• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Dr.Web problem and server hung

J

JuanCar

Regular Pleskian
Server operating system version
Centos 7
Plesk version and microupdate number
Obsidian 18.0.48
Hello
I see that my mail log grows a lot in last two days. and I see lot of drweb related data (drwe to postmaster and so)
When I see process list I see a lot of process of sendmail from drweb and postmaster.
The overall CPU usage grows up to 99% and then the server fails: server hung.
When server is restarted, after one or two hours the problem appears again.
So my server is offline most of time.
Any idea?
 
The lines I see in ps are like these one, and there is a lot of them
qmailq 32726 0.0 0.0 72712 3664 ? S 18:30 0:00 bin/qmail-queue
qmailq 32727 0.0 0.0 14868 1236 ? S 18:57 0:00 /usr/local/psa/handlers/hooks/drweb none [email protected] [email protected]
qmailq 32731 0.0 0.0 14868 1244 ? S 18:30 0:00 /usr/local/psa/handlers/hooks/drweb none [email protected] [email protected]
qmailq 32738 0.0 0.0 14868 1240 ? S 18:30 0:00 /usr/local/psa/handlers/hooks/drweb none [email protected]
[email protected]
root 32739 0.0 0.0 72652 3148 ? S 18:30 0:00 /usr/sbin/sendmail -fDrWEB-DAEMON -- postmaster
qmailq 32740 0.0 0.0 14868 1236 ? S 18:57 0:00 /usr/local/psa/handlers/hooks/drweb none [email protected] [email protected]
qmaild 32745 0.0 0.0 72652 1216 ? S 18:57 0:00 /usr/sbin/sendmail -fDrWEB-DAEMON -- postmaster
qmaild 32746 0.0 0.0 4312 576 ? S 18:57 0:00 bin/qmail-inject -a -f DrWEB-DAEMON -- postmaster
qmailq 32747 0.0 0.0 72716 3668 ? S 18:57 0:00 bin/qmail-queue

In mail log appears a lot of line about sendmail mail from drweb to postmaster and the mail queue became full with these messages.
I'm desperate ... and my hosting technical support .... doesn't find any fix
 
It seems the problem is fixed after I uninstalled DrWeb (Prallels Premium Antivirus).
Now I'm looking around and I've found in /var/drweb/spool a lot of files with the content I write below :
I see two things that I cannot understand
1. it says that
A message with the following attributes was not delivered ...
But the message is from [email protected] to [email protected]
Why must be cheched if it goes from drweb to postmaster?
2. The filter fails to pass object to the DrWEB daemon

As result I've see a lot of activity from drweb, a high CPU load and a server hung
I've uninstalled DrWeb and the server is ok, cpu is ok ...

--Content of files in var/drweb/spool/
Date: 30 Sep 2023 12:31:18 +0200
Message-ID: <[email protected]>
From: "DrWeb-DAEMON" <[email protected]>
To: "System Administrator" <[email protected]>
Subject: The antivirus software failure
Content-Type: multipart/mixed;
boundary="001-DrWeb-MailFilter-Notification"
MIME-Version: 1.0
Precedence: junk
X-Antivirus-Ticket: DrWeb notification.
X-PPP-Message-ID:
<[email protected]>
X-PPP-Vhost: localhost.localdomain

--001-DrWeb-MailFilter-Notification
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

Dear Postmaster,

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus.

Sender = [email protected]
Recipients = [email protected]
Subject = The antivirus software failure
Message-ID = <[email protected]>

--- Antivirus report ---
Detailed report:
The filter fails to pass object to the DrWEB daemon

--- Antivirus report ---

The original message was stored in archive record named:
file was not created

--001-DrWeb-MailFilter-Notification
Content-Type: text/rfc822-headers
Content-Transfer-Encoding: 7bit

Date: 30 Sep 2023 12:29:17 +0200
Message-ID: <[email protected]>
From: "DrWeb-DAEMON" <[email protected]>
To: "System Administrator" <[email protected]>
Subject: The antivirus software failure
Content-Type: multipart/mixed;
boundary="001-DrWeb-MailFilter-Notification"
MIME-Version: 1.0
Precedence: junk
X-Antivirus-Ticket: DrWeb notification.
X-PPP-Message-ID:
<[email protected]>
X-PPP-Vhost: localhost.localdomain


--001-DrWeb-MailFilter-Notification--
 
You must log in or register to reply here.

Similar threads

A
Question Why update is very very very so long
Replies
3
Views
360
mow
M
S
Issue Problems with sw-engine
Replies
3
Views
241
alvarezcruz
alvarezcruz
Azurel
Issue Problems with Mailserver?
Replies
4
Views
709
Azurel
Azurel
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
370
QWeb Ric
QWeb Ric
T
Issue ERROR: Dr.Web Updater: Nothing to update !
Replies
6
Views
2K
TimRear
T
Back
Top