• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Anti-virus management (Increase in Virus Notifications).

wired-circuit

New Pleskian
Apologies if there is a thread somewhere already on this topic, I have looked and have been unable to find anything. Please before replying, consider your response and don't place negative unhelpful comments;

Over the last few weeks I have seen an increase in virus notifications sent to the administrator account, the messages infer that the virus has been deleted, but do not confirm the action taken.

My question is in three parts;
  1. What is the default anti-virus action?
  2. How can I manage the anti-virus options?
  3. Have you any recommendations for reduction of attacks?

Example Message
It certainly looks like the virus was detected and deleted "was not delivered because it contains an infected object", but I have concerns, especially because other domains hosted are now receiving these messages.

Code:
Dear Postmaster,

A message with the following attributes was not delivered because it contains an infected object.

Sender = [email protected] (may be forged)
Recipients = [email protected]
Subject =  Wells Fargo Advisors
Message-ID =  <[email protected]>

--- Antivirus report ---
The following viruses were found:
Known virus(es):
Trojan.DownLoad3.28161

Detailed report:
127.0.0.1 [8644] drweb.tmp.6y2liE - archive MAIL
127.0.0.1 [8644] >drweb.tmp.6y2liE/5.part - archive ZIP
127.0.0.1 [8644] >>drweb.tmp.6y2liE/5.part/report.pdf.exe infected with Trojan.DownLoad3.28161
127.0.0.1 [8644] >drweb.tmp.6y2liE/6.part - Ok
127.0.0.1 [8644] >drweb.tmp.6y2liE/7.part - Ok

Scanning statistics:
Known viruses : 1

--- Antivirus report ---

The original message was stored in an archive record named:
drweb.quarantine.vUUPHw
X-No-Relay: not in my network
Received: from bb116-15-131-196.singnet.com.sg (bb116-15-131-196.singnet.com.sg [116.15.131.196])
	by myhostname.com (Postfix) with ESMTP id E0464922DE4
	for <[email protected]>; Wed, 13 Nov 2013 05:53:03 +0100 (CET)
Received: from [100.68.115.174] (helo=ebdzlrbtn.kscbwrsncia.ru)
	by bb116-15-131-196.singnet.com.sg with esmtpa (Exim 4.69)
	(envelope-from )
	id 1MMCZK-0766me-Z3
	for [email protected]; Wed, 13 Nov 2013 12:53:02 +0800
Date: 	Wed, 13 Nov 2013 12:53:02 +0800
From: 	"WELLS FARGO" <[email protected]>
X-Mailer: The Bat! (v3.80.06) Educational
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: <[email protected]>
Subject: Wells Fargo Advisors
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----------A6FD4D078FB71F55"

OS: Ubuntu 12.04 LTS
Panel version: 11.5.30 Update #21, last updated at Nov 13, 2013 06:33 AM
The system is up-to-date; last checked at Nov 8, 2013 06:25 AM
 
All actions and settings of anivirus are defined in corresponding config files /etc/drweb/drweb32.ini and /etc/drweb/drweb_handler.conf Other configs can be found and tuned in /etc/drweb directory.
 
Back
Top