Plesk Drweb



Plesk for Linux supports the following antivirus software:

  • Plesk Premium Antivirus based on Dr.Web.
  • Kaspersky Antivirus.

Both these solutions provide you with real-time mail traffic scanningand malware protection for customers. In this section you will finddetailed information on these antivirus solutions.

  1. To learn more about Dr. Web anti-virus, visit www.drweb.com. If you did not install Dr.Web packages during installation of Plesk, install the RPM packages drweb and drweb-qmail from the Plesk distribution. The packages are located in /opt/drweb directory. Change your working directory to the location where the Plesk distribution resides.
  2. Directory List 2.3 Medium - Free ebook download as Text File (.txt), PDF File (.pdf) or read book online for free.

And now you’ve successfully schedule a cron job using the scheduled tasks tool within Plesk. Now that you know how to schedule tasks using both cPanel and Plesk, you should be ready to start scheduling cron jobs as needed. Just remember, if you encounter any problems, feel free to issue a support ticket and our support team will be happy to help.

Plesk Premium Antivirus

Plesk Premium Antivirus is shipped with Plesk in the form of RPMpackages.

Directory Structure

Root directory: /opt/drweb/

Configuration files:

  • /etc/drweb/ is a directory with various configuration files.
  • /etc/drweb/drweb32.ini is the default configuration file for drwebdengine.
  • /etc/drweb/drweb_qmail.conf is the configuration file for theqmail-queue filter.
  • /etc/drweb/users.conf stores the configuration for every mail name forwhich antivirus is enabled.

Virus databases: /var/drweb/bases/*vdb

Quarantine directory: /var/drweb/infected/

Log file: /var/drweb/log/drwebd.log

Managing the Antivirus

The Dr.Web service is a standalone drwebd daemon (also called engine),which is started from the /etc/init.d/drwebd script. You can also stopand start it again with the following command:

these commands stop and start other Plesk services: DNS server, mailserver, and so on

You can also manage it within the Services Management page in theServer Administration Panel.

The interaction with drwebd is established through the Dr.Web client. Itcan change antivirus parameters and start checking files. The clientdisplays a full list of its attributes if run without attributes. Also,it can extract detailed operational information from the engine. Thefollowing command gives information about the Dr.Web version and virusdatabase.

By default, the virus databases are updated every 30 minutes by means ofthe cron task: /opt/drweb/update/update.pl>dev/null2>&1

Filtering Mail

Dr.Web substitutes the native qmail-queue filter used for transferringincoming messages to the qmail queue with its own utility. The utility’sconfiguration settings are stored in the /etc/drweb/drweb_handler.conffile.

Dr.Web filtering is activated on the mail name level. If enabled it cancheck incoming, outgoing or both kinds of messages. The information isstored in the /etc/drweb/users.conf file. The following is an example ofthree mail names with different Dr.Web configurations:

In the above configuration, Dr.Web will check viruses in:

  • Incoming and outgoing messages for admin@domain01.tst
  • Incoming messages for user01@domain01.tst
  • Outgoing messages for user02@domain01.tst

Kaspersky Antivirus

Kaspersky Antivirus is a module that scans incoming and outgoing mailtraffic on your server, and removes malicious and potentially dangerouscode from email messages. In order to use Kaspersky Antivirus with yourPlesk server, you need to install the Kaspersky Antivirus module, thenpurchase and install a license key.

Plesk Drweb

Kaspersky Antivirus is distributed as an RPM package.

Plesk Web Pro

Kaspersky Antivirus Structure

Kaspersky Antivirus resides in the following directories in Plesk.

Root directory: /opt/kav/5.5/kav4mailservers

Configuration file: /etc/kav/5.5/kav4mailservers/kav4mailservers.conf.It contains parameters as key=value pairs grouped by sections. Theydefine the operation of all Kaspersky Antivirus components. Allconfiguration file parameters are grouped into sections, each of themcorresponding to a particular component of the product.

Plesk drweb daemonPlesk Drweb

Virus databases: /var/db/kav/5.5/kav4mailservers/bases

License keys directory: /var/db/kav/5.5/kav4mailservers/licenses

Incoming and outgoing mail messages are processed like this:

  1. The stream of mail messages comes in from other servers or mailclients via the SMTP protocol.
  2. The mail system receives the mail traffic and passes it to KasperskyAntivirus for scanning.
  3. The application processes the mail traffic according to the specifiedsettings, and returns it to the mail system along with an additionalset of notifications.
  4. The mail system routes the mail traffic to its destination.

If you’re running DrWeb32 anti-virus in combination with Plesk, you may have noticed a lot of “read error” messages since the last few days. In your maillogs, it could look like this.

Dec 19 06:00:07 server qmail-queue[9434]: scan: the message(drweb.tmp.hdrl8i) sent by to user@domain.be daemon return error (read error, after scanning/curing composite object is clean) – possible problem with daemon or file

The mails received contain content like this.

Plesk Drweb

Antivirus filter report:

Plesk Drweb

-– Antivirus report -–

Detailed report:

127.0.0.1 [1636] drweb.tmp.0Ugml7 – archive MAIL

127.0.0.1 [1636] drweb.tmp.0Ugml7/[text:plain] – Ok

127.0.0.1 [1636] drweb.tmp.0Ugml7/test.zip – archive ZIP

127.0.0.1 [1636] >drweb.tmp.0Ugml7/test.zip/test.txt – Ok

**127.0.0.1 [1636] >drweb.tmp.0Ugml7/test.zip/ – read error!

**

Drweb Plesk Com For Windows

Official fix by Parallels

Plesk Web Host

Update: Parallels has released an official KB with a resolution: http://kb.parallels.com/en/113018. If that does not work, you can try the steps below – but they should be obsolete.

Plesk Web Ftp

Workaround without Parallels

Only try the steps below if the above KB doesn’t resolve your issue.

A quick fix for now is to change the way DrWeb handles the files that contain scanning errors or processing errors. Edit the file /etc/drweb/drweb_handler.conf and search the following.

Plesk Disable Drweb

And change it to the following.

And restart DrWeb.

Plesk Drweb Com

The problem is caused by an update that was pushed automatically on December 15th. It will be resolved as soon as Parallels has a fix for this, after that the fix is also applied automatically as DrWeb loads it’s updates.

Plesk Drweb Log

In this case, every 30 minutes the update is being checked.