Dr.Web for Linux

Dr.Web Antivirus for Linux

It is recommended that all Mailborder Master and Child servers have two virus scanners if possible.  Dr.Web Antivirus for Linux is a low cost addition. You may install the Dr.Web Antivirus for Linux software and use the trial at no charge.

Based on our own personal experience here at Mailborder, Dr.Web is not one of the earliest detectors for viruses that mutate daily such as Word document macro viruses. However, Dr.Web is one of the most affordable Linux antivirus solutions we have found. Dr.Web is also very fast at scanning files for viruses.

*At the time of this writing Dr. Web for Linux costs €26.00 per year per server with an additional 40% discount during purchase. Dr. Web also offers discounts for additional servers and additional years. Mailborder Systems does not sell licenses for Dr. Web. The license must be purchased directly from Dr. Web or an authorized reseller.

Installation

Product: Dr.Web Antivirus for Linux (version 11.x)

Official Help: Dr.Web Linux Manual

Dr.Web can be installed by downloading their .run installation package or it can be installed using the Dr.Web repository. Once installed, you will need to register for your 90-day free trial. At the time of this writing, you can also receive a 40% purchase discount from your trial.

Configuration

Service Modifications:

Spider Gate must be disabled as it will interrupt Mailborder services.

drweb-ctl cfset LinuxFirewall.OutputDivertEnable off

Exclusions:

The Spider Guard must either be disabled or exclusions created to prevent interrupts to the Mailborder processes.

drweb-ctl cfset LinuxSpider.Start off

Add these exclusions even if you disable Spider Guard in the event it gets enabled in the future:

drweb-ctl cfset LinuxGUI.ExcludedPath -a /var/spool/mailborder/
drweb-ctl cfset LinuxSpider.ExcludedPath -a /var/tmp/mailborder/
drweb-ctl cfset LinuxGUI.ExcludedPath -a /var/tmp/mailborder/
drweb-ctl cfset LinuxSpider.ExcludedPath -a /var/lib/mailborder/
drweb-ctl cfset LinuxGUI.ExcludedPath -a /var/lib/mailborder/
drweb-ctl cfset LinuxSpider.ExcludedPath -a /usr/lib/mailborder/
drweb-ctl cfset LinuxGUI.ExcludedPath -a /usr/lib/mailborder/
drweb-ctl cfset LinuxSpider.ExcludedPath -a /srv/mailborder/
drweb-ctl cfset LinuxGUI.ExcludedPath -a /srv/mailborder/

License

After obtaining the trial license code, you will need to activate it. This can be a challenge on servers with no GUI. This is buried deep inside the Dr.Web FAQ and was difficult to find.

This is where we save you a lot of research pain. To install you license:

Option 1:

Replace the XXXX-XXXX-XXXX-XXXX with your Dr.Web license code to activate on your server.

drweb-ctl license --GetRegistered XXXX-XXXX-XXXX-XXXX

Option 2:

  1. Buried somewhere in the email you get from Dr.Web with the license code, there is an option to get a license key file instead of a code.
  2. Unpack the key file from the zip archive sent to you.
  3. Copy the key file to the /etc/opt/drweb.com directory and rename the file to drweb32.key

Run these commands:

drweb-ctl cfset Root.KeyPath /etc/opt/drweb.com/drweb32.key
drweb-ctl reload

Cloud Services

By default Dr.Web will use a cloud service when checking for viruses. While this has the benefit of bleeding edge virus detection, it comes at a cost. The first is speed. If the service is down or there is some sort of network interruption, it could cause serious delays in email processing. The second is privacy. Information about the virus scanner activities on your servers is sent to the Dr.Web cloud servers.

Our recommendation: turn it off.

  • Dr.Web performs definition updates every 30 minutes. That is bleeding edge enough in our book.
  • We don’t recommend sharing data with anyone.

To disable this feature:

drweb-ctl cfset Root.UseCloud off

Enabling

To enable this virus scanner for use with Mailborder, edit the file /etc/mailborder/conf.d/engine.cf and add these lines:

x_enable_drweb=yes
x_drweb=/usr/bin/drweb-ctl

Note that if your installation location is different, you will need to set the appropriate path for the x_drweb value.