Plesk for Linux supports the following antivirus software:

  • Premium Antivirus by Dr.Web
  • Sophos Anti-Virus for Servers

These solutions provide you with real-time mail traffic scanning and malware protection for customers. In this section, you will find detailed information on these antivirus solutions.

Premium Antivirus by Dr.Web

Premium Antivirus by Dr.Web is shipped with Plesk in the form of RPM (RHEL) and APT (Ubuntu/Debian) packages.

Directory Structure

Root directory: /opt/drweb/

Configuration files:

  • /etc/drweb/ is a directory with various configuration files.
  • /etc/drweb/drweb32.ini is the default configuration file for drwebd engine.
  • /etc/drweb/drweb_qmail.conf is the configuration file for the qmail-queue filter.
  • /etc/drweb/users.conf stores the configuration for every mail name for which antivirus is enabled.

Virus databases: /var/drweb/bases/*vdb

Quarantine directory: /var/drweb/infected/

Log file: /var/drweb/log/drwebd.log

Managing the Antivirus

The Dr.Web service is a standalone drwebd daemon (also called engine), which is started from the /etc/init.d/drwebd script. You can also stop, start, and restart the service using the following commands, respectively:

service drwebd stop
service drwebd start
service drwebd restart

You can also manage it within the Services Management page in the Server Administration Panel.

The interaction with drwebd is established through the Dr.Web client. It can change antivirus parameters and start checking files. The client displays a full list of its attributes if run without attributes. Also, it can extract detailed operational information from the engine. The following command gives information about the Dr.Web version and virus database.

/opt/drweb/drwebdc -sv -sb

By default, the virus databases are updated every 30 minutes by means of the cron task: /opt/drweb/update/update.pl > dev/null 2>&1

Filtering Mail

Dr.Web substitutes the native qmail-queue filter used for transferring incoming messages to the qmail queue with its own utility. The utility’s configuration settings are stored in the /etc/drweb/drweb_handler.conf file.

Dr.Web filtering is activated on the mail name level. If enabled it can check incoming, outgoing or both kinds of messages. The information is stored in the /etc/drweb/users.conf file. The following is an example of three mail names with different Dr.Web configurations:

grep domain01 /etc/drweb/users.conf
allow   any     regex   ^admin@domain01.tst$
allow   to      regex   ^user01@domain.tst$
allow   from    regex   ^user02@domain.tst$

In the above configuration, Dr.Web will check viruses in:

  • Incoming and outgoing messages for admin@domain01.tst
  • Incoming messages for user01@domain01.tst
  • Outgoing messages for user02@domain01.tst

Sophos Anti-Virus for Servers

Sophos Anti-Virus for Servers protects your mail server, scans incoming and outgoing mail traffic, and rejects malicious and potentially dangerous emails.

Sophos Anti-Virus for Servers is shipped with Plesk as RPM (RHEL) and APT (Ubuntu/Debian) packages.

Sophos Anti-Virus for Servers Structure

The location of the Sophos Anti-Virus configuration file may vary depending on your operating system. To find out the location, use the following command:

find / -name savdid.conf
/opt/plesk/sophosav/savdi/savdid.conf

Sophos Anti-Virus for Servers has the following log files:

  • /var/log/messages
  • /var/log/syslog
  • /var/log/maillog

You can increase the logs’ verbosity in savdid.conf.

Sophos Anti-Virus for Servers has the following databases:

  • /opt/plesk/sophosav/sav
  • /opt/plesk/sophosav/ide

The databases are automatically updated every hour. To update them manually, run the following command:

/opt/plesk/sophosav/bin/updater

You can also check if automatic updates of the databases are working:

systemctl list-timers | grep sophos

To check the Sophos Anti-Virus database version, run the following command:

cat /opt/plesk/sophosav/sav/virusDataVersion.txt

Managing the Antivirus

To check if the Sophos Anti-Virus service is active, run the following command:

systemctl status plesk-sophos-av

Sophos Anti-Virus for Servers CLI

To see the help on the CLI usage, run the following command:

/opt/plesk/sophosav/bin/sophosmng help

Sophos Anti-Virus for Servers Limitations

It is not possible to select a global anti-virus mode for all mailboxes. To do so, you need to create a bash script to enable the anti-virus for multiple mailboxes, for example:

cat mailboxes.txt | while read i; do plesk bin mail -u $i -antivirus inout;done