Dr.Web Anti-virus for Linux provides you with the following features:
1. | Detection and neutralization of malicious programs (for example, viruses, including those that infect mailboxes and boot records, Trojan programs, mail worms) and unwanted software (for example, adware, joke programs, dialers). |
Dr.Web Anti-virus for Linux uses several malicious software detection methods simultaneously:
• | signature analysis which allows detection of known threats |
• | heuristic analysis which allows detection of threats that are not present in virus databases. |
Note that as with any system of hypothesis testing under uncertainty, the heuristics analyzer may omit viruses or raise false alarms. As an object can be erroneously considered as malicious, all threats detected by the heuristics analyzer are treated as suspicious. So, it is recommended not to delete such threats but move them to Quarantine and send to Doctor Web Virus Laboratory for analysis. For details on methods to neutralize computer threats, refer to Fighting computer Threats (Appendix B).
System objects are scanned at user request or automatically, according to the scheduled. The user can launch scanning of all file system objects (including both files and boot records) as well as select custom scan when only specified files, directories, and boot records are scanned. Also it is possible to launch scanning only of binary executable files containing code of currently running processes. If a threat is detected in such case, not only the malicious object is neutralized but also the active process is terminated.
2. | Monitoring access to data files and attempts to run executables. This feature allows detection and neutralization of malware right at the moment of an infection attempt. |
3. | Reliable isolation of infected or suspicious objects. Such objects are moved to a special storage, Quarantine, to prevent any harm to the system. When moving to Quarantine, objects are renamed according to special rules and, if necessary, they can be restored to their original location only at user request. |
4. | Automatic update of Dr.Web virus databases and anti-virus engine to enable Anti-virus to use the most recent information about known malicious software. |
5. | Operation in central protection mode (when connected to the central protection server, such as Dr.Web Enterprise Server or as a part of Dr.Web AV-Desk service). This mode allows to implement a unified security policy on the computers of the protected network. It can be a corporate network, a private network (VPN), or a network of a service provider (for example, a provider of Internet service) . |
|