drweb and hundreds automatic mails

[anthony vasileioy]

since I upgrade to Plesk 9.2.3 I have a really annoying situation.
Drweb sends mails for its updates to [email protected] (non-existent mail) almost every hour.
All of them return. Imagine what happens to my mailbox.
How can I stop this antivirus send me mails ???

 

[Nataliya Zagr]

Hello Anthony,

It is possible to disable notifications from DrWeb. In order to do so, several corrections should be made in the Parallels Plesk Panel (PP) database:

1.Connect to the database

2. Make sure that the record regarding antivirus notifications exists in psa.misc table. It can be verified using the following SQL query:

> select val from misc where param = 'AntivirusNotifyAdmin';

The query should return one of the values below:

0 - notifications are disabled;
1 - notifications are enabled;

Notification can be enabled or disabled by switching the parameter using one of the queries below:

To disable notifications
> update misc set val='0' where param = 'AntivirusNotifyAdmin';

To enable notifications
> update misc set val='1' where param = 'AntivirusNotifyAdmin';

Non-existent record can be inserted using the query:
> insert into misc values ('AntivirusNotifyAdmin','0');

Please, check the following article for more information:

http://kb.odin.com/en/970

Thank you

 

[trialotto]

Alternative solution?

Hello Anthony,

It is possible to disable notifications from DrWeb. In order to do so, several corrections should be made in the Parallels Plesk Panel (PP) database:

1.Connect to the database

2. Make sure that the record regarding antivirus notifications exists in psa.misc table. It can be verified using the following SQL query:

> select val from misc where param = 'AntivirusNotifyAdmin';

The query should return one of the values below:

0 - notifications are disabled;
1 - notifications are enabled;

Notification can be enabled or disabled by switching the parameter using one of the queries below:

To disable notifications
> update misc set val='0' where param = 'AntivirusNotifyAdmin';

To enable notifications
> update misc set val='1' where param = 'AntivirusNotifyAdmin';

Non-existent record can be inserted using the query:
> insert into misc values ('AntivirusNotifyAdmin','0');

Please, check the following article for more information:

http://kb.odin.com/en/970

Thank you

With some surprise I am reading the above. Nice to know that we can alter the database, but it seems to me that exactly the same settings can be changed in drweb configuration files.

Maybe I am mistaken, but is changing the part:

#########################
# Notifications section #
#########################
[VirusNotifications]
# Enable or disable sending notifications to persons (yes/no)
SenderNotify = yes
AdminNotify = yes
RcptsNotify = yes

....

in the file drweb_handler.conf not exactly the same as changing the database entries?

Please explain Parallels and explain why you choose to inform us to change the database!

 

[anthony vasileioy]

Natalia,
I made this INSERT in MISC table (value=0) but even with this way Drweb keep sending emails.
I removed completely Drweb and it is done

 

[anthony vasileioy]

Please click one of the Quick Reply icons in the posts above to activate Quick Reply.

 

[anthony vasileioy]

It is not possible !!!!!!
1) I stop drweb update crons, still got drweb mails
2) I stop drweb services, still got drweb mails
3) I removed drweb!!!!, still got drweb mails
4) I removed every remained drweb directory with any kind of ini, pl, and everything has to do with this drweb thing
Still send mails every hour now !!!
5) Did what Natalyia said, still got drweb mails every HALF hour now !!! WHAT is this???
.. at last I found a /etc/cron.d/drweb-update that has:

*/30 * * * * drweb /opt/drweb/update.pl

I deleted file and.. wait to see.
There are 2 options:
a) Mails are going to stop
b) Mails are going to continue but.. every minute !!! hehehehe

Conclusion: DrWeb Antivirus is .. a Virus

 

[internezzo]

Hi

We made the database change and deactivated almost all notifications in:
/etc/drweb/drweb_handler.conf

but the mails persist. Is there really no solution from Parallels?

Best regards
Marcel

 

[IgorG]

http://kb.odin.com/en/7023

 

[internezzo]

Hi Igor

The workaround with "CronSummary = No" seems to work. Thanks!

Best regards
Marcel

 

[WebW]

Did the CronSummary workaround - now I have more problems

Hi,

I was having this same problem, found the CronSummary = No workaround, did that, and it worked great...for a about a week. Now I get a new message, still from Dr. Web, and I get about 15 of these a day.

Hi. This is the qmail-send program at ip-97-74-195-167.ip.secureserver.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 9322 invoked by uid 100); 15 Sep 2010 16:30:05 -0500
Date: 15 Sep 2010 16:30:05 -0500
Message-ID: <[email protected]>
From: [email protected] (Cron Daemon)
To: [email protected]
Subject: Cron <drweb@ip-97-74-195-167> /opt/drweb/update.pl
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/drweb>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=drweb>
X-Cron-Env: <USER=drweb>

ERROR: Dr.Web (R) Updater: cannot send HUP signal to daemon (pid=25432, error=No such process) !
See Dr.Web (R) Updater log file for details.

I still want to receive errors from email addresses that don't work, I have some of those come through, and they are very helpful in diagnosing problems with some of our contact forms, so I don't want to just shut off all notifications.

Is there anything I can do to fix this??

Thank you,

Steve

 

[trialotto]

Solution to try....

In essence, the discussion about drweb being a pain in the *** is somewhat inapropriate.

DrWeb does what is told to, messaging everyday about (cron-based) updates.

Solution in general (all involving a change of the drweb32.ini file):
- update messages will not be sent: CronSummary = no
- update messages will be sent, reducing the interval: in earlier sections, change the notifications sections to weekly or another interval (instead of everyday).

(Naturally, restart drwebd if changing drweb32.ini !!!!)

However, what most people think of as disturbing, is NOT the notification by drweb updater. They ARE bothered by failures in their mail server, being (mostly) non-existing receiver address [email protected]

A better solution is to keep drweb32ini unchanged and add a [email protected] address to your mail server (and clean up regularly). No problems then, at all.

So, it is not drweb that is the problem. It is the installation of drweb in the qmail system.

In my opinion, keep all information that is required and create the additional mailbox.

As a final note, in linux (suse) systems, the updates are also logged in var/log directory, in one or more files. So, my advice is just an advice to prevent all those failure messages from the mail-daemon.

 

[WebW]

Thanks for that response trialotto, that makes sense. However, the Plesk in question hosts many different websites and many different emails, and from the error message, it looks like drweb is sending to <[email protected]> -- where would I create this "catchall" email account? Can it be on any of the accounts within the server? And it's just [email protected]?

Thanks again!

 

[Smithy_Dave]

If the workaround with "CronSummary = No" doesn't appear to work check your email mail queue...

It can store upto 7 days of drweb emails making it look like the cronsummary edit hasn't worked.

Thank you to the poster who first mentioned the cronsummary drove us mad for months - delete delete arrrgh!

 

[trialotto]

@Smithy_Dave,

The solution regarding " cronsummary " is one of the things Parallels suggests.

As mentioned in my earlier posts, it is not a solution to the cause of drweb mail inconvenience.

You can do several things, but just creating the [email protected] mail account is most convenient.

And furthermore, do not forget to restart drweb daemon if you use the "cronsummary" approach.

Kind regards....

 

[Smithy_Dave]

We did already restart the drweb daemon, but thanks all the same. It always tends to be the small things you forget when making changes.

 

[trialotto]

@Smithy_Dave,

That also happens often at Parallels, since the drweb issue is a persistent issue, not resolved in various updates.

Kind regards....

 

[ShankB]

If you don't want to get emails about fails of updater, just comment in subroutine 'Log' following line:
print "ERROR: Dr.Web ® Updater: cell phone tracking $msg !\n" if 'error' eq $level

 

[betteres]

If you don't want to get emails about fails of updater, just comment in subroutine 'Log' following line:
print "ERROR: Dr.Web ® Updater: $msg !\n" if 'error' eq $level

where is that file located please?