Перейти к содержимому


Фото
- - - - -

Dr.Web for UNIX Internet Gateways -- a few questions


  • Please log in to reply
2 ответов в этой теме

#1 mokaz

mokaz

    Newbie

  • Members
  • 2 Сообщений:

Отправлено 22 Март 2024 - 11:29

Hi there folks,

 

Recently I've deployed Dr.Web for UNIX Internet Gateways in Version 11.1 -- working really good and with very minimal resources ! Great job.

 

My question today is about the Dr.Web HTTPD daemon and especially the "Threats" menu. I'm addressing Dr.Web for UNIX Internet Gateways through ICAP and that works all fine, replacement messages are displayed in the occurrence of an offending file being caught. Although, the ICAP denied entities never show's up within the "Threats" menu. My guess is that anything listed within the Threats menu would involve either SpIDer Guard or the Network Checker/File Checker -- though that only means whatever passes through the local host -- not any ICAP submissions.

 

Is there anything to configure to possible list the ICAP triggering Threats within the Treats menu?

If not, are the ICAP triggering submissions available through SNMP?

 

I would be okay with the solution temporarily "saving" the offending ICAP submissions within a local host controlled folder, which would be subsequently re-scanned by any of the available locally bound Dr.Web daemons in order to report the Threats originally gathered/found/stopped through ICAP. Possibly with a short ICAP log/timestamp.

 

Let me know,

Kind regards,

Thanks

m.



#2 Igorn

Igorn

    Advanced Member

  • Dr.Web Staff
  • 516 Сообщений:

Отправлено 27 Март 2024 - 12:12

Is there anything to configure to possible list the ICAP triggering Threats within the Treats menu?

No, you can see only threats in the filesystem

 

 

 

If not, are the ICAP triggering submissions available through SNMP?

Yes. see https://cdn-download.drweb.com/pub/drweb/unix/gateway/11.1/documentation/html/en/index.html?snmpd.htm  to configure

 

 

 

I would be okay with the solution temporarily "saving" the offending ICAP submissions within a local host controlled folder, which would be subsequently re-scanned by any of the available locally bound Dr.Web daemons in order to report the Threats originally gathered/found/stopped through ICAP. Possibly with a short ICAP log/timestamp.

For this case, we do not support local saving. You can see information about these detects  in our log


Сообщение было изменено Igorn: 27 Март 2024 - 12:15


#3 mokaz

mokaz

    Newbie

  • Members
  • 2 Сообщений:

Отправлено 05 Май 2024 - 12:37

Hi Igor,

Thanks a lot for your explanations, this make sense.. I'll seek the SNMP route which is cleaner anyways.

 

One last question that raised here recently:
Would it be possible to configure the Dr.WEB ICAD [ICAPD] service to listen to multiple network interface/different TCP/IP stacks altogether?

In my testings, it so seem that the "ListenAddress =" directive currently only allow one given IP address. Is there anything doable here?

 

Let me know,
Kind regards,
m.
 




Читают тему: 4

0 пользователей, 4 гостей, 0 скрытых