Dr.Web checks user sites for malicious code (including viruses, Trojans, spambots, etc.) in PHP, JS, HTML and system files, and also performs treatment of infected files.

  • The use of the Dr.Web module is only available with a valid ispmanager license (does not apply to the trial version)

  • Dr.Web module is incompatible with ImunifyAV and CloudLinux. If at least one of them is installed, the Install button for Dr.Web module will be inactive. And vice versa: when Dr.Web is installed, the installation of ImunifyAV and CloudLinux will not be available.

The article contains the following sections:

Licenses


To use Dr. Web, you must purchase a license at eu.ispmanager.com.

Prices for the ispmanager license differ depending on the panel version (Lite, Pro, Host).

Available license terms:

  • one month;

  • one year.

Trial can be activated from the moment the module is released in ispmanager until February 28 inclusive. Activation takes place at the time of installation and is valid for a month, after which you need to remove the module or renew the license.

Installation/Removal


The Install button will be available only after the license purchase or trial period activation.

To install or remove:

  1. In the Main menu, choose Modules.

  2. In the Antiviruses category, click the Install/Remove button next to Dr.Web.

Example of Dr.Web in Modules

After installation:

  • the panel will be automatically reloaded;

  • settings will become available;

  • The Antivirus item will appear in the Main menu.

Main menu example

Settings


To configure the operation of the antivirus, click the Settings icon:

  • in the Antivirus form from the Main menu:

  • in the Modules form in the Main menu:

Make the necessary settings and click Save.

Scan settings:

  • File verification timeout – timeout for checking one file in ms. A value of 0 indicates that the check time is unlimited;

  • Maximum archive nesting level – the maximum nesting level of objects when scanning archives (zip, rar, etc.) that contain other archives, which, can contain more archives, etc. The value of this parameter sets the maximum level of the nesting hierarchy, after which archives inside the archives will not be scanned. A value of 0 indicates that nested objects will be skipped (the setting is available only to the administrator);

  • Maximum nesting level of other objects – the maximum nesting level of objects when checking other types of nested objects (HTML pages, jar files, etc.). The value of this parameter sets the limit level of nesting, after which objects within objects will not be checked. A value of 0 indicates that nested objects will be skipped. (the setting is available only to the administrator);

  • Maximum compression rate – the maximum compression for scanned objects. The value must be at least 2. (the setting is available only to the administrator);

  • The maximum size of files in the archive – the limit on the size of files in the archive. Files which size exceeds the value of this parameter will be skipped during the scan. The size is specified as a number with a suffix (KB, MB, GB). If no suffix is specified, the number is interpreted as the size in bytes. (the setting is available only to the administrator);

  • Heuristics (checkbox) – using heuristic analysis when checking;

  • Automatic scan (checkbox) – when this option is selected, all sites will be scanned daily. The start time can be configured in the Scheduler section (command example in scheduler: /usr/local/mgr5/sbin/cron-ispmgr sbin/mgrctl -m ispmgr drweb.autoscan >/dev/null 2>&1).

If the administrator has enabled the automatic scanning option, then all sites of all users on the server are scanned. In this case, the option becomes unavailable for disabling on the user's form.

If the option is not enabled by the administrator, then only the sites of users who have independently enabled this option will be scanned.

Dr.Web settings example

Actions when a threat is detected:

  • When a known threat is detected – the action to take if a known threat is detected by signature analysis methods;

  • When a suspicious object is found – the action to take if heuristic analysis detects a suspicious object.;

  • When an adware program is detected – action to take if an adware program is detected.;

  • When a dialer program is found – action to take if a dialer program is found;

  • When a joke program is detected – action to be taken if a joke program is detected;

  • When a potentially dangerous program is detected – the action to take if a potentially dangerous program is detected;

  • When a hacking program is detected – action to be taken if a hacking program is detected.

    Example of settings for actions when a threat is detected

Click on the corresponding threat field and select the available action from the drop-down list:

  • Only a report;

  • Quarantine;

  • Delete;

  • Cure – available only when a known threat is detected;

Usage


by him are available to the user.

If a threat is detected in a file located in a container (archive, mail message, etc.), the container is moved to quarantine instead of being deleted.

To work with an antivirus in the Main menu, click Antivirus. On the form that opens:

  • all objects are listed;

The administrator can access all objects, and the user only those which he created.

  • Action buttons:

    • Scan – initiate a scan of the selected objects;

    • Stop – stop scanning the selected objects;

    • Threats – shows the list of suspected threats and possible actions with them;

    • Quarantine – shows the list of threats and possible actions with them.

Dr.Web form example

Threats and Quarantine will be available if threats are detected after scanning.

Threats

The form displays a list of suspected threats. Possible actions with them:

  • Cure – an attempt to cure an infected object by removing malicious content from it, and leaving the useful content intact. Please note that this action can’t be applied to all types of threats;

  • Quarantine – move the infected object (if it allows this operation) to a special quarantine directory in order to isolate it;

  • Delete – delete the selected objects;

  • Ignore – skip the detected threat without taking any action.

Threats form example

Quarantine

The antivirus places suspicious and infected files in the quarantine folder. Possible actions with the selected objects:

  • Cure – an attempt to cure an infected object by removing malicious content from it, and leaving the useful content intact. Please note that this action can’t be applied to all types of threats;

  • Delete – removes the selected objects;

  • Restore – restore the file to its original location.

Quarantine form example

Notifications


To receive notifications about detected threats during scanning:

  1. Configure notifications (см. Notifications setup).

  2. In the antivirus settings, enable the checkbox Send notifications (at the end of the form) and click Save.

Example of setting notifications

If notifications have not been previously configured, the Send Notifications checkbox will be missing in Dr.Web settings.