30-04-2021



Recently a client wanted a free alternative to Plesk’s DrWeb, I went with ClamAV.
Here’s what I did to migrate the system from DrWeb to ClamAV.

  1. Doctor Web is a Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992.
  2. Plesk Premium Antivirus based on Dr.Web.
  3. Web will not start after Upgrade to Plesk 17.5.3 The vServer (at Hetzner, Germany) runs Debian 8, all Packages are current. Today I ran the Upgrade from Plesk 7.0.17 to Plesk 17.5.3 via Plesk Installer GUI. That ran through fine, but afterwards Dr.Web (drwebd) would no longer start, not even after a Reboot of the vServer.

REMOVE DRWEB

1. Firstly lets remove DrWeb properly:

X-Cron-Env: drweb X-Cron-Env: drweb Hosting provider offers terrible support and would like help with disabling or fixing in plesk control panel 9.5.1, I am new to all this and search web but kept finding coding fixes which is beyond me. And now you’ve successfully schedule a cron job using the scheduled tasks tool within Plesk. Now that you know how to schedule tasks using both cPanel and Plesk, you should be ready to start scheduling cron jobs as needed. Just remember, if you encounter any problems, feel free to issue a support ticket and our support team will be happy to help.

Remove DrWeb
2
Header:X-AV-Checked:ClamAV using ClamSMTP

And uncomment it.

SET UP FRESHCLAM

6. ClamAV Freshclam, can be set up in several ways, I find it best to use cron for an hourly update.
To configure freshclam run…

Reconfigure freshclam

And select cron instead of daemon.

7. You should have a default cron job for freshclam in /etc/cron.d/clamav-freshclam, should you wish to manage the task in Plesk or crontab you should disable first by commenting it out, you can then add the task to crontab like so…

Add cron job with crontab
2
30****/usr/bin/freshclam--quiet

8. Now restart freshclam with

Restart freshclam

And you should be good.
Any questions feel free to contact me.

Plesk for Linux supports the following antivirus software:

  • Plesk Premium Antivirus based on Dr.Web.
  • Kaspersky Antivirus.

Both these solutions provide you with real-time mail traffic scanningand malware protection for customers. In this section you will finddetailed information on these antivirus solutions.

Plesk Premium Antivirus

Plesk Premium Antivirus is shipped with Plesk in the form of RPMpackages.

Directory Structure

Root directory: /opt/drweb/

Configuration files:

  • /etc/drweb/ is a directory with various configuration files.
  • /etc/drweb/drweb32.ini is the default configuration file for drwebdengine.
  • /etc/drweb/drweb_qmail.conf is the configuration file for theqmail-queue filter.
  • /etc/drweb/users.conf stores the configuration for every mail name forwhich antivirus is enabled.

Virus databases: /var/drweb/bases/*vdb

Quarantine directory: /var/drweb/infected/

Log file: /var/drweb/log/drwebd.log

Managing the Antivirus

The Dr.Web service is a standalone drwebd daemon (also called engine),which is started from the /etc/init.d/drwebd script. You can also stopand start it again with the following command:

these commands stop and start other Plesk services: DNS server, mailserver, and so on

You can also manage it within the Services Management page in theServer Administration Panel.

The interaction with drwebd is established through the Dr.Web client. Itcan change antivirus parameters and start checking files. The clientdisplays a full list of its attributes if run without attributes. Also,it can extract detailed operational information from the engine. Thefollowing command gives information about the Dr.Web version and virusdatabase.

By default, the virus databases are updated every 30 minutes by means ofthe cron task: /opt/drweb/update/update.pl>dev/null2>&1

Filtering Mail

Dr.Web substitutes the native qmail-queue filter used for transferringincoming messages to the qmail queue with its own utility. The utility’sconfiguration settings are stored in the /etc/drweb/drweb_handler.conffile.

Dr.Web filtering is activated on the mail name level. If enabled it cancheck incoming, outgoing or both kinds of messages. The information isstored in the /etc/drweb/users.conf file. The following is an example ofthree mail names with different Dr.Web configurations:

In the above configuration, Dr.Web will check viruses in:

  • Incoming and outgoing messages for admin@domain01.tst
  • Incoming messages for user01@domain01.tst
  • Outgoing messages for user02@domain01.tst

Kaspersky Antivirus

Kaspersky Antivirus is a module that scans incoming and outgoing mailtraffic on your server, and removes malicious and potentially dangerouscode from email messages. In order to use Kaspersky Antivirus with yourPlesk server, you need to install the Kaspersky Antivirus module, thenpurchase and install a license key.

Kaspersky Antivirus is distributed as an RPM package.

Plesk Web Pro

Kaspersky Antivirus Structure

Plesk Web

Kaspersky Antivirus resides in the following directories in Plesk.

Root directory: /opt/kav/5.5/kav4mailservers

Plesk Drweb Com

Configuration file: /etc/kav/5.5/kav4mailservers/kav4mailservers.conf.It contains parameters as key=value pairs grouped by sections. Theydefine the operation of all Kaspersky Antivirus components. Allconfiguration file parameters are grouped into sections, each of themcorresponding to a particular component of the product.

Virus databases: /var/db/kav/5.5/kav4mailservers/bases

License keys directory: /var/db/kav/5.5/kav4mailservers/licenses

Drweb Plesk Com For Windows

Incoming and outgoing mail messages are processed like this:

  1. The stream of mail messages comes in from other servers or mailclients via the SMTP protocol.
  2. The mail system receives the mail traffic and passes it to KasperskyAntivirus for scanning.
  3. The application processes the mail traffic according to the specifiedsettings, and returns it to the mail system along with an additionalset of notifications.
  4. The mail system routes the mail traffic to its destination.