3.3 Constant Anti-virus Protection

Constant anti-virus protection is carried out via a resident component called SpIDer Guard that checks all files accessed by the user or other programs in the system in real time. By default, it is enabled as soon as you install and register Dr.Web Anti-Virus for Linux. Whenever a threat is detected, SpIDer Guard displays a warning and applies actions according to the anti-virus preferences (see Configuring Automatic Actions).

To enable or disable SpIDer Guard

Do one of the following

In the SpIDer Guard section of the page Dr.Web Anti-Virus for Linux on Control Desk click Enable or Disable.
Right-click the Dr.Web Anti-Virus for Linux icon Icon_Panel in the notification area and select and select the Enable or Disable item.

 

warning

Be extremely cautious when using this option! While SpIDer Guard functions are disabled, avoid connecting to the Internet and check all removable media using Scanner Daemon before accessing.

 

When you exit Dr.Web Anti-Virus for Linux Control Desk, SpIDer Guard memorizes its last state (whether it was enabled or disabled) and restores it at the next start of Dr.Web Anti-Virus for Linux. So if the user disables the SpIDer Guard before exiting Dr.Web Anti-Virus for Linux Control Desk, then it will remain disabled after the next start of the software suite and must be enabled manually.

SpIDer Guard monitor implements scanning with rights of user, that started it. Considering this situations, when file or directory access is denied can appear because of lack of rights. In that case message about access denying would be written to report. To avoid this situation,you can exclude certain files and folders from scanning by SpIDer Guard and set up the maximum time for scanning one file in the anti-virus preferences (see Excluding Files from Scanning).

Increase of inotify subsystem limit

SpIDer Guard file monitor uses inotify kernel module for real-time file check. If inotify limit exceeds, following message will be written to SpIDer Guard's system log:

drweb-spider: WARNING: inotify limit is exceeded

Inotify limit is specified by fs.inotify.max_user_watches OS parameter. To see its current value, execute following command:

# sysctl -a | grep 'fs.inotify.max_user_watches'

As a result of execution following string will be displayed:

fs.inotify.max_user_watches = <digit>

where <digit> - inotify limit.

To increase limit temporary execute the following:

# sysctl fs.inotify.max_user_watches=<digit>

<digit> has to be more than current fs.inotify.max_user_watches OS parameter value.

In this case, parameter value will take effect until you restart your computer.

To increase limit permanently:
1. Add the following string to /etc/sysctl.conf:

fs.inotify.max_user_watches = <digit>

2. To accept changes, restart your computer or execute comand:

# sysctl -p

 

warning

Superuser (root) privileges are necessary to perform all these operations. For executing commands with the superuser rights, use command sudo or su.