Antivirus Support
Plesk for Linux supports the following antivirus software:
- Premium Antivirus by Dr.Web
- Kaspersky Anti-Virus for Servers
- Sophos Anti-Virus for Servers
These solutions provide you with real-time mail traffic scanning and malware protection for customers. In this section, you will find detailed information on these antivirus solutions.
Premium Antivirus by Dr.Web
Premium Antivirus by Dr.Web is shipped with Plesk in the form of RPM (RHEL) and APT (Ubuntu/Debian) packages.
Directory Structure
Root directory: /opt/drweb/
Configuration files:
-
/etc/drweb/is a directory with various configuration files. -
/etc/drweb/drweb32.iniis the default configuration file for drwebd engine. -
/etc/drweb/drweb_qmail.confis the configuration file for the qmail-queue filter. -
/etc/drweb/users.confstores the configuration for every mail name for which antivirus is enabled.
Virus databases: /var/drweb/bases/*vdb
Quarantine directory: /var/drweb/infected/
Log file: /var/drweb/log/drwebd.log
Managing the Antivirus
The Dr.Web service is a standalone drwebd daemon (also called engine), which is started from the /etc/init.d/drwebd script.
You can also stop, start, and restart the service using the following commands, respectively:
service drwebd stop
service drwebd start
service drwebd restart
You can also manage it within the Services Management page in the Server Administration Panel.
The interaction with drwebd is established through the Dr.Web client. It
can change antivirus parameters and start checking files. The client
displays a full list of its attributes if run without attributes. Also,
it can extract detailed operational information from the engine. The
following command gives information about the Dr.Web version and virus
database.
/opt/drweb/drwebdc -sv -sb
By default, the virus databases are updated every 30 minutes by means of
the cron task: /opt/drweb/update/update.pl > dev/null 2>&1
Filtering Mail
Dr.Web substitutes the native qmail-queue filter used for transferring
incoming messages to the qmail queue with its own utility. The utility’s
configuration settings are stored in the /etc/drweb/drweb_handler.conf
file.
Dr.Web filtering is activated on the mail name level. If enabled it can
check incoming, outgoing or both kinds of messages. The information is
stored in the /etc/drweb/users.conf file. The following is an example of
three mail names with different Dr.Web configurations:
grep domain01 /etc/drweb/users.conf
allow any regex ^admin@domain01.tst$
allow to regex ^user01@domain.tst$
allow from regex ^user02@domain.tst$
In the above configuration, Dr.Web will check viruses in:
- Incoming and outgoing messages for
admin@domain01.tst - Incoming messages for
user01@domain01.tst - Outgoing messages for
user02@domain01.tst
Kaspersky Anti-Virus for Servers
Kaspersky Anti-Virus is a module that scans incoming and outgoing mail traffic on your server, and removes malicious and potentially dangerous code from email messages. In order to use Kaspersky Anti-Virus with your Plesk server, you need to install the Kaspersky Anti-Virus module, then purchase and install a license key.
Kaspersky Anti-Virus is distributed as RPM (RHEL) and APT (Ubuntu/Debian) packages.
Kaspersky Anti-Virus Structure
Kaspersky Anti-Virus resides in the following directories in Plesk:
-
(Root directory)
/opt/kav/5.5/kav4mailservers -
(Configuration file)
/etc/kav/5.5/kav4mailservers/kav4mailservers.confIt contains parameters as
key=valuepairs grouped by sections. They define the operation of all Kaspersky Anti-Virus components. All configuration file parameters are grouped into sections, each of them corresponding to a particular component of the product. -
(Virus databases)
/var/db/kav/5.5/kav4mailservers/bases -
(License keys directory)
/var/db/kav/5.5/kav4mailservers/licenses
Incoming and outgoing mail messages are processed like this:
- The stream of mail messages comes in from other servers or mail clients via the SMTP protocol.
- The mail system receives the mail traffic and passes it to Kaspersky Antivirus for scanning.
- The application processes the mail traffic according to the specified settings, and returns it to the mail system along with an additional set of notifications.
- The mail system routes the mail traffic to its destination.
Sophos Anti-Virus for Servers
Sophos Anti-Virus for Servers protects your mail server, scans incoming and outgoing mail traffic, and rejects malicious and potentially dangerous emails.
Sophos Anti-Virus for Servers is shipped with Plesk as RPM (RHEL) and APT (Ubuntu/Debian) packages.
Sophos Anti-Virus for Servers Structure
The location of the Sophos Anti-Virus configuration file may vary depending on your operating system. To find out the location, use the following command:
find / -name savdid.conf
/opt/plesk/sophosav/savdi/savdid.conf
Sophos Anti-Virus for Servers has the following log files:
/var/log/messages/var/log/syslog/var/log/maillog
You can increase the logs’ verbosity in savdid.conf.
Sophos Anti-Virus for Servers has the following databases:
/opt/plesk/sophosav/sav/opt/plesk/sophosav/ide
The databases are automatically updated every hour. To update them manually, run the following command:
/opt/plesk/sophosav/bin/updater
You can also check if automatic updates of the databases are working:
systemctl list-timers | grep sophos
To check the Sophos Anti-Virus database version, run the following command:
cat /opt/plesk/sophosav/sav/virusDataVersion.txt
Managing the Antivirus
To check if the Sophos Anti-Virus service is active, run the following command:
systemctl status plesk-sophos-av
Sophos Anti-Virus for Servers CLI
To see the help on the CLI usage, run the following command:
/opt/plesk/sophosav/bin/sophosmng help
Sophos Anti-Virus for Servers Limitations
It is not possible to select a global anti-virus mode for all mailboxes. To do so, you need to create a bash script to enable the anti-virus for multiple mailboxes, for example:
cat mailboxes.txt | while read i; do plesk bin mail -u $i -antivirus inout;done