Facebook
Twitter
Hello,
from some day on now, I have this kind of message in my logs:
180247458 **** mail 12:41:42 /usr/lib64/ples /usr/lib64/plesk-9.0/psa-pc-remo Error during 'drweb' handler
From remote syslog... I did not find where it was located on the Plesk server.
And also many processes like this:
postfix 22526 0.0 0.0 1840248 4048 ? S 12:54 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 26213 0.0 0.0 1850492 4068 ? S 12:54 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 31880 0.0 0.0 1860736 4148 ? S 12:55 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 9257 0.0 0.0 1881224 4188 ? S 13:08 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 15484 0.0 0.0 1891468 4212 ? S 13:17 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 19793 0.0 0.0 1911956 4252 ? S 13:22 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 23251 0.0 0.0 1911956 4260 ? S 13:22 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 25894 0.0 0.0 1911956 4260 ? S 13:22 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 8690 0.0 0.0 1922200 4276 ? S 13:24 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 13213 0.0 0.0 1932444 4292 ? S 13:25 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 22088 0.0 0.0 1942688 4312 ? S 13:26 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 23597 0.0 0.0 1952932 4328 ? S 13:26 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 19971 0.0 0.0 1963176 4360 ? S 13:30 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 29647 0.0 0.0 1973420 4444 ? S 13:31 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 30439 0.0 0.0 1983664 4528 ? S 13:35 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
an lsof -p <pid> gives me:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
psa-pc-re 23251 postfix cwd DIR 202,0 4096 2 /
psa-pc-re 23251 postfix rtd DIR 202,0 4096 2 /
psa-pc-re 23251 postfix txt REG 202,0 144780 16466778 /usr/lib64/plesk-9.0/psa-pc-remote
psa-pc-re 23251 postfix mem REG 202,0 65928 18694279 /lib64/libnss_files-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 142464 18694270 /lib64/libpthread-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 19536 18694205 /lib64/libdl-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 1916568 18694191 /lib64/libc-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 63480 16466242 /usr/lib64/sw/libmilter.so.1.0
psa-pc-re 23251 postfix mem REG 202,0 667224 16466195 /usr/lib64/sw/sqlite37/libsqlite3.so.0.8.6
psa-pc-re 23251 postfix mem REG 202,0 154504 18694188 /lib64/ld-2.12.so
psa-pc-re 23251 postfix 0r REG 202,0 1120407 16470763 /usr/local/psa/handlers/spool/mlfi.0o4WFl (deleted)
psa-pc-re 23251 postfix 1w REG 202,0 0 16470764 /usr/local/psa/handlers/spool/mlfi.0o4WFl.tmp (deleted)
psa-pc-re 23251 postfix 2w FIFO 0,8 0t0 808309 pipe
psa-pc-re 23251 postfix 3u IPv4 9130 0t0 TCP localhost:12768 (LISTEN)
psa-pc-re 23251 postfix 4r FIFO 0,8 0t0 9131 pipe
psa-pc-re 23251 postfix 5w FIFO 0,8 0t0 9131 pipe
psa-pc-re 23251 postfix 6u unix 0xffff88027bfd9380 0t0 16946 socket
psa-pc-re 23251 postfix 7u IPv4 16805 0t0 TCP localhost:12768->localhost:36521 (CLOSE_WAIT)
psa-pc-re 23251 postfix 8r REG 202,0 15140 16466465 /usr/local/psa/handlers/spool/mlfi.ihkaCm (deleted)
psa-pc-re 23251 postfix 9w REG 202,0 0 16466512 /usr/local/psa/handlers/spool/mlfi.ihkaCm.tmp (deleted)
psa-pc-re 23251 postfix 10r FIFO 0,8 0t0 17197 pipe
psa-pc-re 23251 postfix 11u IPv4 24175 0t0 TCP localhost:12768->localhost:36549 (CLOSE_WAIT)
psa-pc-re 23251 postfix 12r REG 202,0 17929 16466911 /usr/local/psa/handlers/spool/mlfi.JQI4iv (deleted)
psa-pc-re 23251 postfix 13w REG 202,0 0 16466915 /usr/local/psa/handlers/spool/mlfi.JQI4iv.tmp (deleted)
...
Drweb has been deactivated on the server, but clearly Postfix still tries to scan the mails for viruses.
Thanks for your help!
Simon
from some day on now, I have this kind of message in my logs:
180247458 **** mail 12:41:42 /usr/lib64/ples /usr/lib64/plesk-9.0/psa-pc-remo Error during 'drweb' handler
From remote syslog... I did not find where it was located on the Plesk server.
And also many processes like this:
postfix 22526 0.0 0.0 1840248 4048 ? S 12:54 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 26213 0.0 0.0 1850492 4068 ? S 12:54 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 31880 0.0 0.0 1860736 4148 ? S 12:55 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 9257 0.0 0.0 1881224 4188 ? S 13:08 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 15484 0.0 0.0 1891468 4212 ? S 13:17 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 19793 0.0 0.0 1911956 4252 ? S 13:22 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 23251 0.0 0.0 1911956 4260 ? S 13:22 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 25894 0.0 0.0 1911956 4260 ? S 13:22 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 8690 0.0 0.0 1922200 4276 ? S 13:24 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 13213 0.0 0.0 1932444 4292 ? S 13:25 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 22088 0.0 0.0 1942688 4312 ? S 13:26 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 23597 0.0 0.0 1952932 4328 ? S 13:26 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 19971 0.0 0.0 1963176 4360 ? S 13:30 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 29647 0.0 0.0 1973420 4444 ? S 13:31 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
postfix 30439 0.0 0.0 1983664 4528 ? S 13:35 0:00 \_ /usr/lib64/plesk-9.0/psa-pc-remote -p inet:12768@localhost
an lsof -p <pid> gives me:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
psa-pc-re 23251 postfix cwd DIR 202,0 4096 2 /
psa-pc-re 23251 postfix rtd DIR 202,0 4096 2 /
psa-pc-re 23251 postfix txt REG 202,0 144780 16466778 /usr/lib64/plesk-9.0/psa-pc-remote
psa-pc-re 23251 postfix mem REG 202,0 65928 18694279 /lib64/libnss_files-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 142464 18694270 /lib64/libpthread-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 19536 18694205 /lib64/libdl-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 1916568 18694191 /lib64/libc-2.12.so
psa-pc-re 23251 postfix mem REG 202,0 63480 16466242 /usr/lib64/sw/libmilter.so.1.0
psa-pc-re 23251 postfix mem REG 202,0 667224 16466195 /usr/lib64/sw/sqlite37/libsqlite3.so.0.8.6
psa-pc-re 23251 postfix mem REG 202,0 154504 18694188 /lib64/ld-2.12.so
psa-pc-re 23251 postfix 0r REG 202,0 1120407 16470763 /usr/local/psa/handlers/spool/mlfi.0o4WFl (deleted)
psa-pc-re 23251 postfix 1w REG 202,0 0 16470764 /usr/local/psa/handlers/spool/mlfi.0o4WFl.tmp (deleted)
psa-pc-re 23251 postfix 2w FIFO 0,8 0t0 808309 pipe
psa-pc-re 23251 postfix 3u IPv4 9130 0t0 TCP localhost:12768 (LISTEN)
psa-pc-re 23251 postfix 4r FIFO 0,8 0t0 9131 pipe
psa-pc-re 23251 postfix 5w FIFO 0,8 0t0 9131 pipe
psa-pc-re 23251 postfix 6u unix 0xffff88027bfd9380 0t0 16946 socket
psa-pc-re 23251 postfix 7u IPv4 16805 0t0 TCP localhost:12768->localhost:36521 (CLOSE_WAIT)
psa-pc-re 23251 postfix 8r REG 202,0 15140 16466465 /usr/local/psa/handlers/spool/mlfi.ihkaCm (deleted)
psa-pc-re 23251 postfix 9w REG 202,0 0 16466512 /usr/local/psa/handlers/spool/mlfi.ihkaCm.tmp (deleted)
psa-pc-re 23251 postfix 10r FIFO 0,8 0t0 17197 pipe
psa-pc-re 23251 postfix 11u IPv4 24175 0t0 TCP localhost:12768->localhost:36549 (CLOSE_WAIT)
psa-pc-re 23251 postfix 12r REG 202,0 17929 16466911 /usr/local/psa/handlers/spool/mlfi.JQI4iv (deleted)
psa-pc-re 23251 postfix 13w REG 202,0 0 16466915 /usr/local/psa/handlers/spool/mlfi.JQI4iv.tmp (deleted)
...
Drweb has been deactivated on the server, but clearly Postfix still tries to scan the mails for viruses.
Thanks for your help!
Simon