1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

DRWeb issues

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by IsaacT, Jun 24, 2012.

  1. IsaacT

    IsaacT Basic Pleskian

    17
    85%
    Joined:
    Apr 13, 2010
    Messages:
    29
    Likes Received:
    0
    Today I have been having some big problems with DrWeb. I have plesk 10.4.4 running on CentOs. And I just let plesk run its updates whenever it finds them. Which seems to be about once every week or two. DrWeb also just does its thing to get its updates.

    Everything has been running fine since late January when I had some major issues with DrWeb. However now it seems that the email issues are back.

    Whats happening is it seems that all emails sent to any email addresses on the server get blocked. And for each email that gets blocked I (as the server admin) get multiple emails.

    First I get a "Antivirus software failure" email. That shows the sender and recipient. With the antivirus report of "The filter fails to pass object to the DrWEB daemon".

    I then get a second email thats identical to the first, only this one has a sender of drweb-daemon@mydomain, and the recipient is the sender of the original email.

    Lastly I get a "Failure Notice" email that is from MAILER-DARMON@ to postmaster@ saying that there is mailbox for drweb-daemon.

    So one issue is why does drweb block all these. Looking for information on "The filter fails to pass objects to the DrWEB daemon" doesn't really result in anything that seems to help. And secondly is there any way to tell dr-web to not use fack email addresses like drweb-daemon@?

    Thanks
     
  2. IsaacT

    IsaacT Basic Pleskian

    17
    85%
    Joined:
    Apr 13, 2010
    Messages:
    29
    Likes Received:
    0
    also If I look at my messages log file I see lines like this:

    Jun 24 19:11:26 vps-1009762-560 drwebd.real: Total virus records: 3440539
    Jun 24 19:11:26 vps-1009762-560 drwebd.real: Key file: /opt/drweb/drweb32.key - Key file was not found! (No such file or directory)
    Jun 24 19:11:26 vps-1009762-560 drwebd.real: A path to a valid license key file was not specified.
    Jun 24 19:11:58 vps-1009762-560 drwebd.real: Daemon is enabled for protecting 14 e-mail`s:

    14 lines for the email addresses protected

    Jun 24 19:11:58 vps-1009762-560 drwebd.real: Daemon is installed, active interfaces: /var/drweb/run/.daemon 127.0.0.1:3000
    Jun 24 19:12:04 vps-1009762-560 xinetd[24511]: START: smtps pid=19509 from=24.145.6.167
    Jun 24 19:12:13 vps-1009762-560 drwebd.real: 127.0.0.1 [19546] /var/drweb/spool/drweb.tmp.NqZwGa - archive MAIL
    Jun 24 19:12:46 vps-1009762-560 drwebd.real: 127.0.0.1 [19546] /var/drweb/spool/drweb.tmp.NqZwGa/[text:plain] - Ok
    Jun 24 19:12:48 vps-1009762-560 xinetd[24511]: EXIT: smtps status=0 pid=19509 duration=44(sec)
    Jun 24 19:12:53 vps-1009762-560 drwebd.real: 127.0.0.1 [19817] /var/drweb/spool/drweb.tmp.ZDXt2f - archive MAIL
    Jun 24 19:12:54 vps-1009762-560 drwebd.real: 127.0.0.1 [19817] /var/drweb/spool/drweb.tmp.ZDXt2f/[text:plain] - Ok
    Jun 24 19:13:22 vps-1009762-560 xinetd[24511]: START: smtp pid=20003 from=209.85.160.53
    Jun 24 19:13:24 vps-1009762-560 drwebd.real: 127.0.0.1 [20020] /var/drweb/spool/drweb.tmp.t8FMM4 - message's envelope (addresses) aren't present in license (protected e-mail`s), skipped!
    ~
     
  3. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    That error indicates that you don't have a valid working drweb licence. These problems are common in such situations and when you have more email accounts than the free licence offers to protect.

    My suggestion is get rid of drweb fast as you can or obtain a licence from paralles. To uninstall drweb, just use the commands below:

    /usr/local/psa/bin/service --stop drweb
    yum erase drweb-qmail
     
  4. IsaacT

    IsaacT Basic Pleskian

    17
    85%
    Joined:
    Apr 13, 2010
    Messages:
    29
    Likes Received:
    0
    I'll talk to my hosting provider to see what happened to my license. The system has been working fine for over 6 months and nothing has changed. So either the license got disabled somehow, or something else is going wrong. We haven't added any new email accounts lately either, so its not that the number of addresses has changed and exceeded the license limit.

    for the time being I have just shut the drweb service off while I work on the issues. Thanks for the information.
     
  5. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Cool, no problem!
     
Loading...