Recently a client wanted a free alternative to Plesk’s DrWeb, I went with ClamAV.
Here’s what I did to migrate the system from DrWeb to ClamAV.
- Doctor Web is a Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992.
- Plesk Premium Antivirus based on Dr.Web.
- Web will not start after Upgrade to Plesk 17.5.3 The vServer (at Hetzner, Germany) runs Debian 8, all Packages are current. Today I ran the Upgrade from Plesk 7.0.17 to Plesk 17.5.3 via Plesk Installer GUI. That ran through fine, but afterwards Dr.Web (drwebd) would no longer start, not even after a Reboot of the vServer.
REMOVE DRWEB
1. Firstly lets remove DrWeb properly:
X-Cron-Env: drweb X-Cron-Env: drweb Hosting provider offers terrible support and would like help with disabling or fixing in plesk control panel 9.5.1, I am new to all this and search web but kept finding coding fixes which is beyond me. And now you’ve successfully schedule a cron job using the scheduled tasks tool within Plesk. Now that you know how to schedule tasks using both cPanel and Plesk, you should be ready to start scheduling cron jobs as needed. Just remember, if you encounter any problems, feel free to issue a support ticket and our support team will be happy to help.
2 | Header:X-AV-Checked:ClamAV using ClamSMTP |
And uncomment it.
SET UP FRESHCLAM
6. ClamAV Freshclam, can be set up in several ways, I find it best to use cron for an hourly update.
To configure freshclam run…
And select cron instead of daemon.
7. You should have a default cron job for freshclam in /etc/cron.d/clamav-freshclam, should you wish to manage the task in Plesk or crontab you should disable first by commenting it out, you can then add the task to crontab like so…
2 | 30****/usr/bin/freshclam--quiet |
8. Now restart freshclam with
And you should be good.
Any questions feel free to contact me.
Plesk for Linux supports the following antivirus software:
- Plesk Premium Antivirus based on Dr.Web.
- Kaspersky Antivirus.
Both these solutions provide you with real-time mail traffic scanningand malware protection for customers. In this section you will finddetailed information on these antivirus solutions.
Plesk Premium Antivirus
Plesk Premium Antivirus is shipped with Plesk in the form of RPMpackages.
Directory Structure
Root directory: /opt/drweb/
Configuration files:
/etc/drweb/is a directory with various configuration files./etc/drweb/drweb32.iniis the default configuration file for drwebdengine./etc/drweb/drweb_qmail.confis the configuration file for theqmail-queue filter./etc/drweb/users.confstores the configuration for every mail name forwhich antivirus is enabled.
Virus databases: /var/drweb/bases/*vdb
Quarantine directory: /var/drweb/infected/
Log file: /var/drweb/log/drwebd.log
Managing the Antivirus
The Dr.Web service is a standalone drwebd daemon (also called engine),which is started from the /etc/init.d/drwebd script. You can also stopand start it again with the following command:
these commands stop and start other Plesk services: DNS server, mailserver, and so on
You can also manage it within the Services Management page in theServer Administration Panel.
The interaction with drwebd is established through the Dr.Web client. Itcan change antivirus parameters and start checking files. The clientdisplays a full list of its attributes if run without attributes. Also,it can extract detailed operational information from the engine. Thefollowing command gives information about the Dr.Web version and virusdatabase.
By default, the virus databases are updated every 30 minutes by means ofthe cron task: /opt/drweb/update/update.pl>dev/null2>&1
Filtering Mail
Dr.Web substitutes the native qmail-queue filter used for transferringincoming messages to the qmail queue with its own utility. The utility’sconfiguration settings are stored in the /etc/drweb/drweb_handler.conffile.
Dr.Web filtering is activated on the mail name level. If enabled it cancheck incoming, outgoing or both kinds of messages. The information isstored in the /etc/drweb/users.conf file. The following is an example ofthree mail names with different Dr.Web configurations:
In the above configuration, Dr.Web will check viruses in:
- Incoming and outgoing messages for
admin@domain01.tst - Incoming messages for
user01@domain01.tst - Outgoing messages for
user02@domain01.tst
Kaspersky Antivirus
Kaspersky Antivirus is a module that scans incoming and outgoing mailtraffic on your server, and removes malicious and potentially dangerouscode from email messages. In order to use Kaspersky Antivirus with yourPlesk server, you need to install the Kaspersky Antivirus module, thenpurchase and install a license key.
Kaspersky Antivirus is distributed as an RPM package.
Plesk Web Pro
Kaspersky Antivirus Structure
Plesk Web
Kaspersky Antivirus resides in the following directories in Plesk.
Root directory: /opt/kav/5.5/kav4mailservers
Plesk Drweb Com
Configuration file: /etc/kav/5.5/kav4mailservers/kav4mailservers.conf.It contains parameters as key=value pairs grouped by sections. Theydefine the operation of all Kaspersky Antivirus components. Allconfiguration file parameters are grouped into sections, each of themcorresponding to a particular component of the product.
Virus databases: /var/db/kav/5.5/kav4mailservers/bases
License keys directory: /var/db/kav/5.5/kav4mailservers/licenses
Drweb Plesk Com For Windows
Incoming and outgoing mail messages are processed like this:
- The stream of mail messages comes in from other servers or mailclients via the SMTP protocol.
- The mail system receives the mail traffic and passes it to KasperskyAntivirus for scanning.
- The application processes the mail traffic according to the specifiedsettings, and returns it to the mail system along with an additionalset of notifications.
- The mail system routes the mail traffic to its destination.