Manager component This component helps you to manage the license key files of Server and Agent To open the License manager select Administration item in the main menu of Dr Web Contro Center In the opened window select the License manager item in the control menu pane on the left 118 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface The main pane of the License manager consist of hierarchical list that contains e Server keys This sectio
411. ust be an assertion This may be a positive or negative lookahead or lookbehind assertion Consider this pattern again containing non significant white space and with the two alternatives on the second line 2 a z a z d 2 a z 3 d 2 d 2 d 2 d 2 The condition is a positive lookahead assertion that matches an optional sequence of non letters followed by a letter In other words it tests for the presence of at least one letter in the subject If a letter is found the subject is matched against the first alternative otherwise it is matched against the second This pattern matches strings in one of the two forms dd aaa dd or dd dd dd where aaa are letters and dd are digits 407 Aq P ry A v Appendices 408 Appendix L Log Files Format Events on the Server see p Dr Web Enterprise Server Logging and the Agent are logged into a text fie where every line is a separate message The format of a message line is as follows lt year gt lt month gt lt day gt lt hour gt lt minute gt lt second gt lt centisecond gt lt message_type gt lt process_id gt lt thread_name gt lt message_source gt lt message gt where lt year gt lt month gt lt date gt lt hour gt lt minute gt lt second gt lt hundredth_of_second gt exact date of message entry to the log file lt message_type gt log level e fti Fatal error instructs to inform only of the
412. ut the license 2 Add new license keys for the Agent 3 Change the current Agent license key for the new one 4 Change current Agent license keys for keys already included in the anti virus network 5 Remove the licence keys for the Agent View the Summaries about the License To view the summaries about the license in the main pane of the License manager select the record to view the detail information and click the L Edit at the toolbar In the opened pane you can view the following information e owner of the license the dealer who sold the license identification number of the license Ta 2 N ax Chapter 3 Components of an Anti Virus Network 123 and Their Interface license expiration date Inclusion of the Anti spam component Anti virus components permissible to support by this license Add New License Keys for the Agent wy Several Agent license keys records can be specified To add the new license keys for the Agent 1 Click the a at the toolbar and select the fri Add agent key in the drop down menu 2 At the opened pane click Browse and select Agent license key file 3 Click Save Change the Current Agent License Key for the New One Change the current Agent license key for the new one 1 In the main pane of the License manager select the object station or group for which the key is specified and you want to change and click the L Edit at the toolbar 2 In
413. utational load properly the Dr Web ESS anti virus can also be used in the multiserver mode In this case the Server software is installed on several computers Enterprise Server is a memory resident component Enterprise Server software is developed for various OS see Appendix A The Complete List of Supported OS Versions Basic Functions The Dr Web Enterprise Server performs the following tasks initializes of installation of the Agent software and anti virus packages on a selected computer or a group of computers requests the version number of the anti virus package and the creation dates and version numbers of the virus databases on all protected computers updates the content of the centralized installation folder and the updates folder updates virus databases and executable files of the anti virus packages as well as executable files of the program on protected computers 88 Ta J N ax Chapter 3 Components of an Anti Virus Network and Their Interface Collecting Information on Anti Virus Network Communicating with Enterprise Agents Enterprise Server collects and logs information on operation of the anti virus packages Information is logged in the general log file implemented as a database In small networks not more than 200 300 computers an internal database can be used In larger networks it is recommended to use an external database An internal DB can be used if at most 200 300 stations
414. va21 name of the DB to connect to An Example of the drwcsd conf Configuration File If you deploy Oracle it is necessary to change the definition and the settings of the database driver in the configuration file of the Server See a fragment of the configuration file with corresponding parameters below Database definition Mandatory Only one definition is allowed Ta J N ax Appendices 302 database DB driver DLL or shared object name drworacle Oracle DB unix amp windows jload library from this path empty use default E rom woe using User DRWCS Password root ConnectionString 192 168 0 1 1521 ORADB Appendix B3 Setting Up the Database Driver for SQL CE If you do not need the direct operation with the DB via the ADO NET it is recommended to use an internal DB instead of SQL SE DB Internal DB is more stable and productive in comparison with the SQL CE General description Microsoft SQL Server Compact Edition SQL CE is a relational database produced by the Microsoft company It is an embedded database engine for desktop applications and mobile devices SQL CE may be used as an external database for Dr Web ESS To use SQL Server CE 1 Install the SQL CE server 2 Set up the database driver to use the respective external database You can do this in configuration file or via the Dr Web Control Center Configure Dr Web Enterprise Server Database tab Ta J i ys A
415. val 3 5 The Interaction Scheme of an Anti Virus Network Components The Figure 3 3 describes a general scheme of an anti virus network buit with Dr Web ESS The scheme illustrates an anti virus network buit with only one Server In large companies it is worthwhile installing several Enterprise Servers to distribute the load between them In this example the anti virus network is implemented within a local network but for the installation and operation of ESS and anti virus packages the computers need not be connected within any local network Internet connection is enough When a Dr Web Enterprise Server is launched the following sequence of commands is performed 1 Enterprise Server files are loaded from the bin catalog 2 the Server Scheduler is loaded 3 the content of the centralized installation catalog and update catalog is loaded notification system is initialized 4 Server database integrity is checked Server Scheduler tasks are performed 6 the Server is waiting for information from Enterprise Agents and commands from Dr Web Control Center Di 128 A AN T V A A yy Chapter 3 Components of an Anti Virus Network and Their Interface w wal a em Dr Web Enterprise HTTP HTTPS Server MEP IPX NetBIOS Dr Web Control Center network Protected local computer Unprotected local computer Figure 3 3 The physical structure of the anti virus
416. ver Enter access parameters to the data source the same as in the settings of Enterprise Server If the DB server is not installed on the same computer as Enterprise Server in the Server field specify its IP address or name Click Next The next window will be opened Specify the necessary DB access settings in this window Click Client configuration A window for selecting and setting the network protocol will be opened In the Network libraries field select a network library for TCP IP or Named Pipes recommended If the DB server is not installed on a local computer specify its name or IP address in the Server alias and Server name fields Click OK This window will close and the previous window for setting the driver will be available again Click Next The next window will be opened Check that the Only when you disconnect option the Use ANSI quoted identifiers and the Use ANSI nulls paddings and warnings flags are set Click Next The last window for setting access will be opened If ODBC driver settings allow you to change the language of SQL server system messages select English Select the necessary parameters When you are done click Finish A window with the summary of the specified 298 Ta J N ax Appendices 299 parameters will be opened 9 To test the specified settings click Test Data Source After you see a notification of a successful test click OK Appendix B2 Se
417. word eeececece Key DAES drwesd pub Address 10 4 0 57 Y Administrative console URL Connection options Stay online a Updates Receive Send Events Receive Send Figure 8 2 As a result the Parent Server MAIN will be included to the Parents and Offline folders see Figure 8 3 Ale ibe a i i Dr Web Enterprise Server Children 0 fp Offline 1 H MAIN i Online 0 Parents 1 jg MAIN Peers 0 Figure 8 3 7 Connect the Dr Web Control Center to the Parent Server MAIN and add the Child Server AUXILIARY to the list of neighbor Servers of the Parent Server To do this select Neighborhood item in the main menu A window with Ta J N ax Chapter 8 Configuring the Dr Web Enterprise Server the hierarchical list of the anti virus network Servers neighboring with the given Server will be opened To add a Server to the list click the Create neighbor in the toolbar In the opened window see Figure 8 4 select the Child type In the Name entry field type the name of the Child Server AUXILIARY in the Password field type the same password as at step 6 To the right of the Key field click View and specify the drwcsd pub key of the Child Server In the Administrative console web address field specify the address of a start web page for the Dr Web Control Center of the child Server see p Dr Web Control Center Flags in Updates and Events sections are set according to parent child type of
418. ys names C Windows Names of files and folders code examples input to the command line and application output Appendix A Cross references or Internal Hyperlinks to web pages Abbreviations The following abbreviations will be used in the Manual without further interpretation DFS Distributed File System Dr Web GUS Dr Web Global Update System ES Enterprise Suite Ta J N ax Chapter 1 Welcome to Dr Web Enterprise Security Suite EBNF Extended Backus Naur Form GUI Graphical User Interface a GUI version of a program a version using a GUI LAN Local area network e OS operating system e PC personal computer e UDS UNIX domain socket 1 3 About Dr Web Enterprise Security Suite Dr Web Enterprise Security Suite ensures complete anti virus protection of your company computers regardless of whether they are integrated in a local network or not Dr Web Enterprise Security Suite provides for centralized without user intervention installation of the anti virus packages on computers centralized setup of the anti virus packages centralized virus databases and program files updates on protected computers monitoring of virus events and the state of the anti virus packages and OS on all protected computers Dr Web ESS allows both to grant the users of the protected computers with the permissions to set up and administer the anti virus pack
Download Pdf Manuals
Related Search