Dr.Web don't work - Help!

[crnunez]

Hello friends,
I have one machine with this configuration:

Plesk psa v8.0.0_build80060425.18 os_RedHat el4
S.O. Linux 2.6.9-34.ELsmp

I have all the components installed but for a extrange reason Dr.Web don't work!

More informations for you:
[root@ns log]# ls -l /var/qmail/bin/qmail-qu*
-r-s--x--x 1 drweb qmail 152436 May 23 19:43 /var/qmail/bin/qmail-queue
-r-s--x--x 1 drweb qmail 152436 May 23 17:09 /var/qmail/bin/qmail-queue.drweb
-r-s--x--x 1 qmailq qmail 15936 Mar 31 04:05 /var/qmail/bin/qmail-queue.origin
[root@ns log]#

[root@ns log]# pwd
/var/drweb/log
[root@ns log]# ls -l
total 784
-rw------- 1 drweb drweb 76263 May 25 17:09 drwebd.log
-rw------- 1 drweb drweb 6603 May 25 04:03 drwebd.log.1.gz
-rw------- 1 drweb drweb 9313 May 24 04:03 drwebd.log.2.gz
-rw------- 1 drweb drweb 34387 May 23 04:02 drwebd.log.3.gz
-rw------- 1 drweb drweb 7432 May 22 04:02 drwebd.log.4.gz
-rw------- 1 drweb drweb 4836 May 21 04:02 drwebd.log.5.gz
-rw------- 1 drweb drweb 19088 May 20 04:02 drwebd.log.6.gz
-rw------- 1 drweb drweb 6346 May 19 04:02 drwebd.log.7.gz
-rw-r--r-- 1 drweb drweb 305464 May 25 17:09 updater.log
-rw-r--r-- 1 drweb drweb 25713 May 25 04:03 updater.log.1.gz
-rw-r--r-- 1 drweb drweb 48400 May 24 04:03 updater.log.2.gz
-rw-r--r-- 1 drweb drweb 24656 May 22 04:02 updater.log.3.gz
-rw-r--r-- 1 drweb drweb 25170 May 21 04:02 updater.log.4.gz
-rw-r--r-- 1 drweb drweb 25695 May 20 04:02 updater.log.5.gz
-rw-r--r-- 1 drweb drweb 26364 May 19 04:02 updater.log.6.gz
-rw-r--r-- 1 drweb drweb 48116 May 18 02:30 updater.log.7.gz
[root@ns log]#


Here the problem:

*****************************************
/var/drweb/log/drwebd.log
Thu May 25 14:39:15 2006 Daemon is installed, active interfaces: 127.0.0.1:3000
Thu May 25 14:57:43 2006 127.0.0.1 [9804] Error reading from socket (Connection reset by peer)!
Thu May 25 15:09:03 2006 Daemon version: 4.33.0 <API:2.1>
Thu May 25 15:09:11 2006 Scanning child 9791 not responding. Terminate him!
Thu May 25 15:09:11 2006 SIGHUP received, reloading...
Thu May 25 15:09:11 2006 Dr.Web (R) daemon for Linux/Plesk Edition v4.33 (4.33.0.09211)
Thu May 25 15:09:11 2006 Copyright (c) Igor Daniloff, 1992-2005
Thu May 25 15:09:11 2006 Doctor Web, Ltd., Moscow, Russia
Thu May 25 15:09:11 2006 Support service: http://support.drweb.com
Thu May 25 15:09:11 2006 To purchase: http://buy.drweb.com
Thu May 25 15:09:11 2006
Thu May 25 15:09:11 2006 Daemon version: 4.33.0 <API:2.1>
Thu May 25 15:09:11 2006 Engine version: 4.33 <API:2.1>
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 656
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drw43336.vdb - Ok, virus records: 1297
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drw43335.vdb - Ok, virus records: 1195
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drw43334.vdb - Ok, virus records: 900
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drw43333.vdb - Ok, virus records: 1381
....... more ...
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drw43332.vdb - Ok, virus records: 1340
Thu May 25 15:09:11 2006 Loading /var/drweb/bases/drw43331.vdb - Ok, virus records: 2735
Thu May 25 15:09:13 2006 Loading /var/drweb/bases/drwrisky.vdb - Ok, virus records: 1271
Thu May 25 15:09:13 2006 Loading /var/drweb/bases/dwntoday.vdb - Ok, virus records: 614
Thu May 25 15:09:13 2006 Loading /var/drweb/bases/dwn43302.vdb - Ok, virus records: 850
Thu May 25 15:09:13 2006 Loading /var/drweb/bases/dwn43301.vdb - Ok, virus records: 773
Thu May 25 15:09:13 2006 Loading /var/drweb/bases/drwnasty.vdb - Ok, virus records: 4867
Thu May 25 15:09:13 2006 Total virus records: 123001
Thu May 25 15:09:13 2006 Key file: /opt/drweb/drweb32.key - Key file not found!
Thu May 25 15:09:13 2006 A path to a valid license key file does not specified.
Thu May 25 15:09:14 2006 Daemon is enabled for protecting 14 e-mail`s:
Thu May 25 15:09:14 2006 [email protected]
Thu May 25 15:09:14 2006 [email protected]
Thu May 25 15:09:14 2006 Daemon is installed, active interfaces: 127.0.0.1:3000
Thu May 25 15:22:50 2006 127.0.0.1 [13992] Error reading from socket (Connection reset by peer)!
Thu May 25 15:39:02 2006 Daemon version: 4.33.0 <API:2.1>
Thu May 25 15:47:54 2006 127.0.0.1 [13992] Error reading from socket (Connection reset by peer)!
Thu May 25 16:09:03 2006 Daemon version: 4.33.0 <API:2.1>
Thu May 25 16:13:00 2006 127.0.0.1 [13978] Error reading from socket (Connection reset by peer)!
Thu May 25 16:38:03 2006 127.0.0.1 [13992] Error reading from socket (Connection reset by peer)!
Thu May 25 16:39:03 2006 Daemon version: 4.33.0 <API:2.1>
Thu May 25 17:03:12 2006 127.0.0.1 [13978] Error reading from socket (Connection reset by peer)!

Do you have any idea about this problem? What does "Error reading from socket (Connection reset by peer)!" mean? How Can I resolved this trouble?

Thanks to all.

 

[infogalera]

I had exactly same trouble in my server.
DRWEB reinstalled and now NO message is scaned.

Versión: psa v8.0.0_build80060425.18 os_FedoraCore 1
OS: Linux 2.4.22-1.2199.nptl

drweb 4.33
drweb-qmail 4.33-fc1.build80060331.13


You are not alone

 

[DCNet_James]

It means it cannot connect to the local socket file which the daemon creates. Maybe a permissions problem? Either way if you look and realize, Plesk enables DrWeb to protect 15 total emails. 15 TOTAL, ie they want you to pay for the Anti-Virus upgrade. Do yourself a favor and install ClamAV and disable DrWeb. ART has a howto on this somewhere. ClamAV in my experience works much better anyhow. My setup I use external mail-gates that run SA, ClamAV via Simscan on Netqmail patched servers. Its cut down on the load on my plesk servers by tons. ART has a similar idea with his Project Gamera. ART also has a utility called YUM that I would become intimate with. See the article on Gamera here: http://www.atomicrocketturtle.com/Joomla/content/view/77/2/

or

His site: http://www.atomicrocketturtle.com/

Again unless you want to shell more and more money out to SW-Soft for a broken product, I would use some of your own imagination and use the forums a lot. Theres a great community of users/developers/admins here that really have come to know plesk better than SW-Soft. 99.9% of the time you can find your answer here by searching the forums. Again I would just disable DrWeb.

Now if you've paid for the full release of DrWeb for PSA, good luck.

 

[DCNet_James]

The socket is created at least on the FreeBSD release but I think its true of all DrWeb installs for PSA in /var/drweb/run/ as .daemon

Daemon is installed, active interfaces: /var/drweb/run/.daemon 127.0.0.1:3000

You should see something like that if its running right. Maybe the you have a socket file already in that directory that didn't clear out or a .pid file still there thats stuck because the process got stuck and failed at some point. If DrWeb is not running currently, and you see the following in /var/drweb/run/
.daemon
drwebd.pid

Clear those out and try starting it again.

You might also want to see if anything else is already running on tcp port 3000, Note I got this result when DrWeb was running, you should see nothing.

cartman# netstat -a | grep 3000
tcp4 0 0 localhost.3000 *.* LISTEN

Outside of that I had an issue once where the init script was starting drweb twice, but that was way back in 7.1 releases. So if its not running check and see just in case.

I would check to make sure DrWeb is being run as user drweb and all files folders in /var/drweb are owned by drweb:drweb and writeable to the owner.

I am no expert with PSA, I just know how to fix most of the post-install bugs for FreeBSD for my purposes. I say just install ClamAV You'll be much happier because its free and virus updates are free.

 

[crnunez]

Thanks a lot!

This is my history:
1º Open a ticket in this forum
2º I send a ticket to Swsoft about this trouble
3º I received the response, you should pay 75 $ per incident or 299 $ by support ...

4º I find the more stupid solution, when I active Dr.Web again for each mail box I should select "Inbound and outbound" after this Dr. Web WORK!, any bug over some ""registry"" of Plesk Database, I suppose ... But the deprecated solution is this.
*******************

You are right, 299 $ yearly is a highest cost for an antivirus, in the market we have several goods companies with license for end-life with a minimal cost for renewal the suscription yearly.

ClamAV, I don't know if appear any message for the mail-user when the antivirus detect any virus.

Thanks again.

P.D.: http://www.clamav.net/doc/0.88.2/html/node3.html
ClamAV only support 35.000 virus!

 

[DCNet_James]

There are other scanners out there that you can utilize, still Dr Web for PSA has a default license of only supporting up to 15 emails. ClamAV seems to be sufficient for me and lots of others Rumor has it I think PSA for Windows uses ClamAV instead of DrWeb.

Glad you found your problem.

 

[poke]

DR Web was a scam from the beginning. They are a russian based company that got "hooked" up by swsoft (russian too) and i would like to see DRWEB completely phased out as it is a complete piece of ****!!

If they don't remove DRWEB, I'd like to at least see a complete removal of the drweb icons that confuse clients and make them think they are not getting antivirus. 4PSA came out with a button removal script, but it doesn't remove all the icons, etc.