3.3 Constant Anti-virus Protection |
Constant anti-virus protection is carried out via a resident component called SpIDer Guard that checks all files accessed by the user or other programs in the system in real time. By default, it is enabled as soon as you install and register Dr.Web Anti-Virus for Linux. Whenever a threat is detected, SpIDer Guard displays a warning and applies actions according to the anti-virus preferences (see Configuring Automatic Actions). To enable or disable SpIDer Guard Do one of the following
When you exit Dr.Web Anti-Virus for Linux Control Desk, SpIDer Guard memorizes its last state (whether it was enabled or disabled) and restores it at the next start of Dr.Web Anti-Virus for Linux. So if the user disables the SpIDer Guard before exiting Dr.Web Anti-Virus for Linux Control Desk, then it will remain disabled after the next start of the software suite and must be enabled manually. SpIDer Guard monitor implements scanning with rights of user, that started it. Considering this situations, when file or directory access is denied can appear because of lack of rights. In that case message about access denying would be written to report. To avoid this situation,you can exclude certain files and folders from scanning by SpIDer Guard and set up the maximum time for scanning one file in the anti-virus preferences (see Excluding Files from Scanning). Increase of inotify subsystem limit SpIDer Guard file monitor uses inotify kernel module for real-time file check. If inotify limit exceeds, following message will be written to SpIDer Guard's system log: drweb-spider: WARNING: inotify limit is exceeded Inotify limit is specified by fs.inotify.max_user_watches OS parameter. To see its current value, execute following command: # sysctl -a | grep 'fs.inotify.max_user_watches' As a result of execution following string will be displayed: fs.inotify.max_user_watches = <digit> where <digit> - inotify limit.
# sysctl fs.inotify.max_user_watches=<digit> <digit> has to be more than current fs.inotify.max_user_watches OS parameter value. In this case, parameter value will take effect until you restart your computer.
fs.inotify.max_user_watches = <digit>
# sysctl -p
|