DRWeb issues

[IsaacT]

Today I have been having some big problems with DrWeb. I have plesk 10.4.4 running on CentOs. And I just let plesk run its updates whenever it finds them. Which seems to be about once every week or two. DrWeb also just does its thing to get its updates.

Everything has been running fine since late January when I had some major issues with DrWeb. However now it seems that the email issues are back.

Whats happening is it seems that all emails sent to any email addresses on the server get blocked. And for each email that gets blocked I (as the server admin) get multiple emails.

First I get a "Antivirus software failure" email. That shows the sender and recipient. With the antivirus report of "The filter fails to pass object to the DrWEB daemon".

I then get a second email thats identical to the first, only this one has a sender of drweb-daemon@mydomain, and the recipient is the sender of the original email.

Lastly I get a "Failure Notice" email that is from MAILER-DARMON@ to postmaster@ saying that there is mailbox for drweb-daemon.

So one issue is why does drweb block all these. Looking for information on "The filter fails to pass objects to the DrWEB daemon" doesn't really result in anything that seems to help. And secondly is there any way to tell dr-web to not use fack email addresses like drweb-daemon@?

Thanks

 

[IsaacT]

also If I look at my messages log file I see lines like this:

Jun 24 19:11:26 vps-1009762-560 drwebd.real: Total virus records: 3440539
Jun 24 19:11:26 vps-1009762-560 drwebd.real: Key file: /opt/drweb/drweb32.key - Key file was not found! (No such file or directory)
Jun 24 19:11:26 vps-1009762-560 drwebd.real: A path to a valid license key file was not specified.
Jun 24 19:11:58 vps-1009762-560 drwebd.real: Daemon is enabled for protecting 14 e-mail`s:

14 lines for the email addresses protected

Jun 24 19:11:58 vps-1009762-560 drwebd.real: Daemon is installed, active interfaces: /var/drweb/run/.daemon 127.0.0.1:3000
Jun 24 19:12:04 vps-1009762-560 xinetd[24511]: START: smtps pid=19509 from=24.145.6.167
Jun 24 19:12:13 vps-1009762-560 drwebd.real: 127.0.0.1 [19546] /var/drweb/spool/drweb.tmp.NqZwGa - archive MAIL
Jun 24 19:12:46 vps-1009762-560 drwebd.real: 127.0.0.1 [19546] /var/drweb/spool/drweb.tmp.NqZwGa/[textlain] - Ok
Jun 24 19:12:48 vps-1009762-560 xinetd[24511]: EXIT: smtps status=0 pid=19509 duration=44(sec)
Jun 24 19:12:53 vps-1009762-560 drwebd.real: 127.0.0.1 [19817] /var/drweb/spool/drweb.tmp.ZDXt2f - archive MAIL
Jun 24 19:12:54 vps-1009762-560 drwebd.real: 127.0.0.1 [19817] /var/drweb/spool/drweb.tmp.ZDXt2f/[textlain] - Ok
Jun 24 19:13:22 vps-1009762-560 xinetd[24511]: START: smtp pid=20003 from=209.85.160.53
Jun 24 19:13:24 vps-1009762-560 drwebd.real: 127.0.0.1 [20020] /var/drweb/spool/drweb.tmp.t8FMM4 - message's envelope (addresses) aren't present in license (protected e-mail`s), skipped!
~

 

[abdi]

That error indicates that you don't have a valid working drweb licence. These problems are common in such situations and when you have more email accounts than the free licence offers to protect.

My suggestion is get rid of drweb fast as you can or obtain a licence from paralles. To uninstall drweb, just use the commands below:

/usr/local/psa/bin/service --stop drweb
yum erase drweb-qmail

 

[IsaacT]

I'll talk to my hosting provider to see what happened to my license. The system has been working fine for over 6 months and nothing has changed. So either the license got disabled somehow, or something else is going wrong. We haven't added any new email accounts lately either, so its not that the number of addresses has changed and exceeded the license limit.

for the time being I have just shut the drweb service off while I work on the issues. Thanks for the information.

 

[abdi]

Cool, no problem!