Dr Web sending lot of emails

[AdelM]

Any Help would much appreciated.

Best regards

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

OS Linux 2.6.18-028stab070.7
Panel version 10.4.4 Update #6

PROBLEM DESCRIPTION AND STEPS TO REPRODUCE

Since this morning Dr Web is sending a lot of email ~5 emails/second
Stopped Dr Web, no result. Restarted server, no result.

ACTUAL RESULT

Actually ~ 60000 email in mailbox

EXPECTED RESULT

ANY ADDITIONAL INFORMATION

Below email sent :

Dear Postmaster,

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus.

Sender = #@[]
Recipients = admin(at)mydomain.com (modified)
Subject = failure notice
Message-ID = [unknown-id]

--- Antivirus report ---
Detailed report:
127.0.0.1 [12185] drweb.tmp.er16ch - archive MAIL
127.0.0.1 [12185] drweb.tmp.er16ch/ - archive MAIL
127.0.0.1 [12185] >drweb.tmp.er16ch//1.part - Ok
127.0.0.1 [12185] >drweb.tmp.er16ch// - read error!

--- Antivirus report ---

The original message was stored in archive record named:
drweb.quarantine.mceRC1

An other variant of email

Dear Postmaster,

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus.

Sender = #@[]
Recipients = [email protected] (modified)
Subject = failure notice
Message-ID = [unknown-id]

--- Antivirus report ---
Detailed report:
127.0.0.1 [13980] drweb.tmp.kphVN7 - archive MAIL
127.0.0.1 [13980] drweb.tmp.kphVN7/ - archive MAIL
127.0.0.1 [13980] >drweb.tmp.kphVN7//1.part - Ok
127.0.0.1 [13980] >drweb.tmp.kphVN7// - read error!

--- Antivirus report ---

The original message was stored in archive record named:
drweb.quarantine.W27fcB

 

[AdelM]

It's not sending anymore messages.
I noticed that the used disk space increased for about 1.5 Gb.
5603 quarantine files in /var/drweb/infected
Is it possible to delete all these files ?

 

[AhmadMK]

Got the same problem

Dear,

I got the same problem , i have infected folder files around 190982 files. i dont know what to do ,
i think plsk support must be available 24/7 for us to solve the problems, since these issues are sensitve for
clients thier emails stopped also they depends on this issue alot.

sorry but am trying to figure out whats going on, here is my problem the same as you but the file
do not created.

**************************************************************************
Dear Postmaster,

the message with following attributes has not been delivered,
because contains an object which cannot be checked by antivirus.

Sender = [email protected]
Recipients = [email protected]
Subject = =?utf-8?B?UmU6INin2YjYttit?=
Message-ID = <[email protected]>

--- Dr.Web report ---
Dr.Web detailed report:
127.0.0.1 [20944] drweb.tmp.fm0Hkj - archive MAIL
127.0.0.1 [20944] drweb.tmp.fm0Hkj/[textlain] - archive MAIL
127.0.0.1 [20944] >drweb.tmp.fm0Hkj/[textlain]/1.part - Ok
127.0.0.1 [20944] >drweb.tmp.fm0Hkj/[textlain]/ - read error!
127.0.0.1 [20944] drweb.tmp.fm0Hkj/[text:html] - archive JS-HTML
127.0.0.1 [20944] drweb.tmp.fm0Hkj/[text:html] - Ok
127.0.0.1 [20944] drweb.tmp.fm0Hkj/=?utf-8?B?2KfZhNit2KfYrCDZhdit2YXYryDYudio2K8g2KfZhNmE2LfZitmBINio2YY=?= =?utf-8?B?2YrYqSDYp9mE2YXYrdiq2LHZhS5kb2N4?= - archive ZIP
127.0.0.1 [20944] >drweb.tmp.fm0Hkj/=?utf-8?B?2KfZhNit2KfYrCDZhdit2YXYryDYudio2K8g2KfZhNmE2LfZitmBINio2YY=?= =?utf-8?B?2YrYqSDYp9mE2YXYrdiq2LHZhS5kb2N4?=/[Content_Types].xml - Ok
127.0.0.1 [20944] >drweb.tmp.fm0Hkj/=?utf-8?B?2KfZhNit2KfYrCDZhdit2YXYryDYudio2K8g2KfZhNmE2LfZitmBINio2YY=?= =?utf-8?B?2YrYqSDYp9mE2YXYrdiq2LHZhS5kb2N4?=/ - read error!--- Dr.Web report ---

The original message was stored in archive record named:
file was not created
************************************************************************

Any Help would much appreciated.

Best regards

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

OS Linux 2.6.18-028stab070.7
Panel version 10.4.4 Update #6

PROBLEM DESCRIPTION AND STEPS TO REPRODUCE

Since this morning Dr Web is sending a lot of email ~5 emails/second
Stopped Dr Web, no result. Restarted server, no result.

ACTUAL RESULT

Actually ~ 60000 email in mailbox

EXPECTED RESULT

ANY ADDITIONAL INFORMATION

Below email sent :

Dear Postmaster,

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus.

Sender = #@[]
Recipients = admin(at)mydomain.com (modified)
Subject = failure notice
Message-ID = [unknown-id]

--- Antivirus report ---
Detailed report:
127.0.0.1 [12185] drweb.tmp.er16ch - archive MAIL
127.0.0.1 [12185] drweb.tmp.er16ch/ - archive MAIL
127.0.0.1 [12185] >drweb.tmp.er16ch//1.part - Ok
127.0.0.1 [12185] >drweb.tmp.er16ch// - read error!

--- Antivirus report ---

The original message was stored in archive record named:
drweb.quarantine.mceRC1

An other variant of email

Dear Postmaster,

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus.

Sender = #@[]
Recipients = [email protected] (modified)
Subject = failure notice
Message-ID = [unknown-id]

--- Antivirus report ---
Detailed report:
127.0.0.1 [13980] drweb.tmp.kphVN7 - archive MAIL
127.0.0.1 [13980] drweb.tmp.kphVN7/ - archive MAIL
127.0.0.1 [13980] >drweb.tmp.kphVN7//1.part - Ok
127.0.0.1 [13980] >drweb.tmp.kphVN7// - read error!

--- Antivirus report ---

The original message was stored in archive record named:
drweb.quarantine.W27fcB

 

[Christian_S]

same error here

We get the same error.

Plesk version: 9.5.4 (fully updated)
Linux 2.6.24-19-server
Ubuntu 8.04 LTS

---------------------------------
Sample:

Dear User,

the message with following attributes has not been delivered,
because contains an object which cannot be checked by antivirus filter.
Relaying such messages is blocked by administrator.

...
Dr.Web detailed report:
127.0.0.1 [20833] drweb.tmp.3mJzwX - archive MAIL
127.0.0.1 [20833] drweb.tmp.3mJzwX/[textlain] - Ok
127.0.0.1 [20833] drweb.tmp.3mJzwX/[text:html] - Ok
127.0.0.1 [20833] drweb.tmp.3mJzwX/cookie_ikon.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/cookie_ikon.zip/privatlivspolitik_ikon/_WINDOWS/iconbig.eps - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/cookie_ikon.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/ikoner_online_liste.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/ikoner_online_liste.zip/ikoner_online_liste/4.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/ikoner_online_liste.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/m_k_ikoner.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/m_k_ikoner.zip/m_k_ikoner/f.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/m_k_ikoner.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/bladre-ikoner.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/bladre-ikoner.zip/bladre-ikoner/i_back.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/bladre-ikoner.zip/ - read error!

 

[AhmadMK]

Dear,

I think this error was mentioned after the fully update, i usually do not update plsk once we have update issue
i took around a month or 2 to make the update, because i learned from plsk that everytime there is an update
we got error . i do not know why.

Actually i updated my server recently before 2 weeks , and now i got this error. that suddenly come up
without any reason.

I hope they solve this issue ASAP because PLSK support took days to get such things to be resolved.

see the red one where the problem started. i really dont know what exactly going on.

*****************************My ERROR***************************************
Dear Postmaster,

the message with following attributes has not been delivered,
because contains an object which cannot be checked by antivirus.

Sender = [email protected]
Recipients = [email protected]
Subject = =?utf-8?B?Rnc6ICDYrtmB2Kkg2KfZhNiv2YUg2KjYudivINmG2KrYp9im2Kwg2KfZhNil?=
Message-ID = <[email protected]> --> there already.
--- Dr.Web report ---
Dr.Web detailed report:
127.0.0.1 [7066] drweb.tmp.LhxH63 - archive MAIL
127.0.0.1 [7066] drweb.tmp.LhxH63/[textlain] - archive MAIL
127.0.0.1 [7066] >drweb.tmp.LhxH63/[textlain]/1.part - Ok
127.0.0.1 [7066] >drweb.tmp.LhxH63/[textlain]/ - read error! ---> THE PROBLEM !!!127.0.0.1 [7066] drweb.tmp.LhxH63/[text:html] - Ok

--- Dr.Web report ---

The original message was stored in archive record named:
file was not created

***********************************************************************

We get the same error.

Plesk version: 9.5.4 (fully updated)
Linux 2.6.24-19-server
Ubuntu 8.04 LTS

---------------------------------
Sample:

Dear User,

the message with following attributes has not been delivered,
because contains an object which cannot be checked by antivirus filter.
Relaying such messages is blocked by administrator.

...
Dr.Web detailed report:
127.0.0.1 [20833] drweb.tmp.3mJzwX - archive MAIL
127.0.0.1 [20833] drweb.tmp.3mJzwX/[textlain] - Ok
127.0.0.1 [20833] drweb.tmp.3mJzwX/[text:html] - Ok
127.0.0.1 [20833] drweb.tmp.3mJzwX/cookie_ikon.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/cookie_ikon.zip/privatlivspolitik_ikon/_WINDOWS/iconbig.eps - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/cookie_ikon.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/ikoner_online_liste.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/ikoner_online_liste.zip/ikoner_online_liste/4.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/ikoner_online_liste.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/m_k_ikoner.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/m_k_ikoner.zip/m_k_ikoner/f.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/m_k_ikoner.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/bladre-ikoner.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/bladre-ikoner.zip/bladre-ikoner/i_back.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/bladre-ikoner.zip/ - read error!

 

[AhmadMK]

file error_log could help here

Also In the error_log file you can find such a thing, which the error in the php file on plesk also
some issues

*********************************************************
011-12-16 16:12:15: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: total in /usr/local/psa/admin/plib/MailQueue.php on line 953
PHP Notice: Undefined index: found in /usr/local/psa/admin/plib/MailQueue.php on line 954
PHP Notice: Undefined index: todo in /usr/local/psa/admin/plib/MailQueue.php on line 731
PHP Notice: Undefined index: local in /usr/local/psa/admin/plib/MailQueue.php on line 731
PHP Notice: Undefined index: remote in /usr/local/psa/admin/plib/MailQueue.php on line 731
PHP Notice: Undefined index: total in /usr/local/psa/admin/plib/MailQueue.php on line 731

Use of uninitialized value in subtraction (-) at
/usr/local/psa/admin/sbin/mailqueuemng line 277 (#1)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.


2011-12-17 16:17:13: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107
PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107

Use of uninitialized value in subtraction (-) at
/usr/local/psa/admin/sbin/mailqueuemng line 300 (#1)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.


2011-12-17 19:39:00: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: timestamp in /usr/local/psa/admin/plib/MailQueue.php on line 951
PHP Notice: Undefined index: timestamp in /usr/local/psa/admin/plib/MailQueue.php on line 951
PHP Notice: Undefined index: total in /usr/local/psa/admin/plib/MailQueue.php on line 953
PHP Notice: Undefined index: found in /usr/local/psa/admin/plib/MailQueue.php on line 954
PHP Notice: Undefined index: todo in /usr/local/psa/admin/plib/MailQueue.php on line 731
PHP Notice: Undefined index: local in /usr/local/psa/admin/plib/MailQueue.php on line 731
PHP Notice: Undefined index: remote in /usr/local/psa/admin/plib/MailQueue.php on line 731
PHP Notice: Undefined index: total in /usr/local/psa/admin/plib/MailQueue.php on line 731

2011-12-17 19:40:23: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107

2011-12-17 19:41:20: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107

2011-12-17 19:42:05: (connections.c.299) SSL: 1 error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
2011-12-17 19:42:05: (connections.c.299) SSL: 1 error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
2011-12-17 20:54:36: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: recipients in /usr/local/psa/admin/plib/MailQueue.php on line 1107

2011-12-17 22:07:22: (connections.c.299) SSL: 1 error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
2011-12-17 22:07:22: (connections.c.299) SSL: 1 error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
2011-12-17 22:08:24: (log.c.135) server stopped
2011-12-17 22:08:25: (log.c.75) server started
2011-12-17 22:08:25: (mod_fastcgi.c.1337) Dynamic spawning with max_procs > 1 is not supported; setting min_procs = max_procs
2011-12-17 22:08:25: (mod_fastcgi.c.1337) Dynamic spawning with max_procs > 1 is not supported; setting min_procs = max_procs
2011-12-17 22:08:30: (log.c.135) server stopped
2011-12-17 22:08:43: (log.c.75) server started
2011-12-17 22:08:43: (mod_fastcgi.c.1337) Dynamic spawning with max_procs > 1 is not supported; setting min_procs = max_procs
2011-12-17 22:08:43: (mod_fastcgi.c.1337) Dynamic spawning with max_procs > 1 is not supported; setting min_procs = max_procs
File downloading products.inf3: 100% was finished.
File downloading plesk.inf3: 10%..20%..30%..40%..50%..60%..70%..80%..90%..100% was finished.
File downloading ppsmbe.inf3: 18%..28%..39%..49%..59%..70%..80%..90%..100% was finished.
File downloading sitebuilder.inf3: 10%..22%..35%..48%..61%..74%..87%..100% was finished.
File downloading sso.inf3: 10%..24%..37%..51%..64%..78%..91%..100% was finished.
File downloading setemplates.inf3: 19%..44%..69%..94%..100% was finished.
File downloading pp-sitebuilder.inf3: 12%..26%..33%..41%..55%..62%..76%..83%..90%..100% was finished.
File downloading billing.inf3: 10%..21%..33%..44%..50%..62%..73%..85%..91%..100% was finished.
Checking for installed packages...
File downloading PSA_9.5.4/plesk-9.5.4-fc4-i386.inf3: 10%..20%..30%..40%..50%..60%..70%..80%..90%..100% was finished.
File downloading PSA_9.5.4/plesk-patches-9.5.4-fc4-i386.inf3: 12%..28%..44%..59%..75%..91%..100% was finished.
Detecting installed product components.
File downloading products.inf3: 100% was finished.
File downloading plesk.inf3: 10%..20%..30%..40%..50%..60%..70%..80%..90%..100% was finished.
File downloading ppsmbe.inf3: 18%..28%..39%..49%..59%..70%..80%..90%..100% was finished.
File downloading sitebuilder.inf3: 10%..22%..35%..48%..61%..74%..87%..100% was finished.
File downloading sso.inf3: 10%..24%..37%..51%..64%..78%..91%..100% was finished.
File downloading setemplates.inf3: 19%..44%..69%..94%..100% was finished.
File downloading pp-sitebuilder.inf3: 12%..26%..33%..41%..55%..62%..76%..83%..90%..100% was finished.
File downloading billing.inf3: 10%..21%..33%..44%..50%..62%..73%..85%..91%..100% was finished.
Checking for installed packages...
File downloading PSA_9.5.4/plesk-9.5.4-fc4-i386.inf3: 10%..20%..30%..40%..50%..60%..70%..80%..90%..100% was finished.
File downloading PSA_9.5.4/plesk-patches-9.5.4-fc4-i386.inf3: 12%..28%..44%..59%..75%..91%..100% was finished.
Detecting installed product components.
Use of uninitialized value in pattern match (m//) at
/usr/local/psa/admin/sbin/mailqueuemng line 380 (#1)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.

To help you figure out what was undefined, perl tells you what operation
you used the undefined value in. Note, however, that perl optimizes your
program and the operation displayed in the warning may not necessarily
appear literally in your program. For example, "that $foo" is
usually optimized into "that " . $foo, and the warning will refer to
the concatenation (.) operator, even though there is no . in your
program.

2011-12-17 22:45:14: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: date in /usr/local/psa/admin/plib/MailQueue.php on line 949

 

[AhmadMK]

Got the Solution

Dear ,

here the temp solution to continue sending emails via MTA without any incorupt.

*************************
/etc/drweb/drweb_handler.conf and configure the following options:

ScanningErrors = pass
ProcessingErrors = pass

Restart drweb via

#root: /etc/init.d/drwebd restart

Permanent solution will be provided as available in scope of Parallels Plesk Panel maintenance updates.

*************************

We get the same error.

Plesk version: 9.5.4 (fully updated)
Linux 2.6.24-19-server
Ubuntu 8.04 LTS

---------------------------------
Sample:

Dear User,

the message with following attributes has not been delivered,
because contains an object which cannot be checked by antivirus filter.
Relaying such messages is blocked by administrator.

...
Dr.Web detailed report:
127.0.0.1 [20833] drweb.tmp.3mJzwX - archive MAIL
127.0.0.1 [20833] drweb.tmp.3mJzwX/[textlain] - Ok
127.0.0.1 [20833] drweb.tmp.3mJzwX/[text:html] - Ok
127.0.0.1 [20833] drweb.tmp.3mJzwX/cookie_ikon.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/cookie_ikon.zip/privatlivspolitik_ikon/_WINDOWS/iconbig.eps - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/cookie_ikon.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/ikoner_online_liste.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/ikoner_online_liste.zip/ikoner_online_liste/4.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/ikoner_online_liste.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/m_k_ikoner.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/m_k_ikoner.zip/m_k_ikoner/f.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/m_k_ikoner.zip/ - read error!
127.0.0.1 [20833] drweb.tmp.3mJzwX/bladre-ikoner.zip - archive ZIP
127.0.0.1 [20833] >drweb.tmp.3mJzwX/bladre-ikoner.zip/bladre-ikoner/i_back.gif - Ok
127.0.0.1 [20833] >drweb.tmp.3mJzwX/bladre-ikoner.zip/ - read error!

 

[nethubonline]

I have the exact same problem but changing "ScanningErrors" and "ProcessingErrors" to "pass" in "/etc/drweb/drweb_qmail.conf" does not fix the problem, it keeps stopping delivery and report error to admin.

My Plesk version is 8.6
OS: RHEL 5.5 / 5.0
Kernel: 2.6.18-274.el5

The problem starts since 05:00, I did not update Plesk during these days, will it affected by last update of drweb? As I set to update plesk every hour "0 * * * * drweb /opt/drweb/update.pl > /dev/null 2>&1"

Can anyone help to provide any temp solution?

Dear ,

here the temp solution to continue sending emails via MTA without any incorupt.

*************************
/etc/drweb/drweb_handler.conf and configure the following options:

ScanningErrors = pass
ProcessingErrors = pass

Restart drweb via

#root: /etc/init.d/drwebd restart

Permanent solution will be provided as available in scope of Parallels Plesk Panel maintenance updates.

*************************

 

[nethubonline]

Sorry, below solution can fix the problem temporarily, as I, as administrator, keep receiving the error report from drweb, so that I wrongly thought the problem cannot be fixed.

I confirmed that email can deliver to recipient after applying below configuration although I keep receiving error report. Hope Parallels can fix this problem ASAP as it seems the problem occurs since 10 hours ago and affects Plesk 8 , 9 , 10 ...

Dear ,

here the temp solution to continue sending emails via MTA without any incorupt.

*************************
/etc/drweb/drweb_handler.conf and configure the following options:

ScanningErrors = pass
ProcessingErrors = pass

Restart drweb via

#root: /etc/init.d/drwebd restart

Permanent solution will be provided as available in scope of Parallels Plesk Panel maintenance updates.

*************************

 

[AhmadMK]

Dear,

The Solution Below will keep sending emails that drweb has failure, but its normal he pass the emails
sending & recieveing normally.

It just let you know by email that drweb got error reading text/plain file , it become as notifications.
i think plsk system develpoer must consider alot of issues before doing any updates. also they must test
the product before any updates.

however hope they resolve the problem soon.

Sorry, below solution can fix the problem temporarily, as I, as administrator, keep receiving the error report from drweb, so that I wrongly thought the problem cannot be fixed.

I confirmed that email can deliver to recipient after applying below configuration although I keep receiving error report. Hope Parallels can fix this problem ASAP as it seems the problem occurs since 10 hours ago and affects Plesk 8 , 9 , 10 ...

 

[GOL]

For reference....

http://kb.parallels.com/en/113018

Rob

 

[GOL]

TO: Igor / Parallels

How do you release messages from the quarantine?

How long before you provided a permanent solution?

Rob

 

[Carl Swart]

Shocked

<rant>
Once again Parallels have succeed in doing our business harm with an untested update to Dr.Web this time.
</rant>

Anyhow, here is our solution:

1. chown root:root -R /opt/drweb/lib
2. Copy the old version of drweb32.dll from backup back to /opt/drweb/lib

The drweb32.dll prior to 15 December 2011, has a MD5 sum of: 214c4e38db96e5cafa2720f7b46b3a85 and it is dated 18 February 2011.

Changing the /opt/drweb/lib directory to be owned by root:root, breaks the updater.pl's ability to download and install the new drweb32.dll. You will receive many email notices about this problem.

Offcourse, the above solution is almost as bad as the KB article provided by Parallels, since you are rolling back a version of the dr.web anti-virus engine. I can not say what other functionality will be broken or lost BUT I can say that your clients will stop getting email errors and failed email deliveries, something that the KB article does not do.

I also want to point out that in our tests, the problem is NOT limited to emails with archive attachments and the KB workarounds did NOT work for us.

I would have expected a VERY swift response and PERMANENT fix from Parallels, however it would appear that they do not see this problem in the same light as we do.

<rant>
I appreciate the effort that Parallels has put into updating the "Parallels Premium Antivirus" (aka Dr.Web) engine, I just wish:
1. They tested it properly before releasing it,
AND
2. It was not done over the festive season while we are operating on a skeleton staff.

Then again, we are merely the paying client, why would our concerns be of any interest to Parallels.
</rant>

 

[IgorG]

Initially it was problem in DrWeb but it doesn't matter because we provide DrWeb feature and it will provide fix together in MU#8 which will be released today.

 

[Carl Swart]

Hi IgorG,

I am not quite clear as to what you are trying to tell us about the problem. It would be fantastic if you could give us a good breakdown of the problem.

I am however VERY happy to hear that you will be releasing a permanent fix for the problem today. I just hope the fix will be available for Plesk, 8, 9 and 10 versions and will not be limited to a single version.

--
-Carl

PS: The one thing that I do appreciate these days is that IgorG is on the forums and at least tries to give feedback relating to problems. Thank you for this.

 

[IgorG]

Carl, thank you for your kind words
I meant problem described in http://kb.parallels.com/en/113018

 

[Carl Swart]

IgorG,

As per my initial post, I repeat: "I also want to point out that in our tests, the problem is NOT limited to emails with archive attachments and the KB workarounds did NOT work for us."

-Carl

 

[internezzo]

Same here, workaround does NOT work!
Please provide a workaround or permanent solution *fast*!

 

[AdelM]

Hi Igor

Thanks for your reply.

How to deal with the more than 150000 redundant quarantined files in /var/drweb/infected
, What is the fastest way to remove them all.


Best

 

[GOL]

Neither of the 'resolutions' actually fixes the problems, the 2nd doesn't work at all but in my experience if you do:

-------------------------------------------------------------
/etc/drweb/drweb_handler.conf and configure the following options:

ScanningErrors = pass
ProcessingErrors = pass
-------------------------------------------------------------

It will scan all messages, but the one's where it gets the read error it will actually deliver the message to the recipient (possibly with a virus in because it hasn't actually scanned it) instead of quarantining it but you get an error notification anyway just to say that it has failed to scan the message.

You can disable the notifications in the same file:

-------------------------------------------------------------
[ErrorNotifications]
SenderNotify = no
AdminNotify = yes <---------- change to no
RcptsNotify = no
-------------------------------------------------------------


@AdelM - I cleaned that directory out using the following command:

find /var/drweb/infected/* -mtime +14 -exec rm -f {} \;

...that will remove any file older than 14 days, you can change that number to your preference or use 'mv' instead of 'rm' - all the usual disclaimers apply!

The problem with deleting those files is that whilst this issue has been in effect the quarantined messages could have been valid messages that should have been delivered to your users! :-(


@Igor - How do you unquarantine a message so that it is delivered?

Rob