Plesk for Linux supports the following antivirus software:
- Plesk Premium Antivirus based on Dr.Web.
- Kaspersky Antivirus.
Both these solutions provide you with real-time mail traffic scanning and malware protection for customers. In this section you will find detailed information on these antivirus solutions.
Plesk Premium Antivirus
Plesk Premium Antivirus is shipped with Plesk in the form of RPM packages.
/etc/drweb/ is a directory with various configuration files.
/etc/drweb/drweb32.ini is the default configuration file for drwebd engine.
/etc/drweb/drweb_qmail.conf is the configuration file for the qmail-queue filter.
/etc/drweb/users.conf stores the configuration for every mail name for which antivirus is enabled.
Managing the Antivirus
The Dr.Web service is a standalone drwebd daemon (also called engine), which is started from the /etc/init.d/drwebd script. You can also stop and start it again with the following command:
# /etc/init.d/psa stopall # /etc/init.d/psa start
Note: these commands stop and start other Plesk services: DNS server, mail server, and so on
You can also manage it within the Services Management page in the Server Administration Panel.
The interaction with drwebd is established through the Dr.Web client. It can change antivirus parameters and start checking files. The client displays a full list of its attributes if run without attributes. Also, it can extract detailed operational information from the engine. The following command gives information about the Dr.Web version and virus database.
# /opt/drweb/drwebdc -sv -sb
By default, the virus databases are updated every 30 minutes by means of the cron task: /opt/drweb/update/update.pl >dev/null 2>&1
Dr.Web substitutes the native qmail-queue filter used for transferring incoming messages to the qmail queue with its own utility. The utility's configuration settings are stored in the /etc/drweb/drweb_handler.conf file.
Dr.Web filtering is activated on the mail name level. If enabled it can check incoming, outgoing or both kinds of messages. The information is stored in the /etc/drweb/users.conf file. The following is an example of three mail names with different Dr.Web configurations:
# grep domain01 /etc/drweb/users.conf allow any regex ^firstname.lastname@example.org$ allow to regex ^email@example.com$ allow from regex ^firstname.lastname@example.org$
In the above configuration, Dr.Web will check viruses in:
Incoming and outgoing messages for email@example.com
Incoming messages for firstname.lastname@example.org
Outgoing messages for email@example.com
Kaspersky Antivirus is a module that scans incoming and outgoing mail traffic on your server, and removes malicious and potentially dangerous code from email messages. In order to use Kaspersky Antivirus with your Plesk server, you need to install the Kaspersky Antivirus module, then purchase and install a license key.
Kaspersky Antivirus is distributed as an RPM package.
Kaspersky Antivirus Structure
Kaspersky Antivirus resides in the following directories in Plesk.
/opt/kav/5.5/kav4mailservers - the main directory.
/etc/kav/5.5/kav4mailservers/kav4mailservers.conf - a configuration file that contains parameters as key=value pairs grouped by sections. They define the operation of all Kaspersky Antivirus components. All configuration file parameters are grouped into sections, each of them corresponding to a particular component of the product.
/var/db/kav/5.5/kav4mailservers/bases - a path to the anti-virus database directory.
/var/db/kav/5.5/kav4mailservers/licenses - a path to the license keys directory.
Incoming and outgoing mail messages are processed like this:
- The stream of mail messages comes in from other servers or mail clients via the SMTP protocol.
- The mail system receives the mail traffic and passes it to Kaspersky Antivirus for scanning.
- The application processes the mail traffic according to the specified settings, and returns it to the mail system along with an additional set of notifications.
- The mail system routes the mail traffic to its destination.