Dr.Web Enterprise Security Suite
Dr.Web Enterprise Security Suite consists of a set of Dr.Web products designed to protect all hosts in a corporate network and a single Control center that facilitates the administration of many of the products.
Licensing
Protected objects | Supported OS and platforms | Basic license | Additional components |
Dr.Web Desktop Security Suite
|
Windows 8/7/Vista/XP/2000 SP 4 + Rollup 1 | Comprehensive protection | Control Center |
Anti-virus | Control Center | ||
Mac OS X Linux |
Anti-virus | Control Center | |
MS DOS OS/2 |
Anti-virus | Control Center | |
Dr.Web Server Security Suite Protection of file servers and application servers (including virtual and terminal servers) |
Windows Novell NetWare Mac OS X Server |
Anti-virus | Control Center |
Unix (Samba) Novell SS |
Anti-virus | ||
Dr.Web Mail Security Suite Protection of users of e-mail |
Unix MS Exchange Lotus (Windows/Linux) Kerio (Windows/Linux) |
Anti-virus | Control Center Anti-spam (except for Kerio) SMTP proxy |
Dr.Web Gateway Security Suite Protection of users of gateways |
Kerio Internet gateways | Anti-virus | Control Center |
Unix Internet gateways | Anti-virus | ||
MIMEsweeper Qbik WinGate |
Anti-virus | Anti-spam | |
Dr.Web Mobile Security Suite Protection of mobile devices |
Windows Mobile | Anti-virus | Control Center |
Android | Anti-virus | ||
Symbian OS | Anti-virus | Anti-spam |
Versatility
As a customer, you'll be given a single key file that will allow you to use a Dr.Web product to protect whatever objects you require for a desired platform. For example, a key file will let you choose between anti-virus protection for a Unix file server and a Windows file server. If you change your platform from Unix to Windows while your license is valid, you don't need to get a different key file. Instead you will be able to go to www.drweb.com to download and install free of charge a distribution file of the program you require.
Ask for a customized Quote |
Dr.Web Desktop Security Suite
Protection of workstations, clients of terminal servers, clients of virtual servers, embedded system clients
- Dr.Web for Windows
- Dr.Web for Linux
- Dr.Web for Mac OS X
- Dr.Web for MS DOS, OS/2
Licensing of Dr.Web Desktop Security Suite
Types of licenses
- Per number of protected workstations
- Per number of clients connected to the terminal server
- Per number of clients connected to the virtual server
- Per number of clients used in embedded systems
Dr.Web Anti-virus for Windows is licensed separately or as a component of Dr.Web Enterprise Security Suite.
License options
Windows 8/7/Vista/XP/2000 SP 4 + Rollup 1 (32 & 64 bit) |
Windows 8/7/Vista/XP/2000 SP 4 + Rollup 1 (32 & 64 bit) |
Linux 2.6.x (32 & 64 bit) |
Mac OS X 10.4+ (32 & 64 bit) |
MS DOS, OS/2 | |
Basic license | Comprehensive protection | Anti-virus | Anti-virus | Anti-virus | Anti-virus |
Basic license components |
|
|
|
|
|
Additional components | |||||
Control center | + | + | + | + | - |
Dr.Web Desktop Security Suite is also included in low-cost Dr.Web bundles for small and medium companies.
Dr.Web Antivirus for Windows
Advantages
Comprehensive protection from existing threats
Dr.Web for Windows provides reliable protection from most existing threats. Its unsurpassed quality of curing and reliable self-protection capabilities leave no loophole for viruses and other malware to find their way into the protected environment. The built-in firewall and the office control help prevent viruses from exploiting the vulnerabilities of operating systems and applications and allow you to control the operation of installed programs.
Increased labour productivity
Deployment of Dr.Web for Windows provides a positive effect instantly. Because the product provides comprehensive protection, the inflow of spam is cut completely, resulting in a much more productive working environment — important messages no longer get lost in a hefty volume of spam e-mails. In addition, computers in the network are no longer at risk of getting infected, which eliminates downtimes due to virus attacks and subsequent necessary system restoration processes.
Upholding reputations
With Dr.Web for Windows standing guard, criminals can't turn your workstations, embedded system clients, and terminal server clients into sources of viruses and spam that could get onto your customers' computers. Dr.Web for Windows helps you safeguard your reputation as a trustworthy partner.
Flexible licensing
Unlike many competitive solutions, Dr.Web for Windows enjoys the most flexible multi-optional licensing (see the Licensing tab). Doctor Web lets customers buy only the components they need; customers are not made to pay for features they will never use.
Centralized administration
The Control Center, which allows workstation protection to be centrally administered, is included under a Dr.Web Enterprise Security Suite license. The Control Center is equally reliable in networks of any scale and structural complexity — from small workgroup networks to distributed intranets with tens of thousands of hosts. The Control Center also affords the centralized administration of anti-viruses for file servers and application servers, including terminal servers, under Windows and Novell NetWare, for Unix mail servers, Microsoft Exchange, IBM Lotus, Kerio, and also for Dr.Web for mobile devices running Windows Mobile. More...
Experience with large projects
Among Doctor Web's customers are major national and international companies and banks, as well as Russia's government and educational institutions and scientific research institutes. Many of these entities have tens of thousands of computers in their networks. Moreover, Russia's highest government institutions entrust their information security to Doctor Web.
Key Features
Unique engine features
- Scans archived files at any nesting level
- Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
- Leader in detecting and neutralizing complex rootkits (Shadow.based (Conficker), MaosBoot, Rustock.C, Sector)
- Intelligent memory scan technologies allow viruses to be blocked in the RAM before replicating themselves to the hard drive, making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
- Dr.Web can detect and neutralize viruses that can be found only in RAM and do not exist as files on disks, e.g. Slammer or CodeRed
Detection of unknown threats
- FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
- The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
- The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats
Protection components
Detection of all types of threats (Dr.Web Scanner)
- Quick and thorough scanning of RAM, boot sectors, hard drives, and removable data-storage devices
- Neutralizes viruses, Trojans, and other malware.
- Comprehensive databases to detect spyware, riskware, adware, hack tools, and jokers
Real-time protection (SpIDer Guard® file monitor)
- Real-time monitoring of the system's health — interception of all calls to files located on local drives, floppy discs, CD/DVD/ Blue-ray disks, flash-drives, or smart cards
- File monitor is highly resistant to attempts by malicious programs to disrupt its operation
Anti-rootkit technology (Dr.Web Shield™)
- Reliable system protection from viruses featuring rootkit-technologies that allow viruses to hide their presence in a compromised system
- Neutralization of complex rootkits (Shadow.based (Confi?ker), MaosBoot, Rustock.C, Sector)
Virus-free e-mail (SpIDer Mail®)*
- On-the-fly virus scanning of e-mails over SMTP/POP3/NNTP/IMAP4 that doesn't affect performance of mail clients and doesn't cause receipt delays
- Individual processing rules for different types of malicious objects — viruses, riskware, adware, hack tools, paid dialers, and jokers
- An analysis of message contents and sending time allows the characteristics of malicious activities to be detected and prevents mail worms from carrying out mass mailings
Spam-free e-mail (Dr.Web Anti-spam)*
- Real-time filtering of incoming and outgoing e-mail
- The anti-spam doesn't depend on a mail client and doesn't cause receipt delaysThe anti-spam doesn't require configuration and starts working as soon as the first message is received
- Different filtering technologies ensure the high probability of detecting spam, phishing, pharming, scamming, and bounce messages
- Anti-botnet – you won't be disconnected from the Internet because your computer sends out spam
- Messages that have been filtered out are placed in a separate folder, so you can always verify that no false detection has occurred
- The standalone anti-spam analyzer module doesn't require connection to an external server or access to a database, saving on traffic
Shield from Internet threats (SpIDer Gate™ HTTP monitor)*
- The SpIDer Gate™ module scans incoming and outgoing HTTP traffic in real time, intercepts all HTTP connections, performs data-filtering, blocks infected web pages in any browser, scans files in archives, and protects users from phishing sites and other dangerous web resources.
- SpIDer Gate operates independently from web browsers
- Filtering doesn't affect overall system performance, surfing speed, or traffic
- No configuration is required in the default mode; Dr.Web SpIDer Gate starts scanning right after installation
Web-surfing control (office (parental) control)*
- Protection of children from exposure to objectionable content.
- Block of access to web-sites from the list divided into 10 subject groups (adult content, violence, weapons, drugs, gambling, etc.).
- Block of access to removable data storage devices, files, folders or network drives – an additional measure to protect data from deletion or unauthorized access.
Protection from network attacks (Dr.Web Firewall)*
- Protects against unauthorized access from a network; prevents data leaks; blocks suspicious connections on package and application layers
- The application layer connection control manages the ability of applications and processes to access network resources and registers access attempts in the applications log
- Packet layer filtering allows connections to the Internet to be controlled, regardless of which applications are involved. The packet filter log stores information about packets sent over network interfaces
* only "Comprehensive protection"
...and:
- On-demand scans\individual PC scan schedules;
- Automatic notifications upon the detection of infected, incurable, or suspicious objects;
- Virus database updating reminders;
- Centralized control over all components from a single control panel;
- Transparent operation – detailed reports on the operation of each module.
Updating
Always up-to-date
- Updating over the Internet, whether automatically or according to a schedule, doesn't require user interference. Updating can also be launched manually
- Updates are very small — just 50-200 KB, and it takes very little time to download them even if a slow Internet connection is used
- Updating servers are always available
- In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
- To save traffic, the anti-virus can be set to update virus databases only. However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in the anti-virus package's updated modules and are downloaded from Doctor Web's server automatically during regular updating sessions. To protect a system from new malware, all components of an anti-virus must remain up-to-date
- You can also reduce traffic by downloading updates as archived patch files. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data
Virus monitoring service
- The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed – as often as several times per hour
- As soon as an update is released, users can retrieve it from several servers located at various points of the globe
- To avoid false positives, an update is tested over a huge number of uninfected files before it is released
- The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats
Licensing
Types of licenses
- Per number of protected workstations
- Per number of clients connected to the terminal server
- Per number of clients connected to the virtual server
- Per number of clients used in embedded systems
Dr.Web Anti-virus for Windows is licensed separately or as a component of Dr.Web Enterprise Security Suite.
License options
- Comprehensive protection
- Comprehensive protection + Control ?enter
- Anti-virus
- Anti-virus + Control Center
Both the Anti-virus and the Comprehensive protection licenses include the Firewall.
System requirements
- Windows 8/7/Vista/XP/2000 SP4 + Rollup 1 (32- and 64-bit systems)
- Free disk space: ~40MB. An additional 8 MB are required to install the firewall
Additional requirements: Internet connection for registration and updating.
Dr.Web Server Security Suite
Protection of file storages and applications servers, including terminal server and virtual servers
- Dr.Web for Windows Server
- Dr.Web for Novell NetWare Server
- Dr.Web for Mac OS X Sever
- Dr.Web for Unix Server
Dr.Web Server Security Suite can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite
License options
Dr.Web for Windows Servers | Dr.Web for Novell NetWare Servers | Dr.Web for Mac OS X Servers | Dr.Web for Unix Servers | |
Basic license | Anti-virus | Anti-virus | Anti-virus | Anti-virus |
Additional components | ||||
Control center | + | + | + | - |
Dr.Web Server Security Suite is also included in low-cost Dr.Web bundles for small and medium companies.
Dr.Web for Windows Servers
Anti-virus protection for Windows servers
Advantages
- Compliance with the highest security standards; Dr.Web for Windows Servers is certified by Russia's Federal Security Service (FSB) and Federal Service for Technological and Export Control (FSTEC)
- High performance and stability
- High-speed scanning combined with low consumption of system resources allows Dr.Web to run smoothly on any server hardware
- Trouble-free automatic operation
- The delayed scan technology applied to files opened for reading provides flexible load balancing for a server file system
- Flexible client-oriented configuration of scanning and actions performed with detected viruses or suspicious files
- Simple installation and administration
- Sound protection immediately after installation (with default settings)
- Transparent operation — detailed logs with customizable verbosity
Technologies
Unique engine features
- Scans archived files at any nesting level
- Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
- Leader in detecting and neutralizing complex rootkits (Shadow.based (Confi?ker), MaosBoot, Rustock.C, Sector)
- Intelligent memory scan technologies allow viruses to be blocked in the RAM before replicating themselves to the hard drive, making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
- Dr.Web can detect and neutralize viruses that can be found only in RAM and do not exist as files on disks, e.g. Slammer or CodeRed
Detection of unknown threats
- FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
- The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
- The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats
Licensing
License types
- Per number of protected servers.
License options
- Anti-virus
- Anti-virus + Control Center
Dr.Web for Windows Server can be purchased as a component of Dr.Web Enterprise Security Suite.
Dr.Web for Windows Server is also included in low-cost Dr.Web Universal bundle for small and medium companies.
Key features
- Unique features
-
- Industry pacesetter! Curing active infections
- Installation in an infected system without its preliminary curing
- Stable operation under minimum/maximum load without affecting file server's performance significantly
- The delayed scan technology applied to files opened for reading provides flexible file system load balancing
- Scan of any object (if it can be scanned) whenever it is accessed by a user, the system or any application
- Self-protection
-
- Protecting its own modules from failures (Dr.Web SelfPROtect)
- Automatic restoring of operation of its own modules
- Engine protection
- Automatic disconnection of workstations that become a threat from the server
- Protection from malware and modification of all its objects including critical files, processes, windows and keys
- Installation and configuration, updating and launching
-
- Default settings allow using all features of the anti-virus right after its installation
- Remote installation using Active Directory
- available with the license Dr.Web Enterprise Security Suite + Dr.Web for Windows file servers
- Centralized anti-virus installation using Login Script
- Automatic launch on system start-up (the default launch interval is 30 minutes, unless a launch job is scheduled)
- Launch of scanning whenever an object that can be scanned is accessed by a user, the system or any application
- Automatic, manual and schedule launching of scanning and updating
- Quick loading and unloading of any module
- Flexible configuration of separate modules
- Customizable scanning parameters and actions performed upon detection of malicious objects
- Customizable actions sequences performed one after another to a malicious object if a previous or subsequent action can't be applied
- Automatic updating over the Internet
- Configuration of different types of jobs
- Scanning
-
- Unique! Installation in an infected system without its preliminary curing
- Improved! Multi-thread scanning
- Adjusting scanning priority
- Unique! The delayed scan technology applied to files opened for reading (adding files to the scanning queue to reduce server workload)
- Monitoring of running processes and file requests
- Detection and neutralization of viruses and malicious programs in packed files (not archived)
- New! Unique! Detection and neutralization of viruses disguised with unknown packers (FLY-CODE technology)
- Improved! Unique! The unique non-signature detection technology (Origins Tracing)
- Improved! Detection of viruses in archived files at any nesting level
- Improved! Detection of viruses in self-extracting archives at any nesting level
- Improved! Scan of files prepared by the installer
- Memory scan
- Scanning of disk drives
- Scan of logical drives
- CD scan
- Scan of network drives
- Scanning of directories
- File scan
- Detection of viruses in archives at any nesting level and in packed objects
- Scan of mail files
- Scan of boot sectors of disks
- Scan of e-mail formats
- Three types of scanning (express, full and custom)
- Adjusting scanning priority
- Several types of scan (all files/selected files/scan according to the filename extensions list/scan according to the masks list)
- File and path exclusions
- Customizable actions for infected and suspicious objects as well as for objects of other types: cure, move to the quarantine, delete
- Customizable action sequences performed to a malicious object if one of the actions can't be applied
- Custom actions for infected archives
- Custom actions for each infected object
- Scan of archived files at any nesting level
- Customizable maximum size of a file extracted for scanning
- Setting compression level limit for archived files to be scanned
- Blocking access to the infected object
- Customizable quarantine location
- Notifications
-
- Notifying a user about disconnecting his machine from the file server upon detection of a virus threat
- Notifying an administrator upon detection of a viral threat
- Logging
-
- Anti-virus log containing time of each event, name and type of the scanned object and the type of action applied to the object
- Customizable logging verbosity
- Customizable log file size
Updating
Always up-to-date
- Updating over the Internet, whether automatically or according to a schedule, doesn't require user interference. Updating can also be launched manually
- Updates are very small — just 50-200 KB, and it takes very little time to download them even if a slow Internet connection is used
- Updating servers are always available
- In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
- To save traffic, the anti-virus can be set to update virus databases only. However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in the anti-virus package's updated modules and are downloaded from Doctor Web's server automatically during regular updating sessions. To protect a system from new malware, all components of an anti-virus must remain up-to-date
- You can also reduce traffic by downloading updates as archived patch files. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data
Virus monitoring service
- The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed – as often as several times per hour
- As soon as an update is released, users can retrieve it from several servers located at various points of the globe
- To avoid false positives, an update is tested over a huge number of uninfected files before it is released
- The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats
System requirements
- Windows NT/2000/2003/2008 (32 and 64-bit).
Dr.Web for Unix Servers
Dr.Web for Unix Server is a high performance anti-virus for Samba file storages run under Unix-like operating systems (Linux, FreeBSD, Solaris). With its ability to process huge amounts of data in real-time, reliable operation, and flexible configuration, Dr.Web for Unix Server meets the requirements of companies of any size.
Samba SpIDer is a file monitor for a Samba server. Implemented as a loadable plugin for a virtual file system (vfs), Samba interface, it also operates as a client communicating with Dr.Web Daemon and receives scanning requests
Advantages
- High performance and stability
- High-speed scanning combined with low consumption of system resources allows Dr.Web to run smoothly on any server hardware
- Flexible, client-oriented configuration of scanning and actions performed with detected viruses or suspicious files
- Perfect compatibility – the anti-virus doesn't conflict with any known firewall or file monitor
- Easy administration, simple installation, and configuration
Technologies
Unique engine features
- Scans archived files at any nesting level
- Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
- Leader in detecting and neutralizing complex rootkits.
- Intelligent scan technologies allow viruses to be blocked making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
Detection of unknown threats
- FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
- The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
- The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats
Licensing
License types
- Per number of protected servers.
License options
- Anti-virus
Dr.Web for Unix Server can be purchased as a component of Dr.Web Enterprise Security Suite.
Dr.Web for Unix Server is also included in low-cost Dr.Web Universal bundle for small and medium companies.
Key features
- On-demand and scheduled scanning of server volumes
- On-the-fly scan –checks files for viruses as they are about to be written or opened
- Multi-thread scan
- Automatic disconnection of workstations from the server as soon as they've been identified as threat sources
- Instant notifications for the administrators and their groups via e-mail, short messages sent to a phone, or pager
- Isolation of infected files in the quarantine
- Curing, restoration, and removal of quarantined objects
- Anti-virus actions log
- Automatic updating of virus databases
Updating
Always up-to-date
- Updating over the Internet, whether automatically or according to a schedule, doesn't require user interference. Updating can also be launched manually
- Updates are very small — just 50-200 KB, and it takes very little time to download them even if a slow Internet connection is used
- Updating servers are always available
- In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
- To save traffic, the anti-virus can be set to update virus databases only. However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in the anti-virus package's updated modules and are downloaded from Doctor Web's server automatically during regular updating sessions. To protect a system from new malware, all components of an anti-virus must remain up-to-date
- You can also reduce traffic by downloading updates as archived patch files. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data
Virus monitoring service
- The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed – as often as several times per hour
- As soon as an update is released, users can retrieve it from several servers located at various points of the globe
- To avoid false positives, an update is tested over a huge number of uninfected files before it is released
- The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats
System requirements
- Linux distributions with kernel version 2.4.x and higher;
- FreeBSD v.6.х and higher for Intel x86 platform and amd64;
- Solaris v.10 for Intel x86 platform and amd64.
Dr.Web for Novell Netware
Dr.Web for Novell NetWare scans file storages run under NetWare for viruses. It demonstrates high performance combined with reliable detection of viruses where its speed and productivity are only limited by hardware capabilities. The program is launched on the protected server as a loadable module (NLM module) and is controlled from the server console or from a remote console launched on a workstation.
Advantages
- Widest range of supported versions of Novell Netware — from 3.12 up to 6.5
- Support of NetWare namespace
- Simultaneous support of several network protocols
- High-speed scanning of huge amounts of data at minimum consumption of system resources both real-time and on demand
- Manageable consumption of CPU resources by adjusting the priority of the scanning process
- Simple installation procedure
- Flexible client-oriented configuration of scanning and actions performed with detected viruses or suspicious files
- User control panel
Technologies
Unique engine features
- Scans archived files at any nesting level
- Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
- Leader in detecting and neutralizing complex rootkits (Shadow.based (Confiсker), MaosBoot, Rustock.C, Sector)
- Intelligent memory scan technologies allow viruses to be blocked in the RAM before replicating themselves to the hard drive, making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
- Dr.Web can detect and neutralize viruses that can be found only in RAM and do not exist as files on disks, e.g. Slammer or CodeRed
Detection of unknown threats
- FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
- The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
- The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats
Licensing
License types
- Per number of protected servers.
License options
- Anti-virus
- Anti-virus + Control Center
Dr.Web for Novell NetWare can be purchased as a component of Dr.Web Enterprise Security Suite.
Dr.Web for Novell NetWare is also included in low-cost Dr.Web Universal bundle for small and medium companies.
Key features
- On-demand and scheduled scanning of server volumes
- On-the-fly scanning of all files transferred via the server
- Multi-thread scan
- Automatic disconnection of workstations from the server if they become threat sources
- On-demand scan
- Scheduled scan
- Scanning of files by format or using the list of extensions, directories, and volumes exceptions, scanning of all objects
- Heuristic virus scan
- Scan of packed, archived, and mail files
- Scan logging; adjustable logging verbosity
- Notifications upon detection of infected objects
- Curing, and removal or moving of infected objects to the quarantine
- Anti-virus administration from the server console or a remote console: configure the notification system, monitor protection, and optimize configurations
- Instant notifications for the administrators and their groups over – mail
- Customizable notifications
- Scanning statistics displaying process operational time, number of scanned files, and information about detected viruses
- Anti-virus actions log
- Automatic updating of virus databases
Updating
Always up-to-date
- Updating over the Internet, whether automatically or according to a schedule, doesn't require user interference. Updating can also be launched manually
- Updates are very small — just 50-200 KB, and it takes very little time to download them even if a slow Internet connection is used
- Updating servers are always available
- In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
- To save traffic, the anti-virus can be set to update virus databases only. However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in the anti-virus package's updated modules and are downloaded from Doctor Web's server automatically during regular updating sessions. To protect a system from new malware, all components of an anti-virus must remain up-to-date
- You can also reduce traffic by downloading updates as archived patch files. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data
Virus monitoring service
- The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed – as often as several times per hour
- As soon as an update is released, users can retrieve it from several servers located at various points of the globe
- To avoid false positives, an update is tested over a huge number of uninfected files before it is released
- The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats
System requirements
- Novell NetWare 3.12-6.5.
Dr.Web Mail Security Suite
Protection of e-mail
- Dr.Web for Unix Server
- Dr.Web for MS Exchange
- Dr.Web for IBM Lotus Domino (Windows, Linux)
- Dr.Web for Kerio Mail Server(Windows, Linux, Mac)
Licensing Dr.Web Mail Security Suite
Types of licenses
- Per number of protected users.
- Per server license –unlimited scanning of server e-mail traffic for as many as 3,000 protected users.
Dr.Web Mail Security Suite can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite
License options
MS Exchange | IBM Lotus Domino | Unix | Kerio | |
Basic license | Anti-virus | Anti-virus | Anti-virus | Anti-virus |
Additional components | ||||
Anti-spam | + | + | + | - |
SMTP proxy | + | + | + | + |
Control center | + | + | + | + |
A Dr.Web Mail Security Suite license may also include the SMTP proxy as an additional component. Using these products together improves overall network security and reduces the workload of local mail servers and workstations.
Dr.Web Mail Security Suite is also included in low-cost Dr.Web bundles for small and medium companies.
Dr.Web for MS Exchange
Anti-virus and anti-spam protection of mail traffic directed through MS Exchange 2000/2003/2007/2010 servers
Advantages
- Compliance with the highest security standards – the product is certified by Russia's Federal Security Service (FSB) and Federal Service for Technological and Export Control (FSTEC)
- Wide range of installation and configuration options that meet the requirements of almost any company
- High-speed scanning combined with low consumption of system resources allows Dr.Web to run smoothly on any server hardware
- The built-in anti-spam doesn't require training, lowers server workload and improves employee productivity
- Filtering based on black and white lists allows certain addresses to be excluded from scanning and efficiency to be increased
- Filtering of files by type, contributing to lower traffic
- Grouping allows different filtering parameters to be specified for different groups of employees which contributes to faster deployment and easier maintenance
- High performance and stability achieved with multi-thread scanning
- Detection and neutralization of viruses disguised with unknown packers
- Automatic launch on system start-up
- Easy-to-use updating system using Windows Task Scheduler
Anti-spam
Advantages of Dr.Web anti-spam
- The anti-spam doesn't require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives, so the anti-spam doesn't require daily training by the system administrator
- It detects spam messages regardless of their language
- No e-mail receipt delays
- Real-time e-mail filtering
- High-speed filtering with low consumption of system resources
- Scanning objects at any nesting level
- It can choose a processing technology for the target object depending on the message envelope or upon detection of blocking objects
- Messages that have been filtered out are placed in a separate folder so one can always check them to make sure that no false detection has occurred
- With the unique technologies there is no need for blacklists. No company will be discredited after it has been deliberately added to such a list
- Completely stand-alone: a constant connection to an external server or access to a database are not required which saves traffic significantly
- Doesn't need to be updated more often than once in 24 hours – unique spam detection technologies based on several thousands of rules allow the anti-spam to stay up to date without frequent downloads of bulky updates
Vade Retro
Filtering of spam and other unsolicited messages is performed by a vaderetro plugin that uses its own library (Vade Retro). The library is updated regularly for better quality of filtering. High junk filtering productivity is combined with low consumption of system resources. This is the reason why Dr.Web anti-spam is able to operate efficiently on low-end hardware.
Depending on the results of the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The higher the score is, the more likely the message is to be spam.
The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.
Upon completion of a message analysis, Vade Retro may add (depending on the plugin settings) corresponding headers into the message.
Spam filtering technologies
The Dr.Web anti-spam analyzes messages using several thousands of rules which can be divided into several groups.
- Heuristic analysis
- A highly intelligent technology that empirically analyzes all parts of a message: header, body, and attachments. It allows detecting unknown types of spam. The heuristic analyzer is being constantly improved; new rules are frequently added. It allows detecting next generation spam messages even before a corresponding rule is created.
- Counteraction filtering
- The counteraction filtering is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps recognize techniques and tricks used by spammers to avoid detection.
- HTML-patterns
- Messages containing HTML code are compared with HTML patterns from the anti-spam library. Such comparison in combination with data on sizes of images typically used by spammers helps protect users against spam messages featuring HTML-code, which often contains online images.
- Detection based on SMTP envelope
- Detection of fake sender and receiver in an SMTP envelope and fake values of header fields is the latest trend in development of anti-spam technologies. A sender address contained in the received message is easy to fake and therefore should not be trusted. Yet unsolicited mail is not limited by spam. It also includes hoaxes or anonymous threats. Dr.Web anti-spam technologies allow to determine if an address is fake and mark the message as unsolicited. It saves traffic and protects employees from unwanted e-mails contents of which may have unpredictable impact on people's behaviour.
- Semantic analysis
- Words and phrases of a message are compared with words and phrases from the spam dictionary. All words, phrases and symbols are analyzed – both visible to the human eye and those hidden by spammer tricks.
- Anti-scam technologies
- Scams (as well as pharming messages – a type of scams) are the most dangerous type of spam. The most notorious example of scam is so-called «Nigerian» scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.
- Technical spam filtering
- Automatic e-mail notifications or bounces are designed to notify a user if a failure in operation of a mail system occurs (e.g the message couldn't be delivered at the specified address). Similar messages can be used by criminals. For example, a worm or ordinary spam can get to a computer as a notification. A special module of Dr.Web anti-spam detects such unwanted messages.
Key features
- On-the-fly anti-virus and anti-spam scan of e-mails, including attached files
- Anti-virus monitoring of user mailboxes and public directories
- Anti-virus protection of mail traffic passing through the MS Exchange server
- Curing of infected files
- Grouping users by means of Active Directory
- Adjustable scanning parameters: the maximum size and types of objects to be scanned objects, actions to be performed with infected objects
- Detection of malicious objects compressed with multiple packers
- Customizable actions performed with different types of spam, including moving messages to the quarantine or adding a specified prefix into their subject fields
- Customizable wording inserted in outgoing e-mails
- Isolation of infected and suspicious files in the quarantine
- Sending notifications on virus incidents to administrators and other users
- Operation logging
- Automatic updates
Updating
Always up-to-date
- Updating over the Internet, whether automatically or according to a schedule, doesn't require user interference. Updating can also be launched manually
- Updates are very small — just 50-200 KB, and it takes very little time to download them even if a slow Internet connection is used
- Updating servers are always available
- In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
- To save traffic, the anti-virus can be set to update virus databases only. However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in the anti-virus package's updated modules and are downloaded from Doctor Web's server automatically during regular updating sessions. To protect a system from new malware, all components of an anti-virus must remain up-to-date
- You can also reduce traffic by downloading updates as archived patch files. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data
Virus monitoring service
- The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed – as often as several times per hour
- As soon as an update is released, users can retrieve it from several servers located at various points of the globe
- To avoid false positives, an update is tested over a huge number of uninfected files before it is released
- The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats
System requirements
Hardware requirements
Specification | Requirement | |
---|---|---|
in case Microsoft Exchange Server 2000/2003 is used | in case Microsoft Exchange Server 2007/2010 is used | |
CPU | Pentium 133 MHz (733 MHz recommended) | One of the following processors:
|
RAM | 256 MB or more (512 MB recommended) | 2 GB |
Disk space | 20 MB for the installation directory, 50 MB for logs and 512 MB for log archives | |
Monitor | VGA-compatible monitor |
Operating system and software requirements
Specification | Requirement | |
---|---|---|
in case Microsoft Exchange Server 2000/2003 is used | in case Microsoft Exchange Server 2007/2010 is used | |
Operating system | One of the following:
|
One of the following:
|
File system | NTFS or FAT32 | NTFS |
Exchange Server | Microsoft® Exchange Server 2000/2003 Standard or Enterprise edition | Microsoft® Exchange Server 2007 x64 with SP1 or Microsoft® Exchange Server 2010 x64 |
|
Technologies
Unique engine features
- Scans archived files at any nesting level
- Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
- Leader in detecting and neutralizing complex rootkits (Shadow.based (Confiсker), MaosBoot, Rustock.C, Sector)
- Intelligent memory scan technologies allow viruses to be blocked in the RAM before replicating themselves to the hard drive, making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
- Dr.Web can detect and neutralize viruses that can be found only in RAM and do not exist as files on disks, e.g. Slammer or CodeRed
Detection of unknown threats
- FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
- The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
- The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats
Licensing
Types of licenses
- Per number of protected users.
- Per server license – unlimited scanning of server e-mail traffic for as many as 3,000 protected users.
Dr.Web for MS Exchange can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite. In the latter case the license also covers the Control Center of Dr.Web Enterprise Security Suite and Anti-spam.
A Dr.Web for MS Exchange license may also include the SMTP proxy as an additional component. Using these products together improves overall network security and reduces the workload of local mail servers and workstations.
License options
- Anti-virus
- Anti-virus + Control Center
- Anti-virus + SMTP proxy
- Anti-virus + Control Center + SMTP proxy
- Anti-virus + Anti-spam
- Anti-virus + Anti-spam + Control Center
- Anti-virus + Anti-spam + SMTP proxy
- Anti-virus + Anti-spam + Control Center + SMTP proxy
Dr.Web for MS Exchange is also included in low-cost Dr.Web bundles for small and medium companies.
Dr.Web for Unix Mail Servers
Highly intelligent anti-virus and anti-spam protection system for large amounts of e-mail traffic
Advantages
Meet highest security standards
Dr.Web for Unix Mail Servers is certified by Russia's Federal Service for Technical and Export Control (FSTEC) and Federal Security Service (FSB) and, subsequently can be used in networks with high security requirements. Dr.Web for Unix servers meets all of the requirements of anti-virus products regarding the protection of personal information as stated by Russian law and can run on computers requiring maximum protection.
Flexible configuration
Dr.Web for Unix Mail Servers can be configured using rules providing greater flexibility compared with competitive solutions that can only be set up using static parameters in configuration files. Messages are filtered and modified according to established policies where the administrator can configure individual processing rules for different users and groups and even for each e-mail. It allows the product to meet any requirements to corporate security.
Low system requirements
The system requirements of Dr.Web for Unix Mail Servers are very low allowing it to run on any server hardware. It makes the anti-virus a perfect choice for companies that can't afford modernizing their server hardware on a regular basis to meet ever growing requirements of most anti-virus solutions.
Minimal TCO
Unlike many competitive solutions Dr.Web for Unix Mail Servers enjoys the most flexible multi-optional licensing. A customer buys only components they need and doesn't pay for software they don't need and will never use.
Perfect scalability
Dr.Web for Unix Mail Servers with its capabilities for processing huge amounts of data real-time, reliability and flexibility meets demands of small companies using one mail server as well as unlimited requirements of multi-national telecom providers for scan of mail traffic.
Rapid response
Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.
Efficient filtering of unsolicited e-mails
Dr.Web anti-spam is shipped as a solution component (but never as a separate product). It is installed on the server where the anti-virus product resides. It simplifies administration of the solution and lowers its TCO compared with competitive solutions.
Additional advantages of Dr.Web anti-spam
- the anti-spam doesn't require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives
- It detects spam messages regardless of their language
- Customizable actions for different categories of spam
- The white and black lists of its own rule out a possibility for a company to be discredited by adding it deliberately to lists of unwanted addresses
- Record-low number of false positives
- Stays relevant with one update in 24 hours – unique spam detection technologies based on several thousands of rules allow the anti-spam to stay up to date without frequent downloads of bulky updates
Enhanced security for corporate mail
The modular structure of Dr.Web for Unix Mail Servers allows integrating the product with various mail systems or using it as an SMTP proxy – a filter processing e-mails before they are received by the mail server. Dr.Web for Unix Mail Servers and an additional SMTP proxy used simultaniously provide:
- Better overall network security
- Improved filtering quality with no limitations caused by a mail server
- Lower workload of local mail servers and workstations
- Greater stability of the mail filtering system
Protection of confidential information
The quarantine managed over the web-interface or by means of a special utility and the option for archiving all e-mails transferred through the filter allow tracking causes of data leaks and restoring messages accidentally deleted by users from their mail boxes.
Guaranteed delivery of e-mail
Guaranteed delivery of all messages makes configuring a mail server easier. Even if a user is unavailable for a long period of time and can't receive a message, it will be stored in a special directory.
Easy administration
The web-interface allows administering the product from any computer connected to the Internet.
Open solution
Dr.Web for Unix Mail Servers can be integrated with solutions from other developers. With the open API users can also add new features to the product.
Unlimited number of plugins
New features for protection of e-mail can be added to the product without any limitations so that any written plugin will immediately work with all supported MTA.
These are not the only advantages of Dr.Web for Unix Mail Servers!
Plugins
Currently the following plugins are available for Dr.Web for Unix Mail Servers:
- Drweb
Drweb — is an e-mail anti-virus scan plugin for checking e-mails with the Dr.Web engine. The Drwebd is a scanning module required for operation of the plugin. Messages delivered to drwebd for scanning are already parsed, so neither the drwebd module nor the engine feature a mime-parser. The plugin shows good performance, high detection rate and a rapid response combined with low consumption of system resources.
Stable operation
The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.
Rapid response
Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.
Quarantine
Infected and suspicious objects detected by the plugin can be placed to the quarantine so later one may try to retrieve useful information, cure or delete quarantined messages.
Easy administration
Flexibility of configuration files allows customizing parameters of the plug-in as the user sees fit. All actions of the plug-in are logged and can be analyzed to identify bottlenecks. Prompt alerting enables administrators to respond to emerging threats in a timely manner.
Open solution
The open MailD architecture enables users to implement additional features that will use DrWeb plug-in with the help of the open SDK and detailed documentation.
- Headersfilter
Headersfilter is a header-based message filter used to check e-mails and their attachments. The plugin allows users to add custom filtering rules. Regular expressions can be used to define such rules. Flexible settings of the plug-in allow implementing any number of rules. The plug-in never overloads a system and performs required tasks very quickly.
Easy administration
Flexible rules that can be created using regular expressions allow setting e-mail processing according to requirements of the user. A prompt notification system ensures that a system administrator can perform necessary actions in a timely manner.
Open solution
The open MailD architecture enables users to implement additional features that will use DrWeb plug-in with the help of the open SDK and detailed documentation.
Stable operation
The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.
Rapid response
Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.
- Modifier
The modifier changes processed e-mails using established rules which allows processing incoming and outgoing messages in accordance with corporate standards. In particular using the plugin and the archiving feature allow preventing information leaks. Analysis of filtered messages can be performed via a quarantine management utility.
Easy administration
Flexible configuration allows performing an unlimited number of modifications of processed messages, so a system administrator can create an infinite number of rules to ensure compliance with e-mail security policies. Regular expressions provide full customization of filtering parameters while prompt notifications allow the administrator to take necessary actions in a timely manner.
Open solution
The open MailD architecture enables users to implement additional features that will use the DrWeb plug-in with the help of the open SDK and detailed documentation.
Stable operation
The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.
Rapid response
Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.
- Vaderetro
The vaderetro plugin utilizes its own library updated regularly for better quality of filtering. High junk filtering productivity is combined with low consumption of system resources allowing the anti-spam to operate smoothly on older hardware.
Depending on the results of the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The higher the score is, the more likely the message is to be spam.
The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.
Upon completion of a message analysis, Vade Retro may add (depending on the plugin settings) corresponding headers to the message.
System requirements
Supported OS and mail systems
- Linux (glibc 2.2 and higher), FreeBSD 6.x, 7.x, 8.x, Solaris 10 (Intel only).
- CommuniGate Pro, Courier MTA, Exim, Postfix, QMail, Sendmail, ZMailer.
Description
Dr.Web for Unix Mail Servers with its flexible configuration, reliability and its capabilities for load-balancing and real-time processing of huge amounts of data meets demands of small companies using one mail server as well as requirements of multi-national ISPs for scan of unlimited amounts of data.
Dynamic load balancing optimizes server performance without additional testing.
The configuration testing and service control interface enables on-the-fly configuration of operation of services which significantly simplifies system maintenance and allows its faster deployment.
Settings of the filtering service and quarantine can now be stored in storages of different types ranging from ordinary files to databases like Oracle.
LDAP directory services are used to store settings. It provides integration of the solution into the structure of the corporate directories service and makes administration of the solution easier.
Dr.Web for Unix Mail Servers is a group of interacting software modules. The range of tasks performed by the solution depends on loaded plug-ins (libraries, responsible for processing of e-mails).
The e-mail messages are processed by the modules of the e-mail daemon as follows: incoming messages are received by the Receiver module which transfers them to the Checker module (drweb-maild). The Checker module uses plug-ins one by one to analyze the messages.
Messages that passed scanning by mail daemon's plugins are forwarded to the mail system by the Sender module. Plugins processing e-mail traffic generate reports on scanning results are created. Such reports are generated by the Notifier module (drweb-notifier) and can be mailed to senders or recipients of messages and to a system administrator. he processing of e-mails by the e-mail daemon can be flexibly regulated by rules.
In accordance with effective security policies filtered out messages can be placed in the quarantine. If necessary, all actions (search, removal of messages from the quarantine, archiving) can be carried out using the web-interface, a special utility or administration messages. Quarantine management with administration messages is also available to users.
Rules are added into the daemon's configuration file — it is one of the most useful features of the software. Rules set in the mail daemon configuration file allow changing operational parameters of the mail daemon depending on the contents of processed messages. The current version of the mail daemon allows setting rules for sender and recipient addresses and for particular types of malicious objects found in messages.
Dr.Web for Unix Mail Servers can archive all incoming and outgoing messages allowing restoring accidentally deleted e-mails and determining how an infection spread over a network.
Updating
Always up-to-date
- Updating over the Internet, whether automatically or according to a schedule, doesn't require user interference. Updating can also be launched manually
- Updates are very small — just 50-200 KB, and it takes very little time to download them even if a slow Internet connection is used
- Updating servers are always available
- In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
- To save traffic, the anti-virus can be set to update virus databases only. However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in the anti-virus package's updated modules and are downloaded from Doctor Web's server automatically during regular updating sessions. To protect a system from new malware, all components of an anti-virus must remain up-to-date
- You can also reduce traffic by downloading updates as archived patch files. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data
Virus monitoring service
- The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed – as often as several times per hour
- As soon as an update is released, users can retrieve it from several servers located at various points of the globe
- To avoid false positives, an update is tested over a huge number of uninfected files before it is released
- The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats
Licensing
Types of licenses
- Per number of protected users.
- Per server license – unlimited scanning of server e-mail traffic for as many as 3,000 protected users.
Dr.Web for Unix Mail Servers can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite. In the latter case the license also covers the Control Center of Dr.Web Enterprise Security Suite and Anti-spam.
A license for Dr.Web for Unix Mail Servers may also include the SMTP proxy as an additional component. Using these products together improves general network security and reduces the workload of local mail servers and workstations.
License options
- Anti-virus
- Anti-virus + Control Center
- Anti-virus + SMTP proxy
- Anti-virus + Control Center + SMTP proxy
- Anti-virus + Anti-spam
- Anti-virus + Anti-spam + Control Center
- Anti-virus + Anti-spam + SMTP proxy
- Anti-virus + Anti-spam + Control Center + SMTP proxy
Dr.Web for Unix Mail Servers is also included in low-cost Dr.Web bundles for small and medium companies.
Components
- Receiver
- The Receiver component is responsible for the receipt of e-mails, either directly from e-mail systems, or on SMTP/LMTP protocols, and their subsequent transfer to the drweb-maild component. Depending on the e-mail systems and protocols used, the functions of the Receiver component are performed by different modules (drweb-receiver, drweb-milter, drweb-cgp-receiver, etc.), and simultaneous operation of several modules of the Receiver component is supported, which allows to receive and process e-mail from several sources simultaneously. Certain modules of the Receiver component support modification/sending of received messages based on the check results received from the drweb-maild component. For example, the drweb-milter module has the functionality, which allows it to return the results of check of messages to the SendMail system before an SMTP session ends.
- drweb-maild
- This is the main component for processing e-mails. The drweb-maild component performs the mime-parsing of messages, transfers the messages for processing to plug-ins and stores messages in the database.
- The processing of e-mails is made by plug-ins to the drweb-maild module. Plug-ins can be launched and unloaded at any time, without terminating the drweb-maild module. The messages are processed by plug-ins according to the processing order specified by the administrator. The plug-ins are assigned to two queues – BeforeQueueFilters and AfterQueueFilters.
- Immediately after the message is received, it is processed by the plug-in from the BeforeQueueFilters queue. Then, if the AfterQueueFilters queue is empty, the processing results of the message are sent to the Receiver component. If the AfterQueueFilters queue has some other plug-ins, the message, after it is processed by the plug-in from the BeforeQueueFilters queue is forwarded to the database and then is sent to the internal queue of the drweb-maild module and the return code of the successful check is sent to the Receiver component. Then the message is checked by the plug-ins from the AfterQueueFilters queue.
- The check results are either sent to the Receiver component (if such possibility exists, for example, if the check result time-out has not expired yet), or to the Sender component. All the messages generated by plug-ins are also sent via the Sender component. Certain plug-ins require support of the database in order to function. Such plug-ins cannot be assigned to the BeforeQueueFilters queue.
- drweb-notifier
- The module generates reports on the operation of the complex. Additionally, installed plug-ins can add their own types of notifications. Request for generation of reports can be sent to both by plug-ins (for example, when a virus is found), as well as other components of the system. For example, the drweb-maild module can send requests to generate a statistics report of all plugged in components and the Sender component can send a request to generate a DSN report when a message cannot be delivered.
- Sender
- This component sends messages either directly to different e-mail systems, or on SMTP/LMTP protocols. Depending on the e-mail systems and protocols used, the functions of the Sender component are performed by different modules (drweb-sender, drweb-cgp-sender, etc.). The Sender component can receive requests to send messages from drweb-maild, drweb-notifier and drweb-monitor components.
- drweb-agent
- The drweb-agent module provides the option to process e-mails both autonomously or together with Dr.Web Enterprise Security Suite. All components of the system, except for drweb-monitor, receive their configuration files via the drweb-agent module, that is why it should be launched before other components. The drweb-agent module checks the license and collects statistics on the operation of the components of the system: names of detected blocked objects, the volume of the traffic checked, etc.
- drweb-monitor
- An auxiliary component which launches and terminates the modules of the system in the specified order and controls their operation. In case some module of the system fails to operate drweb-monitor re-launches it and, if it is specified in settings, notifies the administrator about this.
SMTP Proxy
A mail server's limited capabilities often prevent mail anti-virus scanners from realizing their potential. As a result, virtually all network administrators become confronted with the problem of what to do when their anti-virus and anti-spam protection systems can't be set to operate at maximum efficiency. Dr.Web for Unix Mail Gateways solves this problem.
The product can be installed in the demilitarized zone (DMZ) or integrated with an existing mail system. With the mail scanning server placed in the demilitarized zone, a mail server is not connected to the Internet directly. In this case, even if a hacker succeeds in compromising the server, he won't get access to sensitive company information. The solution performs a full scan of SMTP/LMTP mail traffic.
Advantages
- Improved filtering quality with no limitations caused by a mail server
- Decreased workload for internal mail servers, content filtering servers, mail and Internet gateways, and workstations
- Increased stability of mail scanning and better overall network security
- Protection from spammer attacks
- An administrator can restrict parameters of the SMTP-session to prevent spammer attacks.
- Protection from disguised spam
- With the IP validation feature, your company is protected from spam messages sent with forged sender IP addresses.
- Protection from hacker attacks
- The product can withstand passive attacks such as PLAIN and LOGIN, as well as active non-dictionary attacks.
- Protection from spam traps
- Dr.Web for Unix Mail Gateways can check whether the recipient address is a spam trap.
- Correct processing of malformed e-mails
- The product can block messages with an empty sender field but correctly processes messages that violate standards due to malforming by certain mail clients.
- Reduction of Internet traffic
- Dr.Web for Unix Mail Gateways allows the size of mail attachments to be restricted.
- Open Relay servers with limited relay list
- If a company needs to use an open mail relay server, Dr.Web for Unix Mail Gateways will help an administrator restrict the list of domains to which the server will relay messages.
Dr.Web Gatеway Security Suite
Protection of gateways
Licensing of Dr.Web Gateway Security Suite
Types of licenses
- Per number of protected users.
- Per server license –unlimited scanning of server e-mail traffic for as many as 3,000 protected users.
Dr.Web Gateway Security Suite can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite
License options
Unix gateways | Kerio gateways | MIMEsweeper | Qbik WinGate | ||
Basic license | Anti-virus | Anti-virus | Anti-virus | Anti-virus | |
Additional components | |||||
Anti-spam | - | - | + | + | |
Control center | - | + | - | - |
Dr.Web Gateway Security Suite is also included in low-cost Dr.Web bundles for small and medium companies.
Dr.Web Mobile Security Suite
Protection of mobile devices
- Dr.Web for Symbian OS
- Dr.Web for Windows Mobile
- Dr.Web for Android
Licensing of Dr.Web Mobile Security Suite
Dr.Web Mobile Security Suite is licensed per number of protected devices.
Special offer
Users of Dr.Web Desktop Security Suite can use Dr.Web Mobile Security Suite free of charge.
Dr.Web for Symbian OS | Dr.Web for Windows Mobile | Dr.Web for Android | |||
Protection components | Anti-virus + Anti-spam | Anti-virus | Anti-virus | ||
Control center | - | + | - | ||
Supported OS | Symbian Series60 | Windows Mobile 2003/2003 SE/5.0/6.0/6.1/6.5 | Android OS: 1.5/1.6/2.0/2.1/2.2 | ||
Key features | |||||
Real-time scan | - | + | + | ||
Scan of files received over GPRS/Infrared/Bluetooth/Wi-Fi/USB-connection or while synchronizing with a PC | + | + | + | ||
Two types of scan: full and custom | + | + | + | ||
Toggling on/off memory card scan | - | + | + | ||
On-demand scan of the entire file system or of separate files and folders | + | + | + | ||
Scan of ZIP, SIS, CAB, RAR, JAR archives | + | + | + | ||
Black and white lists for numbers from which callls and short messages are received | + | - | - | ||
Deletion of infected files | + | + | + | ||
Moving suspicious files to the quarantine | + | + | + | ||
Restoring files from the quarantine | + | + | + | ||
Detailed scanning reports | + | + | + |
Dr.Web Mobile Security Suite is also included in low-cost Dr.Web bundles for small and medium companies.
Dr.Web Enterprise Security Suite Control Center
Centralized control over the protection of all hosts in the corporate network
Advantages
Dr.Web Enterprise Security Suite Control Center provides centralized security administration for all hosts in the corporate network:
- Workstations, terminal servers, virtual servers, embedded system clients;
- File servers and application servers (including terminal and virtual servers);
- E-mail servers;
- Gateways;
- Mobile devices.
Manage your corporate anti-virus protection from anywhere in the world with Dr.Web Enterprise Security Suite Control Center. All you need is a web browser. The Control Center runs on any operating system on any computer connected to the Internet, and no additional software is needed.
The intuitive interface will help you deploy an anti-virus network in the shortest time possible in any corporate network regardless of its size and organization; it does not matter how many machines and branch offices are connected over the network, what its topology is, or whether an Active Directory server is available. Administrators do not need to acquire any special skills to deploy the anti-virus network.
The Dr.Web Control Center lets administrators control all components of the anti-virus network from inside the network or remotely over the Internet, monitor the security status of all protected hosts, and receive notifications on virus incidents and configure an automatic response to such events. All that's needed is a TCP/IP connection between the administrator's computer and the anti-virus server.
Low-cost administration
The Control Center's maintenance costs are reduced to a minimum thanks to simple administration routines and the Web-administrator's ability to provide an at-a-glance view of the entire corporate anti-virus network from anywhere in the world.
The versatile Web-administrator, combined with the solution's seamless integration with Windows NAP and the option to create custom event handlers in any script language, reduces the workload of system administrators by freeing them of daily anti-virus routines.
Exceptional scalability
Equally reliable in networks of any scale and structural complexity, from small workgroup networks to distributed intranets with tens of thousands of hosts, the Control Center offers exceptional scalability. Interaction between the anti-virus servers of the Control Center (which is connected to a SQL-server used for data storage) and between the servers and protected workstations that make up the complex communication system is organized hierarchically.
This results in a single anti-virus network of interconnected workstations, making it possible to collect information about the entire network on one server. The hierarchical organization makes the Control Center the perfect choice for multi-branch companies whose networks are not connected to the Internet.
Wide range of supported network protocols
The Control Center simultaneously supports TCP/IP (IPV6 included) and IPX/SPX and NetBIOS protocols for interaction between the anti-virus server and protected computers, allowing the solution to be used in diverse network environments. Communication between different components of the system can be encrypted to ensure secure communication between anti-virus network components, thus making it safe to administer the network from any computer anywhere in the world.
Traffic reduction
Compared with competitive solutions from other developers, the Control Center guarantees minimal network traffic. A special data transfer protocol for TCP/IP and NetBIOS networks provides data traffic compression in TCP/IP, IPX/SPX, or NetBIOS networks.
Transparent operation
The operation of a Dr.Web anti-virus network is completely transparent. An administration audit log records all installation and configuration activities. All components can record their activities in separate log files with customized verbosity, and all file operations performed by the anti-virus software are reflected in the statistics. A notification system informs administrators about problems in the network. Such notifications can be displayed by the Web-administrator or sent via e-mail.
The notification system provides an administrator with the following features:
- customizable text of threat notifications
- notifications on virus attacks, scan results, and file deletions
- a special threat-alert icon
- an option to view reports in the Web-administrator or export information into CSV, HTML or XML formats
- customizable logging verbosity
- retrieval of information on the following
- virus activities with detected viruses arranged by group
- detected client vulnerabilities
- scanning errors
- anti-virus components running on protected PCs
- abnormal behaviour of protected machines
Anti-virus server
The Control Center included in Dr.Web Enterprise Security Suite connects to anti-virus server that facilitates the centralized administration of an anti-virus network including its deployment, virus database and software component updating, network protection status monitoring, virus incident notifications, and statistics collection. Detailed descriptions of all features related to the centralized management of individual products can be found in the «Control Center» tab of the corresponding products.
- Deployment
- The Control Center's anti-virus server can be installed on a computer connected to the local network. It stores distribution files of anti-virus packages for different operating systems, updates of virus databases and package program modules, user key files, and the configurations of protected objects. The server can also send information upon request from the agent to the corresponding machine.
- The cross-platform architecture of the server software allows it to be run on both Windows and Linux servers. No other competitive solution can boast such compatibility.
- The server can communicate with agents over virtually any network protocol currently in use (TCP/IP (including both IPv4 and IPV6), IPX/SPX, NetBIOS), allowing the anti-virus network to be deployed using an existing network infrastructure.
- Updating
- The anti-virus server retrieves updates of virus databases and agent components. It keeps the Internet traffic of the anti-virus software low and automatically configures updating routines.
- Updates of protection components can be retrieved from the anti-virus server as well as directly from Doctor Web updating servers, allowing anti-virus software on computers and laptops to be kept up to date. This can be vital for machines that may be unable to connect to the anti-virus server regularly.
- Collecting statistics
- The anti-virus server stores the configuration of each agent in the network and scanning statistics from each anti-virus component of each protected machine in its database. To store data, the server can utilize both its built-in database and an external database. With a single source for storing server information and critical data backups, restoring server operations after database files become corrupted, or when the server must be ported to another machine, becomes easy.
Dr.Web Enterprise Security Suite unique features:
- comprehensive protection from most known threats powered by the built-in anti-virus, anti-spam, firewall and office control (available with a comprehensive protection license);
- support of Windows and Unix server platform, simple installation procedure and reliable protection providing minimal TCO compared with competitive solutions;
- centralized protection of all network hosts: workstations, mail and file servers as well as application servers including terminal servers;
- support of 32- and 64-bit operating systems;
- installation of agent software in an infected system with a high probability for successful curing;
- minimal network load achieved through implementation of a small-sized engine featuring latest technologies;
- highly efficient detection of threats including unknown viruses;
- administration of the entire network protection infrastructure from one computer (over the administration web-interface) from any location even outside the corporate network;
- implementation of individual security policies for groups of employees at the company;
- several administrators can manage different groups separately making Dr.Web Enterprise Security Suite a good choice for companies with high security requirements as well as for multi-branch organizations;
- configurable security policies for any type of users including mobile users and for any workstation even if it is currently unavailable ensure up-to-date protection at any time;
- protection of the solution's settings against modification by users;
- protection of networks that are not connected to the internet;
- several installation methods – active directory policies, launch scripts and the built-in remote installation procedure. installation can still be performed even if the host is unreachable for a Dr.Web enterprise suite server;
- support of most known internal and external databases: Oracle, PostgreSQL, Microsoft SQL Server or Microsoft SQL Server Compact Edition or any other DBMS that supports SQL-92 over ODBC can be utilized as an external database;
- support of custom event handlers written by the user in any script language providing direct access to internal interfaces of Dr.Web Enterprise Security Suite;
- updates rollback – even if updating causes an error, the host won't remain unprotected;
- simultaneous support of several network protocols (TCP/IP (including IPV6), IPX/SPX, NetBIOS) allowing to deploy the anti-virus network using an existing network infrastructure;
- Dr.Web Enterprise Security Suite is an open solution allowing a system administrator to use it to install and synchronize products from other developers thus lowing information security system deployment costs;
- easy-to-understand protection control system and unsurpassed usability and efficiency of network stations search;
- customizable list of components of products to be updated and version upgrade control enable an administrator to distribute only updates that are necessary and have been tested in the network.
Anti-virus agents
Anti-virus agents are installed on protected computers, servers, and mobile devices, and if necessary on the machine running the anti-virus server. Agents send virus event reports and other relevant information to the anti-virus server.
Dr.Web Enterprise Security Suite agents let you control anti-virus protection for the following types of objects:
Protected objects | Supported OS and platforms |
---|---|
Workstations Terminal server clients Virtual server clients |
Windows Mac OS X Linux |
File servers and application servers (including virtual and terminal servers) | Windows Novell NetWare Mac OS X Server |
E-mail and SMTP-gateway users | Unix MS Exchange Lotus (Windows/Linux) Kerio (Windows/Linux) |
Internet gateway users | Kerio |
Mobile devices | Windows Mobile |
Anti-virus agents work as efficiently as any other product or solution from Doctor Web. Agents that protect Windows workstations feature components such as a scanner, SpIDer Guard® file monitor, SpIDer Mail® monitor, SpIDer Gate™ HTTP monitor, a self-protection module, and office control.
Additional protective features for Windows workstations
- Dr.Web Enterprise Security Suite scanner is a new component specifically designed for the Dr.Web Enterprise Security Suite agent for Windows. It allows an administrator to perform a remote silent scan without significantly hindering the performance of target machines.
- Mobile mode. Agents can work on laptops that remain disconnected from an anti-virus network for an extended period. If the employee goes on a business trip, his laptop won't remain unprotected, and the anti-virus will still be able to receive updates.
System requirements
In order to install the Dr.Web Enterprise Security Suite Control Center, the following requirements must be met:
- IP (including IPV6) , IPX or NetBIOS network (all protected computers and the server must be connected to the network). The following requirements must be met for machines on which the anti-virus software will be installed:
- Port 2193 TCP and UDP as well as the port 23 for NetBIOS must be open - for communication between the server and anti-virus components.
- Socket 2371 for IPX / SPX must be open to allow anti-virus components to connect to the server.
- Ports 2193 and 2372 for UDP must be open to enable the network scanner to search the network.
- Ports 139 and 445 for TCP and UDP utilized by the network installer must be open.
- Port 9080 for HTTP utilized by the Web-administrator must be open.
- Port 9081 for HTTPS utilized by the Web-administrator must be open.
- an anti-virus server: Pentium III 667 or faster CPU, at least 512 MB (1GB if the internal database is used) RAM, up to 12 GB of free disk space (8 GB is utilized by the built-in database in the installation directory, and 4 GB is used in the system temp directory), Windows 2000/XP/2003/Vista/2008/Windows 7 & 8, Linux (glibc2.3 and later), FreeBSD (6.4 and later), Solaris (Intel and Sparc);
- the anti-virus server must be able to connect to the Dr.Web Global Updating System over the Internet for automatic retrieval of contents for the centralized installation and updating directory;
- a TCP/IP connection must be established between the Web-administrator and the Dr.Web Anti-virus server;
- any web browser for the Web-administrator.
IMPORTANT! MS Installer 2.0 is required to install the anti-virus server under Windows. The installer is included in Windows 2000 (SP3) and in later versions of Windows. If an earlier version of Windows is used, download and install MS Installer 2.0 prior to installing the anti-virus server.
IMPORTANT! No other anti-virus software (including other versions of Dr.Web) must be installed on workstations connected to the anti-virus network.
The system requirements for other products that can be managed with the Dr.Web Enterprise Security Suite Control Center can be found in the software product descriptions.
Web-administrator
The Web-administrator is a component of the Dr.Web Control Center that does not require installation and enables a system administrator to control the operation of all anti-virus services from any computer and solve emerging problems in a timely manner.
The Web-administrator is a visual remote administration tool available at any time and from anywhere to control the anti-virus protection of up to thousands of geographically dispersed workstations and mail servers via a single graphical interface. The Web-administrator can be used on any machine under virtually any operating system. The user-friendly interface allows easy control over the entire protected network.
- Low-cost administration
- The Web-administrator lets you control the dynamic anti-virus network environment easily. System administrator productivity increases, administrative routines are optimized, and daily tasks are performed in a matter of minutes. Just adjust the key parameters of your anti-virus servers and protected objects, and launch jobs.
- Instant response to threats
- With regular scan and updating scheduling tools, the Web-administrator makes administering an anti-virus network simple. Various tools for collecting and analyzing information let you control the status of protected objects in the network, respond to emerging threats within seconds of detection, pinpoint sources of infection, and promptly adjust corporate security policy to changing conditions.
- Full control over network security
- The Web-administrator lets you configure any component of the anti-virus network and monitor the status of agents. And most importantly, administrators can configure a schedule for anti-virus servers or any group of agents while staying put; there is no need to move around to different locations.
- The virus database's version control and agent blocking help keep installed components up to date and prevent the spread of infection.
- Versatile licensing
- With the Web-administrator, you no longer need to consider which operating system you use. The console launched under Windows or Mac OS allows you to connect to an anti-virus server run on a Linux machine and change server settings as you see fit.
- Getting statistics with one click
- The statistics-collecting feature enables you to generate reports for a desired period with the custom verbosity and import the information into an external file.
- Instant notifications
- The message interface allows an administrator to send messages to selected users or to groups of users. If the user's PC is connected to the Internet, the message will be delivered to the user immediately. If the machine is offline when the message is sent, it will be delivered as soon as the machine connects to the Internet. The messaging tool can be used for:
- alerting users about epidemics and inform them what to do if a system has been compromised;
- sending technical messages;
- sending greetings.
Licensing
The Control Center is licensed separately when included in the Dr.Web Enterprise Security Suite as well as when purchasing a license for a separate Dr.Web product group. The Control Center allows agents to be administered for all types of protected objects: workstations, servers, Internet gateways, and mobile devices. For more information about using the Control Center with each Dr.Web product and a full list of its features, please refer to the product descriptions.