Dr Web does not appear to be doing anything

[timbr8ks]

So I paid the licensing fee for Dr. Web, but standard viruses still are coming through and being picked up by Norton. In fact, I can't find any evidence that Dr. Web is doing anything.

How do I determine if Dr. Web is catching any viruses at all? If it's not, how do I get it moving?

I'm a Web guy, not a server guy, so please respond as if I know very little.

Thanks.

 

[zacpac]

you say you have purchased the licence, have you acutally installed it ?

and if so do you have the following file

/opt/drweb/drweb32.key

as this is where the drweb key should be

if that is not installed it will only support 15 mailboxes.

 

[timbr8ks]

Using the PSA interface, I certainly THOUGHT I had installed it. The file you mention, however, is not in place. Still, my Plesk License key says:

Ability to use Dr.Web antivirus On

The key shows up under "Additional keys", it's listed under my Plesk components, and it says it's running under Services Management.

Is there something more I'm suppoesed to do? Unfortunately, http://www.drweb.com appears to be down.

 

[zacpac]

yeah i had a similar problem to the one that your having it seems that drweb needs its own key that doesn't seem to be supplied by the plesk interface.

have a look at the file drweb32.ini which you can do using the following command

more /etc/drweb/drweb32.ini

find the section to do with the key files you will find this

;Key = {path to the file, usual extension is key }
; Location of the file with the registration key. You may specify
; relational path, but it is strongly recommended to make it
; absolute.
Key = "/opt/drweb/drweb32.key"

;PleskPublicKey = {path to the file }
; Location of the file with the Plesk public RSA key. You may specify
; relational path, but it is strongly recommended to make it
; absolute.
PleskPublicKey = "/etc/drweb/plesk.key"

as you can see it looks to me like it is using 2 keys the plesk public key for something and also the drweb32.key

also if you restart drweb and check /var/log/messages it will tell you if drweb is licenced or not

do you have a drweb32.key ?? if you do all you need to do is to upload it to you server put it in the correct location and restart drweb

if you don't have one i am guessing that you will need to contact your hosting provider or plesk

i purchsed my key through ev1 and they sent the key to us to upload ourselves

 

[Whistler]

Another thing: have you updated the virusdefinitions base? Remember to run the drweb/update/update.pl script once in a while.

(I run it with Cron about every 3 hours - sometimes DrWeb releases more than one defintion file a day).

I've just made a test today - with an old email account where I get about 2-300 spam/virus mails a day - and DrWeb found and removed all mails with virus so far...

 

[leobag]

if that is not installed it will only support 15 mailboxes.

So, if we don't pay for Dr.Web, we can still use it on 15 mailboxes?
+

 

[zacpac]

i don't want to say yes but thats the way that it looks like to me you however from my testing have no control over which 15 mailboxes, and you also need your plesk key to say drweb yes

i got more that 15 boxes i need covered though ;-) alot more

 

[leobag]

is there anywhere that shows who is using the service?

Or is the only way to tell is to look at the log file (drwebd.log), where it says "Daemon is enabled for protecting 9 e-mail`s:" (and then it lists the emails)?

Is there a way to turn Dr.Web off completely so it doesn't interfere with anything (like qmail)?
+

 

[zacpac]

i got that information from /var/log/messages at the time of start up.

if you don't enable any mailboxes the log shows that it was an email address not to be checked and lets it through

if you want to make sure that nothing is being checked then uninstall the rpm

 

[leobag]

i had some concerns about uninstalling that I voiced in another thread . I just don't want to break anything.
+

 

[wharfratjoe]

ok here is a newbie question. what are the correct parrameters to setup a cron job for drweb to check for updates?

 

[Whistler]

I just have this crontab set for root:

0 */3 * * * /usr/local/drweb/update/update.pl

This will run the update.pl script every three hours starting at 00, 03, 06, 09, 12 etc.