Antivirus Support
Plesk for Linux supports the following antivirus software:
- Premium Antivirus by Dr.Web
- Sophos Anti-Virus for Servers
These solutions provide you with real-time mail traffic scanning and malware protection for customers. In this section, you will find detailed information on these antivirus solutions.
Premium Antivirus by Dr.Web
Premium Antivirus by Dr.Web is shipped with Plesk in the form of RPM (RHEL) and APT (Ubuntu/Debian) packages.
Directory Structure
Root directory: /opt/drweb/
Configuration files:
-
/etc/drweb/
is a directory with various configuration files. -
/etc/drweb/drweb32.ini
is the default configuration file for drwebd engine. -
/etc/drweb/drweb_qmail.conf
is the configuration file for the qmail-queue filter. -
/etc/drweb/users.conf
stores the configuration for every mail name for which antivirus is enabled.
Virus databases: /var/drweb/bases/*vdb
Quarantine directory: /var/drweb/infected/
Log file: /var/drweb/log/drwebd.log
Managing the Antivirus
The Dr.Web service is a standalone drwebd
daemon (also called engine), which is started from the /etc/init.d/drwebd
script.
You can also stop, start, and restart the service using the following commands, respectively:
service drwebd stop
service drwebd start
service drwebd restart
You can also manage it within the Services Management page in the Server Administration Panel.
The interaction with drwebd
is established through the Dr.Web client. It
can change antivirus parameters and start checking files. The client
displays a full list of its attributes if run without attributes. Also,
it can extract detailed operational information from the engine. The
following command gives information about the Dr.Web version and virus
database.
/opt/drweb/drwebdc -sv -sb
By default, the virus databases are updated every 30 minutes by means of
the cron task: /opt/drweb/update/update.pl > dev/null 2>&1
Filtering Mail
Dr.Web substitutes the native qmail-queue filter used for transferring
incoming messages to the qmail queue with its own utility. The utility’s
configuration settings are stored in the /etc/drweb/drweb_handler.conf
file.
Dr.Web filtering is activated on the mail name level. If enabled it can
check incoming, outgoing or both kinds of messages. The information is
stored in the /etc/drweb/users.conf
file. The following is an example of
three mail names with different Dr.Web configurations:
grep domain01 /etc/drweb/users.conf
allow any regex ^admin@domain01.tst$
allow to regex ^user01@domain.tst$
allow from regex ^user02@domain.tst$
In the above configuration, Dr.Web will check viruses in:
- Incoming and outgoing messages for
admin@domain01.tst
- Incoming messages for
user01@domain01.tst
- Outgoing messages for
user02@domain01.tst
Sophos Anti-Virus for Servers
Sophos Anti-Virus for Servers protects your mail server, scans incoming and outgoing mail traffic, and rejects malicious and potentially dangerous emails.
Sophos Anti-Virus for Servers is shipped with Plesk as RPM (RHEL) and APT (Ubuntu/Debian) packages.
Sophos Anti-Virus for Servers Structure
The location of the Sophos Anti-Virus configuration file may vary depending on your operating system. To find out the location, use the following command:
find / -name savdid.conf
/opt/plesk/sophosav/savdi/savdid.conf
Sophos Anti-Virus for Servers has the following log files:
/var/log/messages
/var/log/syslog
/var/log/maillog
You can increase the logs’ verbosity in savdid.conf
.
Sophos Anti-Virus for Servers has the following databases:
/opt/plesk/sophosav/sav
/opt/plesk/sophosav/ide
The databases are automatically updated every hour. To update them manually, run the following command:
/opt/plesk/sophosav/bin/updater
You can also check if automatic updates of the databases are working:
systemctl list-timers | grep sophos
To check the Sophos Anti-Virus database version, run the following command:
cat /opt/plesk/sophosav/sav/virusDataVersion.txt
Managing the Antivirus
To check if the Sophos Anti-Virus service is active, run the following command:
systemctl status plesk-sophos-av
Sophos Anti-Virus for Servers CLI
To see the help on the CLI usage, run the following command:
/opt/plesk/sophosav/bin/sophosmng help
Sophos Anti-Virus for Servers Limitations
It is not possible to select a global anti-virus mode for all mailboxes. To do so, you need to create a bash script to enable the anti-virus for multiple mailboxes, for example:
cat mailboxes.txt | while read i; do plesk bin mail -u $i -antivirus inout;done