Usage Examples

Top  Previous  Next

Usage examples for Dr.Web Ctl (drweb-ctl):

1. Object scanning

1.1. Simple scanning commands

1.Perform scanning of the /home directory with default parameters:

$ drweb-ctl scan /home

2.Scan paths listed in the daily_scan file (one path per line):

$ drweb-ctl scan --stdin < daily_scan

3.Perform scanning of the boot record on the sda:

$ drweb-ctl bootscan /dev/sda

4.Perform scanning of the running processes:

$ drweb-ctl procscan

1.2. Scanning of files selected by criteria

Examples for selection of files for scanning are listed below and use the result of the operation of the utility find. The obtained list of files is sent to the command drweb-ctl scan with the parameter --stdin or --stdin0.

1.Scan listed files returned by the utility find and separated with the NUL ('\0') character:

$ find -print0 | drweb-ctl scan --stdin0

2.Scan all files in all directories, starting from the root directory, on one partition of the file system:

$ find / -xdev -type f | drweb-ctl scan --stdin

3.Scan all files in all directories, starting from the root directory, with the exception of the /var/log/messages and /var/log/syslog files:

$ find / -type f ! -path /var/log/messages ! -path /var/log/syslog | drweb-ctl scan –stdin

4.Scan all files owned by the root user in all directories, starting from the root directory:

$ find / -type f -user root | drweb-ctl scan --stdin

5.Scan files owned by the users named root and admin in all directories, starting from the root directory:

$ find / -type f \( -user root -o -user admin \) | drweb-ctl scan --stdin

6.Scan files of users with UID in the range 1000–1005 in all directories, starting from the root directory:

$ find / -type f -uid +999 -uid -1006 | drweb-ctl scan --stdin

7.Scan files in all the directories and subdirectories (starting from the root directory), but descend not more than 5 levels below the root directory:

$ find / -maxdepth 5 -type f | drweb-ctl scan --stdin

8.Scan files in a root directory ignoring files in subdirectories:

$ find / -maxdepth 1 -type f | drweb-ctl scan --stdin

9.Scan files in all directories, starting from the root directory, including following all symbolic links:

$ find -L / -type f | drweb-ctl scan --stdin

10.Scan files in all directories, starting from the root directory, without following symbolic links:

$ find -P / -type f | drweb-ctl scan --stdin

11.Scan files created not later than May 1, 2017 in all directories, starting with the root directory:

$ find / -type f -newermt 2017-05-01 | drweb-ctl scan --stdin

1.3. Scanning of additional objects

1.Scanning of objects located in the directory /tmp on the remote server 192.168.0.1 by connecting to it via SSH as a user user with the password passw:

$ drweb-ctl remotescan 192.168.0.1 /tmp --Login user --Password passw

 

2.Scanning of files in the directory /home/user/Downloads via request to Dr.Web Cloud:

$ drweb-ctl cloudscan /home/user/Downloads

3.Check of categories of the URL www.google.com via request to Dr.Web Cloud:

$ drweb-ctl cloudcheck www.google.com

 

4.Scanning of a mail message saved in the file email.eml, using the default set of rules:

$ drweb-ctl checkmail email.eml

 

Examples of commands 2—4 will not work if your installed product distribution does not include Dr.Web CloudD and Dr.Web MailD.

 

2. Configuration management

1.Display information on a current program package, including information about running processes:

$ drweb-ctl appinfo

2.Output all parameters from the [Root] section of the active configuration:

$ drweb-ctl cfshow Root

3.Set 'No' as the value of the Start parameter in the [ClamD] section of the active configuration (this will disable the Dr.Web ClamD component):

# drweb-ctl cfset ClamD.Start No

Note that superuser privileges are required to perform this action. To elevate the privileges, you can use the sudo command, as shown in the following example:

$ sudo drweb-ctl cfset ClamD.Start No

4.Perform force update of anti-virus components of the product:

$ drweb-ctl update

5.Restart the configuration of components of the installed Dr.Web program package:

# drweb-ctl reload

Note that superuser privileges are required to perform this action. To elevate the privileges, you can use the sudo command, as shown in the following example:

$ sudo drweb-ctl reload

6.Connect the product to the server of central protection, operating on server 192.168.0.1 under the condition that a public key of the server is located in file /home/user/cskey.pub:

$ drweb-ctl esconnect 192.168.0.1 --Key /home/user/cskey.pub

7.Disconnect the product from Anti-Virus Network:

# drweb-ctl esdisconnect

Note that superuser privileges are required to perform this action. To elevate the privileges, you can use the sudo command, as shown in the following example:

$ sudo drweb-ctl esdisconnect

3. Threats Management

1.Display information on detected threats:

$ drweb-ctl threats

2.Move all files containing threats which were not neutralized to quarantine:

$ drweb-ctl threats --Quarantine All

3.Display list of files moved to quarantine:

$ drweb-ctl quarantine

4.Restore all files from quarantine:

$ drweb-ctl quarantine --Restore All

 

5.Generate a password for a protected archive in the mail message with the identifier 12345, under condition that, for this email message, HMAC method of password generation has been used, and up-to-date secret word is indicated in the settings of Dr.Web MailD:

$ drweb-ctl idpass 12345

 

Examples of command 5 will not work if your installed product distribution does not include Dr.Web MailD.