Имею CentOS 7 с установленным drweb-workstations_11.0.6-1810051457+fstek~linux_amd64.run
Включен LinuxSpider. DrWeb корректно находит и убивает EICAR-Test-File, если я пытаюсь создать его из консоли.
Также в системе установлен Docker. В нем работает PHP-приложение, к которому примонтирован том Docker для директории загруженных файлов этого PHP-приложения. Том отражается в файловую систему в /var/lib/docker/volumes/имятома/_data/
Задача: автоматически проверять загруженные файлы. По идее, LinuxSpider должен справляться с этим автоматически, как с тестовым файлом, но этого не происходит. После загрузки EICAR через PHP-приложение файл спокойно лежит в директории тома, это приложение его спокойно читает и дает скачать. Только если попытаться сделать из консоли cat этому файлу, он тут же исчезает.
Конфиг
Root.LogLevel = Notice Root.Log = Syslog:Daemon Root.PublicSocketPath = /var/run/.com.drweb.public Root.AdminSocketPath = /var/run/.com.drweb.admin Root.DebugIpc = No Root.UseCloud = No Root.KeyPath = /etc/opt/drweb.com/drweb32.key Root.CoreEnginePath = /var/opt/drweb.com/lib/drweb32.dll Root.VirusBaseDir = /var/opt/drweb.com/bases Root.DwsDir = /var/opt/drweb.com/dws Root.VersionDir = /var/opt/drweb.com/version Root.AntispamCorePath = /var/opt/drweb.com/lib/vaderetro.so Root.CacheDir = /var/opt/drweb.com/cache Root.TempDir = /tmp Root.RunDir = /var/run Root.VarLibDir = /var/opt/drweb.com/lib Root.AdminGroup = Root.TrustedGroup = drweb Root.VersionNotification = Yes Root.DefaultLogLevel = Notice ScanEngine.LogLevel = Notice ScanEngine.Log = Auto ScanEngine.ExePath = /opt/drweb.com/bin/drweb-se ScanEngine.IdleTimeLimit = 1h ScanEngine.FixedSocketPath = ScanEngine.MaxForks = 4 ScanEngine.MaxForksPerFile = 1 ScanEngine.WatchdogInterval = 1.5s ScanEngine.BufferedIo = Off FileCheck.LogLevel = Notice FileCheck.Log = Auto FileCheck.ExePath = /opt/drweb.com/bin/drweb-filecheck FileCheck.IdleTimeLimit = 30s FileCheck.DebugClientIpc = No FileCheck.DebugScan = No FileCheck.DebugFlowScan = No FileCheck.DebugProxyScan = No FileCheck.DebugCache = No FileCheck.MaxCacheSize = 50MB FileCheck.RescanInterval = 1s Update.LogLevel = Notice Update.Log = Auto Update.ExePath = /opt/drweb.com/bin/drweb-update Update.RunAsUser = drweb Update.UpdateInterval = 30m Update.NetworkTimeout = 1m Update.RetryInterval = 3m Update.MaxRetries = 3 Update.Proxy = Update.ExcludedFiles = drweb32.lst Update.BaseUpdateEnabled = Yes Update.BaseDrlPath = /var/opt/drweb.com/drl/bases/update.drl Update.BaseCustomDrlPath = /var/opt/drweb.com/drl/bases/custom.drl Update.VersionUpdateEnabled = Yes Update.VersionDrlPath = /var/opt/drweb.com/drl/version/update.drl Update.DwsUpdateEnabled = Yes Update.DwsDrlPath = /var/opt/drweb.com/drl/dws/update.drl Update.DwsCustomDrlPath = /var/opt/drweb.com/drl/dws/custom.drl Update.AntispamUpdateEnabled = Yes Update.AntispamDrlPath = /var/opt/drweb.com/drl/antispam/update.drl Update.AntispamCustomDrlPath = /var/opt/drweb.com/drl/antispam/custom.drl Update.BackupDir = /var/opt/drweb.com/backup Update.MaxBackups = 0 ESAgent.LogLevel = Notice ESAgent.Log = Auto ESAgent.ExePath = /opt/drweb.com/bin/drweb-esagent ESAgent.MobileMode = Auto ESAgent.Discovery = On ESAgent.UpdatePlatform = unix-linux-64 ESAgent.DebugIpc = No NetCheck.LogLevel = Notice NetCheck.Log = Auto NetCheck.ExePath = /opt/drweb.com/bin/drweb-netcheck NetCheck.RunAsUser = drweb NetCheck.IdleTimeLimit = 30s NetCheck.FixedSocketPath = NetCheck.LoadBalanceUseSsl = No NetCheck.LoadBalanceSslCertificate = NetCheck.LoadBalanceSslKey = NetCheck.LoadBalanceSslCa = NetCheck.LoadBalanceServerSocket = NetCheck.LoadBalanceAllowFrom = NetCheck.LoadBalanceSourceAddress = NetCheck.LoadBalanceTo = NetCheck.LoadBalanceStatusInterval = 1s NetCheck.SpoolDir = /tmp/com.drweb.ncheck NetCheck.LocalScanPreference = 1 GateD.LogLevel = Notice GateD.Log = Auto GateD.ExePath = /opt/drweb.com/bin/drweb-gated GateD.RunAsUser = drweb GateD.IdleTimeLimit = 30s GateD.TemplatesDir = /var/opt/drweb.com/templates/gated GateD.CaPath = /etc/pki/tls/certs GateD.DebugSocketPath = MailD.LogLevel = Notice MailD.Log = Auto MailD.ExePath = /opt/drweb.com/bin/drweb-maild MailD.FixedSocketPath = MailD.TemplatesDir = /var/opt/drweb.com/templates/maild MailD.ReportLanguages = en MailD.RepackPassword = None MailD.TemplateContacts = MailD.RunAsUser = drweb MailD.DnsResolverConfPath = /etc/resolv.conf MailD.MilterScanTimeout = 3m MailD.MilterHeuristicAnalysis = On MailD.MilterPackerMaxLevel = 8 MailD.MilterArchiveMaxLevel = 8 MailD.MilterMailMaxLevel = 8 MailD.MilterContainerMaxLevel = 8 MailD.MilterMaxCompressionRatio = 500 MailD.MilterSocket = MailD.MilterBlockUnchecked = No MailD.MilterRuleSet0 = MailD.MilterRuleSet1 = : set MailTemplatesDir = "milter" MailD.MilterRuleSet2 = MailD.MilterRuleSet3 = total_spam_score gt 0.80 : REJECT MailD.MilterRuleSet4 = MailD.MilterRuleSet5 = threat_category in (KnownVirus, VirusModification, UnknownVirus, Adware, Dialer) : REPACK as _match MailD.MilterRuleSet6 = MailD.MilterRuleSet7 = url_category in (InfectionSource, NotRecommended, OwnersNotice) : REPACK as _match MailD.MilterRuleSet8 = MailD.SpamdScanTimeout = 3m MailD.SpamdHeuristicAnalysis = On MailD.SpamdPackerMaxLevel = 8 MailD.SpamdArchiveMaxLevel = 8 MailD.SpamdMailMaxLevel = 8 MailD.SpamdContainerMaxLevel = 8 MailD.SpamdMaxCompressionRatio = 500 MailD.SpamdSocket = MailD.SpamdBlockUnchecked = No MailD.SpamdRuleSet0 = MailD.SpamdRuleSet1 = : set MailTemplatesDir = "spamd" MailD.SpamdRuleSet2 = MailD.SpamdRuleSet3 = threat_category in (KnownVirus, VirusModification, UnknownVirus, Adware, Dialer) : REJECT MailD.SpamdRuleSet4 = MailD.SpamdRuleSet5 = url_category in (InfectionSource, NotRecommended, OwnersNotice) : REJECT MailD.SpamdRuleSet6 = MailD.SpamdRuleSet7 = total_spam_score gt 0.80 : REJECT MailD.SpamdRuleSet8 = MailD.RspamdScanTimeout = 3m MailD.RspamdHeuristicAnalysis = On MailD.RspamdPackerMaxLevel = 8 MailD.RspamdArchiveMaxLevel = 8 MailD.RspamdMailMaxLevel = 8 MailD.RspamdContainerMaxLevel = 8 MailD.RspamdMaxCompressionRatio = 500 MailD.RspamdSocket = MailD.RspamdBlockUnchecked = No MailD.RspamdRuleSet0 = MailD.RspamdRuleSet1 = : set MailTemplatesDir = "rspamd" MailD.RspamdRuleSet2 = MailD.RspamdRuleSet3 = threat_category in (KnownVirus, VirusModification, UnknownVirus, Adware, Dialer) : REJECT MailD.RspamdRuleSet4 = MailD.RspamdRuleSet5 = url_category in (InfectionSource, NotRecommended, OwnersNotice) : REJECT MailD.RspamdRuleSet6 = MailD.RspamdRuleSet7 = total_spam_score gt 0.80 : REJECT MailD.RspamdRuleSet8 = Antispam.LogLevel = Notice Antispam.Log = Auto Antispam.ExePath = /opt/drweb.com/bin/drweb-ase Antispam.IdleTimeLimit = 1h Antispam.RunAsUser = drweb Antispam.FixedSocketPath = CloudD.LogLevel = Notice CloudD.Log = Auto CloudD.ExePath = /opt/drweb.com/bin/drweb-cloudd CloudD.RunAsUser = drweb CloudD.IdleTimeLimit = 30s CloudD.FixedSocketPath = CloudD.PersistentCache = Off CloudD.DebugSdk = No LinuxGUI.ExePath = /opt/drweb.com/bin/drweb-gui LinuxGUI.ExcludedPath = /proc LinuxGUI.ExcludedPath = /sys LinuxGUI.OnKnownVirus = Cure LinuxGUI.OnIncurable = Quarantine LinuxGUI.OnSuspicious = Quarantine LinuxGUI.OnAdware = Quarantine LinuxGUI.OnDialers = Quarantine LinuxGUI.OnJokes = Report LinuxGUI.OnRiskware = Report LinuxGUI.OnHacktools = Report LinuxGUI.ScanTimeout = 0 LinuxGUI.CheckEmails = Yes LinuxGUI.CheckArchives = Yes LinuxGUI.AutoApplying = Yes LinuxSpider.LogLevel = Notice LinuxSpider.Log = Auto LinuxSpider.ExePath = /opt/drweb.com/bin/drweb-spider LinuxSpider.Start = Yes LinuxSpider.IncludedPath = / LinuxSpider.ExcludedPath = /proc LinuxSpider.ExcludedPath = /sys LinuxSpider.Mode = Auto LinuxSpider.ExcludedProc = LinuxSpider.OnKnownVirus = Cure LinuxSpider.OnIncurable = Quarantine LinuxSpider.OnSuspicious = Quarantine LinuxSpider.OnAdware = Quarantine LinuxSpider.OnDialers = Quarantine LinuxSpider.OnJokes = Report LinuxSpider.OnRiskware = Report LinuxSpider.OnHacktools = Report LinuxSpider.ScanTimeout = 30s LinuxSpider.HeuristicAnalysis = On LinuxSpider.PackerMaxLevel = 8 LinuxSpider.ArchiveMaxLevel = 0 LinuxSpider.MailMaxLevel = 0 LinuxSpider.ContainerMaxLevel = 8 LinuxSpider.MaxCompressionRatio = 500 LinuxSpider.DebugAccess = No LinuxFirewall.LogLevel = Notice LinuxFirewall.Log = Auto LinuxFirewall.ExePath = /opt/drweb.com/bin/drweb-firewall LinuxFirewall.InputDivert = Off LinuxFirewall.OutputDivert = Off LinuxFirewall.UnwrapSsl = No LinuxFirewall.HttpSafeSearch = No LinuxFirewall.BlockUnchecked = No LinuxFirewall.InspectHttp = Yes LinuxFirewall.InspectPop3 = Yes LinuxFirewall.InspectImap = Yes LinuxFirewall.InspectSmtp = Yes LinuxFirewall.SniCheckAddress = No LinuxFirewall.ExcludedProc = LinuxFirewall.Whitelist = LinuxFirewall.Blacklist = LinuxFirewall.BlockInfectionSource = Yes LinuxFirewall.BlockNotRecommended = Yes LinuxFirewall.BlockAdultContent = No LinuxFirewall.BlockViolence = No LinuxFirewall.BlockWeapons = No LinuxFirewall.BlockGambling = No LinuxFirewall.BlockDrugs = No LinuxFirewall.BlockObsceneLanguage = No LinuxFirewall.BlockChats = No LinuxFirewall.BlockTerrorism = No LinuxFirewall.BlockFreeEmail = No LinuxFirewall.BlockSocialNetworks = No LinuxFirewall.BlockDueToCopyrightNotice = Yes LinuxFirewall.BlockKnownVirus = Yes LinuxFirewall.BlockSuspicious = Yes LinuxFirewall.BlockAdware = Yes LinuxFirewall.BlockDialers = Yes LinuxFirewall.BlockJokes = No LinuxFirewall.BlockRiskware = No LinuxFirewall.BlockHacktools = No LinuxFirewall.ScanTimeout = 30s LinuxFirewall.HeuristicAnalysis = On LinuxFirewall.PackerMaxLevel = 8 LinuxFirewall.ArchiveMaxLevel = 8 LinuxFirewall.MailMaxLevel = 8 LinuxFirewall.ContainerMaxLevel = 8 LinuxFirewall.MaxCompressionRatio = 500 LinuxFirewall.RuleSet0 = LinuxFirewall.RuleSet1 = divert output, proc in "LinuxFirewall.ExcludedProc" : PASS LinuxFirewall.RuleSet1 = : set UnwrapSSL = false LinuxFirewall.RuleSet1 = divert output : set HttpTemplatesDir = "output" LinuxFirewall.RuleSet1 = divert input : set HttpTemplatesDir = "input" LinuxFirewall.RuleSet1 = : set MailTemplatesDir = "firewall" LinuxFirewall.RuleSet2 = LinuxFirewall.RuleSet3 = LinuxFirewall.RuleSet4 = LinuxFirewall.RuleSet5 = protocol in (Http), direction request, url_host in "LinuxFirewall.Blacklist" : BLOCK as BlackList LinuxFirewall.RuleSet5 = protocol in (Http), direction request, url_host in "LinuxFirewall.Whitelist" : PASS LinuxFirewall.RuleSet6 = LinuxFirewall.RuleSet7 = protocol in (Http), direction request, url_category in "LinuxFirewall.BlockCategory" : BLOCK as _match LinuxFirewall.RuleSet8 = LinuxFirewall.RuleSet9 = protocol in (Http), divert input, direction request, threat_category in "LinuxFirewall.BlockThreat" : BLOCK as _match LinuxFirewall.RuleSet9 = protocol in (Http), direction response, threat_category in "LinuxFirewall.BlockThreat" : BLOCK as _match LinuxFirewall.RuleSet9 = protocol in (Smtp), threat_category in "LinuxFirewall.BlockThreat" : REJECT LinuxFirewall.RuleSet9 = protocol in (Smtp), url_category in "LinuxFirewall.BlockCategory" : REJECT LinuxFirewall.RuleSet9 = protocol in (Smtp), total_spam_score gt 0.80 : REJECT LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), threat_category in "LinuxFirewall.BlockThreat" : REPACK as _match LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), url_category in "LinuxFirewall.BlockCategory" : REPACK as _match LinuxFirewall.RuleSet9 = protocol in (Pop3, Imap), total_spam_score gt 0.80 : REPACK as _match LinuxFirewall.RuleSet10 =