Scanner

The component which performs scanning of file system objects (files, directories, boot records) at user’s request or as scheduled to detect threats. The user can start scans when operating in graphical mode or from the command line.

SpIDer Guard

A resident mode component that tracks file operations (such as creating, opening, closing, and launching). It sends requests to the Scanner to scan the contents of new and modified files, as well as executable files when programs are launched. It works with the OS file system using the fanotify system mechanism or a special kernel module (LKM, i.e. Linux Kernel Module), developed by Doctor Web. When using the fanotify system mechanism, the monitor can operate in an enhanced mode, blocking access to not yet checked files (all types or executables only) until the scan is completed. By default, the enhanced monitoring mode is disabled.

SpIDer Gate

The component which works in resident mode and monitors all network connections.

•It checks whether the requested URL falls into the unwanted category of web resources or in the user’s black list, and, if so, blocks access to the resource.

•It blocks sending e-mail messages if they contain dangerous objects or unwanted links.

•The component also sends Scanner tasks to scan files downloaded from the Internet (from servers whose access is not restricted) and blocks their download if they contain threats.

Additionally, if it has the permission from the user, the component sends URL to Dr.Web Cloud service for a scan.

Scanning Engine

The core component of the anti-virus protection. It is used by Scanner to detectviruses and malicious programs as well as algorithms to analyze suspicious behavior.

Dr.Web Anti-Spam

The component which performs scanning of email messages on spam. This component is not included in versions for ARM64 and E2K architectures.

Virus databases

Automatically updated database used by the scan engine. The database contains information for detection and curing of known threats.

Database of web resource categories

Automatically updated database. The database contains information on web resources assigned to predefined categories. SpIDer Gateuses it to block access to unwanted websites.

Updating component

It automatically downloads updates of the virus databases, databases of web resource categories and scan engine from Doctor Web servers (both scheduled and on demand).

Graphical management interface

The component that provides a window graphical interface for management of Dr.Web for Linux. It allows users to run scanning of file system objects in the graphical mode, manage operation of SpIDer Guard and SpIDer Gate, view the quarantine contents, launch receiving of updates, and also configure Dr.Web for Linux operation.

Notification agent

The component that works in a background mode. It displays pop-up notifications on events and Dr.Web for Linux indicator in the notification area, runs scheduled scanning. By default it is launched when user’s session starts in the desktop environment.

License Manager

The component simplifies work with licenses in graphical mode. It allows to activate license or demo period, view information about the current license, renew it, and install or remove the license key file.

SpIDer Guard, the file system monitor, can operate in one of the following modes:

•FANOTIFY—using the fanotify monitoring interface (not all GNU/Linux-based OSes support this mode).

•LKM—using the loadable Linux kernel module (compatible with any GNU/Linux-based OS with kernel 2.6.x and newer).
For ARM64 and E2K architectures work with the LKM is not supported.

By default, the file system monitor automatically chooses the appropriate operation mode according to the environment. If SpIDer Guard cannot be started, build and install a loadable kernel module by using the supplied source codes.