EnginePath = "/bla/bla/bla/drweb32.dll"VirusBase = "/bla/bla/bases/*.vdb", "/bla/bla/bases/*.VDB"
UpdatePath = "bla/bla/updates"
TempPath = "/bla/bla/spool"
Key = "/bla/bla/drweb32.key"
MailAddressesList = "/bla/bla/email.ini"
OutputMode = Terminal
RunForeground = No
using SIGHUP!
User = drweb
configuration using SIGHUP!
PidFile = "/bla/bla/run/drwebd.pid"
BusyFile = "/bla/bla/run/drwebd.bsy"
MaxChildren = 16
SIGHUP!
PreFork = Yes
MailCommand = "/bla/bla/sendmail -i -bm -f drweb -- root"
NotifyPeriod = 14
NotifyFile = "/bla/bla/.notify"
; =========================
; = Scanning settings =
; =========================
;FileTimeout = { value, seconds }
; Maximum time to check object during single session.
FileTimeout = 30
;StopOnFirstInfected = { Yes | No }
; Cancel or not message checking after first virus detected.
; Setting to "Yes" value can minimize mail-server load and message check time.
StopOnFirstInfected = No
;ScanPriority = { value }
; Priority of scanning process. Value should be from -20 (highest) to 19 (lowest).
;ScanPriority = 0
;FilesTypes = { extension list }
; File types to check during "by type" scanning, i.e. when ScanFiles parameter is set to "ByType" value.
; "*" and "?" characters are acceptable.
;FilesTypes = EXE,COM,SYS,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,VXD,386,DLL,FON,DO?
;FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,AR?,ZIP,R??,PP?,OBJ,LIB,HLP,MD?
;FilesTypes = INI,MBR,IMG,CSC,CPL,MBP,SHS,SHB,PIF,SO,CHM,REG,XML,PRC,ASP,LSP
;FilesTypes = MSO,OBD,THE*,NWS,SWF,BMP,MPP,OCX,DVB,CPY,MSG,EML
;FilesTypesWarnings = { Yes | No }
; Warn or not for unknown file types.
FilesTypesWarnings = Yes
ScanFiles = All
;CheckArchives = { Yes | No }
; Unpack or not ZIP (WinZip, InfoZIP...), RAR, ARJ, TAR, GZIP and CAB archives.
CheckArchives = Yes
;CheckEMailFiles = { Yes | No }
; Scan or not files in e-mail formats.
CheckEMailFiles = Yes
;ExcludePaths = { list of paths (mask) to files }
; Masks for files which should not be checked by Daemon.
ExcludePaths = "/proc", "/sys", "/dev"
;FollowLinks = { Yes | No }
; Follow or not symbolic links while scanning.
FollowLinks = No
RenameFilesTo = #??
MoveFilesTo = "/bla/bla/infected"
; ==============================
; = Communication settings =
; ==============================
Socket = /bla/bla/run/.daemon
Socket = 3000 127.0.0.1
;SocketTimeout = { value, seconds }
; Time to receive/send all data through socket (not considering scanning time).
SocketTimeout = 10
;ListeningQueue = { value }
; Defines socket queue maximum size. Value should be from 0 to SOMAXCONN (depends on OS).
ListeningQueue = 128
; =================================
; = Archive scanning settings =
; = Protection from DoS attacks =
; =================================
MaxCompressionRatio = 500
CompressionCheckThreshold = 1024
MaxFileSizeToExtract = 40960
MaxArchiveLevel = 8
; ============================================
; = Rule-based filter for e-mail headers =
; ============================================
ScanEncodedHeaders = Yes
RejectCondition Subject = "[postmaster] Hey"
RejectCondition Subject = "[postmaster] Only"
RejectCondition Subject = "[postmaster] Quality"
RejectCondition Subject = "[postmaster] Доставляем"
RejectCondition Subject = "[postmaster] Рассылка"
RejectCondition Subject = "[postmaster] АКЦИЯ"
RejectCondition Subject = "[postmaster] Работа"
RejectCondition Subject = "[postmaster] СПУТНИКОВОЕ"
RejectCondition Subject = "ВИП залы"
RejectCondition Subject = "ВЭД-2007"
RejectCondition Subject = "Прогулки на теплоходе"
RejectCondition Subject = "Восстановим вашу"
RejectCondition Subject = "водосточные системы"
RejectCondition Subject = "[postmaster] Помещение"
RejectCondition Subject = "шкаф-купе"
RejectCondition Subject = "Аренда теплохода"
RejectCondition Subject = "Организация мероприятий"
RejectCondition Subject = "секс"
RejectCondition Subject = "киска"
RejectCondition Subject = "киску"
RejectCondition Subject = "киски"
RejectCondition Subject = "киской"
RejectCondition Subject = "кисок"
RejectCondition Subject = "Hey -"
RejectCondition Subject = "BRANDKEYWORD"
RejectCondition Subject = "supermodel'"
....
RejectCondition Subject = "Туры по"
RejectCondition Subject = "квартир в аренду"
RejectCondition Subject = "квартиры в аренду"
RejectCondition Subject = "Зацени"
RejectCondition Subject = "цыганское "
RejectCondition Subject = "Автостекло"
RejectCondition Subject = "оружие"
RejectCondition Subject = "XXXXXX"
RejectCondition Subject = "VERTU"
RejectCondition Subject = "casino"
RejectCondition Subject = "erotic"
RejectCondition Subject = "pen!s"
RejectCondition Subject = "dic'k"
RejectCondition Subject = "dik"
RejectCondition Subject = "shy"
RejectCondition Subject = "s'e_x"
RejectCondition Subject = "s'e_xual"
RejectCondition Subject = "orgasm"
RejectCondition Subject = "porno"
RejectCondition Subject = "impotence"
RejectCondition No "From"
RejectCondition From = "Sex"
RejectCondition From = "PORNO"
RejectCondition From = "Penis"
RejectCondition From = "VIAGRA"
RejectCondition From = "Versace"
RejectCondition From = "ELITE PHONE"
RejectCondition From = "Вvlgаri"
RejectCondition From = "VERTU"
RejectCondition From = "weapon"
RejectCondition From = "XXX"
RejectCondition From = "Интерьеры"
RejectCondition From = "Watch"
RejectCondition From = "Майс Эйдженси Оупен"
RejectCondition From = "Маркетолог"
RejectCondition From = "5-6 декабря"
RejectCondition From = "Оффшoры"
RejectCondition From = "V-I-A-G-R-A"
RejectCondition From = "Lenochka"
RejectCondition From = "САЙТ ЗНАКОМСТВ"
RejectCondition From = "Онлайн Казино"
RejectCondition From = "Натусик"
RejectCondition From = "енок"
RejectCondition From = "Танечка"
RejectCondition From = "ак-аэрозоль"
RejectCondition From = "Киска"
RejectCondition From = "Хотелка"
RejectCondition To = "Lena <lenochka@yahoo.com>"
RejectCondition To = "xxx@xxx.com.ua"
RejectCondition To = "xxx@xxx.com.ua"
RejectCondition To = "xxx@xxx.com.ua"
RejectCondition To = "xxx@xxx.com.ua"
RejectCondition To = "xxx@xxx.com.ua"
RejectCondition To = "xxx@xxx.com.ua"
AcceptCondition From = "forum_xxx@xxx.ua"
;AcceptCondition Subject != "money"
;MissingHeader { field list }
; List of essential headers (absence of these will automatically lead to filtering message out).
MissingHeader "To", "From"
;FilterParts = { Yes | No }
; Allow ("Yes") or not ("No") using parameters RejectPartCondition and AcceptPartCondition.
FilterParts = Yes
;RejectPartCondition { ruleset }, AcceptPartCondition { ruleset }
; These are similar to RejectCondition and AcceptCondition parameters but used with particular message parts.
; Set of rules can be defined as "FileName = { mask }", where "mask" is POSIX 1003.2 compatible regular expression.
; This parameter works only if FilterParts parameter value is "Yes".
RejectPartCondition FileName = "\.exe$"
RejectPartCondition FileName = "\.mp3$"
RejectPartCondition FileName = "\.ogg$"
RejectPartCondition FileName = "\.mov$"
#RejectPartCondition FileName = "\.avi$"
RejectPartCondition FileName = "\.wav$"
RejectPartCondition FileName = "\.mp4$"
RejectPartCondition FileName = "\.mpeg$"
RejectPartCondition FileName = "\.mpeg2$"
RejectPartCondition FileName = "\.mpeg4$"
RejectPartCondition FileName = "\.mpg$"
RejectPartCondition FileName = "\.wma$"
RejectPartCondition FileName = "\.asf$"
RejectPartCondition FileName = "\.wm$"
RejectPartCondition FileName = "\.wmv$"
RejectPartCondition FileName = "\.mp2$"
RejectPartCondition FileName = "\.mpa$"
;---------------------------------------------------------------
[Scanner]
; =======================
; = Engine settings =
; =======================
;EnginePath = { path to file, usually *.dll }
; drweb32.dll (Engine) location. This parameter is also used by Updater.
; You may specify relative path, but it's strongly recommended to use absolute.
EnginePath = "/bla/bla/lib/drweb32.dll"
;VirusBase = { list of paths (masks) to files, usually *.vdb }
; Masks for loading virus bases. This parameter is also used by Updater.
; Several masks can be listed.
VirusBase = "/bla/bla/bases/*.vdb", "/var/drweb/bases/*.VDB"
;UpdatePath = { path }
; This parameter is used by update script.
; It specifies where to put downloaded files (except for drweb32.dll and virus bases).
UpdatePath = "/bla/bla/updates"
;TempPath = { path }
; This path is used by Engine for creating temporary files.
; /tmp will be used if TempPath is not defined.
; In general Daemon tries not to use TempPath.
TempPath = "/tmp"
;LngFileName = { path to file, usually *.dwl }
; Language resource file location.
;LngFileName = "/bla/bla/lib/ru_scanner.dwl"
;Key = { path to file, usually *.key }
; License key file location.
; You may specify relative path, but it's strongly recommended to use absolute.
Key = "/bla/bla/drweb32.key"
; ========================
; = Running settings =
; ========================
;OutputMode = { Terminal | Quiet }
; "Terminal": output information to console, "Quiet": no output.
OutputMode = Terminal
; =========================
; = Scanning settings =
; =========================
HeuristicAnalysis = Yes
;ScanPriority = { value }
; Priority of scanning. Value should be from -20 (highest) to 19 (lowest).
;ScanPriority = 0
;FilesTypes = { extension list }
; File types to check during "by type" scanning, i.e. when ScanFiles parameter is set to "ByType" value.
; "*" and "?" characters are acceptable.
FilesTypes = EXE,COM,SYS,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,VXD,386,DLL,FON,DO?
FilesTypes = XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,AR?,ZIP,R??,PP?,OBJ,LIB,HLP,MD?
FilesTypes = INI,MBR,IMG,CSC,CPL,MBP,SHS,SHB,PIF,SO,CHM,REG,XML,PRC,ASP,LSP
FilesTypes = MSO,OBD,THE*,NWS,SWF,BMP,MPP,OCX,DVB,CPY,MSG,EML
;FilesTypesWarnings = { Yes | No }
; Warn or not for unknown file types.
FilesTypesWarnings = Yes
;ScanFiles = { All | ByType }
; Files to be checked after extraction from archive. If parameter is set to "ByType" value file extensions are considered.
; File extensions are set by default or in FilesTypes parameter.
; 'NOTE: for mail messages always "All" mode is used. "ByType" value can be applied only in local scanning mode.
ScanFiles = All
;ScanSubDirectories = { Yes | No }
; Scan or not contents of directories recursively.
ScanSubDirectories = Yes
;CheckArchives = { Yes | No }
; Unpack or not ZIP (WinZip, InfoZIP...), RAR, ARJ, TAR, GZIP and CAB archives.
CheckArchives = Yes
;CheckEMailFiles = { Yes | No }
; Scan or not files in e-mail formats.
CheckEMailFiles = Yes
;ExcludePaths = { list of paths (mask) to files }
; Masks for files which should not be checked by Scanner.
ExcludePaths = "/proc", "/sys", "/dev"
;FollowLinks = { Yes | No }
; Follow or not symbolic links while scanning.
FollowLinks = No
;RenameFilesTo = { mask }
; Mask for renaming files using custom file extension. If file has no extension mask is appended to filename as extension.
; Symbol "?" in mask is replaced by original symbol of file extension.
; Examples:
; If RenameFilesTo = #??
; 1) Original name of infected file was "eicar.com" -> it gets renamed to "eicar.#om";
; 2) Original name of infected file was "this_is_a_virus" -> it gets renamed to "this_is_a_virus.#".
RenameFilesTo = #??
;MoveFilesTo = { path }
; Path to quarantine directory.
MoveFilesTo = "/bla/bla/infected"
;EnableDeleteArchiveAction = { Yes | No }
; Allow or not Scanner to delete containers (archives, html pages, mailboxs, etc.) if they contain infected objects.
; WARNING: Whole container file will be removed, not only infected object. Be careful!
EnableDeleteArchiveAction = No
; By default Scanner logs information only about infected objects, but you can specify another actions for different cases.
; Possible log information:
; InfectedFiles - file infected by known virus;
; SuspiciousFiles - file possibly infected by unknown virus;
; IncurableFiles - file infected and can not be cured (only if InfectedFiles parameter value is "Cure");
; ActionInfectedMail - message or mailbox contains infected object;
; ActionInfectedArchive - archive (ZIP, TAR, RAR, etc.) contains infected object;
; ActionInfectedContainer - container (OLE, HTML, PowerPoint, etc.) contains infected object;
; ActionAdware - file contains advertising software;
; ActionDialers - file contains dialer program;
; ActionJokes - file contains joke (hoax) program;
; ActionRiskware - file contains potentially dangerous software;
; ActionHacktools - file contains hack tool;
; Possible actions:
; Report - only log information (by default);
; Cure - attempt to cure object (only for InfectedFiles parameter);
; Delete - delete object;
; Move - quarantine object (MoveFilesTo parameter);
; Rename - rename object (RenameFilesTo parameter);
; Ignore - ignore this type of objects. This action is similar to "Report" action but exit code
; doesnt contain information about these objects. This action is also useful for GUI version of Scanner.
InfectedFiles = Cure
SuspiciousFiles = Report
IncurableFiles = Delete
ActionAdware = Report
ActionDialers = Report
ActionJokes = Report
ActionRiskware = Report
ActionHacktools = Report
ActionInfectedArchive = Report
ActionInfectedMail = Report
ActionInfectedContainer = Report
; ====================
; = Log settings =
; ====================
;LogFileName = { filename }
; Log filename. When "syslog" value is specified report will be logged using syslogd system service.
; You should also correctly set SyslogFacility and SyslogPriority parameters in this case.
; Since syslog records information about different events of various importance in several files
; you can find out where information about Scanner operation is stored using these two parameters
; and syslog configuration file (usually /etc/syslogd.conf).
;LogFileName = "syslog"
;SyslogFacility = "Daemon"
;SyslogPriority = "Info"
LogFileName = "/bla/bla/log/drweb.log"
;LimitLog = {Yes | No}
; Limit or not log file size. Parameter is ignored when LogFileName parameter value is "syslog".
; When current log file size exceeds MaxLogSize parameter value log file is erased and started from scratch.
LimitLog = No
;MaxLogSize = { file size in Kb }
; Maximum log file size. This parameter is used only when LimitLog parameter value is "Yes".
MaxLogSize = 512
;LogScanned = { Yes | No }
; Log or not information about all checked objects (infected and clean).
LogScanned = Yes
;LogPacked = { Yes | No }
; Log or not additional information about files packed by DIET, PKLITE and similar utilities.
LogPacked = No
;LogArchived = { Yes | No }
; Log or not additional information about files archived by RAR, ZIP, TAR and similar archivers.
LogArchived = Yes
;LogTime = { Yes | No }
; Timestamp or not every record in log file.
LogTime = Yes
;LogStatistics = { Yes | No }
; Output or not summary statistics when scanning is finished.
LogStatistics = Yes
;RecodeNonprintable = { Yes | No }
; Output mode for nonprintable characters.
RecodeNonprintable = Yes
;RecodeMode = { Replace | QuotedPrintable }
; Recode mode for nonprintable characters if RecodeNonprintable parameter value is "Yes".
; These characters will be replaced by RecodeChar parameter value (see below) if RecodeMode parameter value is "Replace".
RecodeMode = QuotedPrintable
;RecodeChar = { "?" | "_" | ... }
; Defines symbol to replace nonprintable characters if RecodeMode parameter value is "Replace".
RecodeChar = "?"
; =================================
; = Archive scanning settings =
; =================================
;MaxCompressionRatio = { value }
; Maximum compression ratio, i.e. ratio of unpacked file length to length of packed file in archive.
; If the ratio exceeds MaxCompressionRatio parameter value file will not be extracted and therefore will not be checked.
; NOTE: message with such file will be treated as "mail bomb".
; NOTE: See also ArchiveRestriction parameter in filters configurations.
;MaxCompressionRatio = 5000
;CompressionCheckThreshold = { value in Kb }
; Size of file inside archive which triggers maximum compression ratio check
; (if enabled by MaxCompressionRatio parameter value).
;CompressionCheckThreshold = 1024
;MaxFileSizeToExtract = { value in Kb }
; Maximum file size to extract file from archive. If file size exceeds MaxFileSizeToExtract parameter value
; this file will be skipped.
; NOTE: message with such file will be treated as "mail bomb".
; NOTE: See also ArchiveRestriction parameter in filters configurations.
MaxFileSizeToExtract = 500000
;MaxArchiveLevel = { value }
; Maximum archive recursion level (archive packed in archive packed in archive etc.).
; NOTE: message with such file will be treated as "mail bomb".
; NOTE: See also ArchiveRestriction parameter in filters configurations.
MaxArchiveLevel = 8
;---------------------------------------------------------------
[Updater]
; ====================
; = General settings =
; ====================
;UpdatePluginsOnly = { Yes | No }
; Skip ("Yes") or not ("No") updating of Daemon/Scanner if you don't need it
; (e.g. you want to update plugins leaving Engine and virus bases intact)
; WARNING: Do not modify this parameter if unsure!
; See also DrlDir parameter below.
UpdatePluginsOnly = No
;Section = { Daemon | Scanner }
; Defines which component should be updated.
; Option could be overwritten by "--what=" command line switch.
Section = Daemon
;ProgramPath = { path to file }
; Path to Daemon/Scanner.
; Used by Updater to get product versions and API versions for installed binaries.
ProgramPath = /bla/bla/drwebd
;SignedReader = { path to file }
; Program used by Updater to read signed files.
SignedReader = /bla/bla/read_signed
;LockFile = { path to file }
; File used to prevent running multiple instances of Updater.
LockFile = /bla/bla/run/update.lock
;CronSummary = { Yes | No }
; Output ("Yes") or not ("No") update session result to stdout.
; Feature can be used for Administrator notification by e-mail if Updater is executed by cron.
CronSummary = Yes
;DrlFile = { path to file }
; List of currently available update servers. Updater randomly selects server for each update session.
; This file is signed by Dr.Web Ltd. and automatically updated. It cannot be changed manually.
DrlFile = "/bla/bla/bases/update.drl"
;DrlDir = { path to directory }
; Directory containing signed *.drl files pointing to Dr.Web plugins (e.g. VadeRetro antispam library) to be updated.
; WARNING: do not change contents of this directory!
; Directory can be relocated if needed.
DrlDir = /bla/bla/drl
; ====================================
; = Download settings =
; ====================================
;Timeout = { value, in seconds }
; Timeout defined for single download session.
; To use infinite timeout leave commented out or empty.
Timeout = 90
;Tries = { values }
; Number of retries to get updated files.
Tries = 3
;ProxyServer = { server }
; HTTP proxy server to use during update process.
; If you have no proxy server leave commented out or empty.
ProxyServer =
;ProxyLogin = { name }
; Proxy server authentication username (see ProxyServer parameter).
; If you have no proxy server leave commented out or empty.
ProxyLogin =
;ProxyPassword = { password }
; Proxy server authentication password (see ProxyServer parameter).
; If you have no proxy server leave commented out or empty.
ProxyPassword =
; ====================
; = Log settings =
; ====================
;LogFileName = { filename }
; Log filename. When "syslog" value is specified report will be logged using syslogd system service.
; You should also correctly set SyslogFacility parameter in this case.
; Since syslog records information about different events of various importance in several files
; you can find out where information about Updater operation is stored using these two parameters
; and syslog configuration file (usually /etc/syslogd.conf).
;LogFileName = "syslog"
;SyslogFacility = "Daemon"
LogFileName = "/bla/bla/log/updater.log"
;LogLevel = { Debug | Verbose | Info | Warning | Error | Quiet }
; Levels of details logging. Updater internal log levels are indirectly associated with syslog priorities if you use syslogd.
LogLevel = Verbose