Antivirus Support
Plesk for Linux supports the following antivirus software:
- Plesk Premium Antivirus based on Dr.Web.
- Kaspersky Antivirus.
Both these solutions provide you with real-time mail traffic scanning and malware protection for customers. In this section you will find detailed information on these antivirus solutions.
Plesk Premium Antivirus
Plesk Premium Antivirus is shipped with Plesk in the form of RPM packages.
Directory Structure
Root directory: /opt/drweb/
Configuration files:
-
/etc/drweb/
is a directory with various configuration files. -
/etc/drweb/drweb32.ini
is the default configuration file for drwebd engine. -
/etc/drweb/drweb_qmail.conf
is the configuration file for the qmail-queue filter. -
/etc/drweb/users.conf
stores the configuration for every mail name for which antivirus is enabled.
Virus databases: /var/drweb/bases/*vdb
Quarantine directory: /var/drweb/infected/
Log file: /var/drweb/log/drwebd.log
Managing the Antivirus
The Dr.Web service is a standalone drwebd
daemon (also called engine),
which is started from the /etc/init.d/drwebd
script. You can also stop
and start it again with the following command:
# /etc/init.d/psa stopall
# /etc/init.d/psa start
Note: these commands stop and start other Plesk services: DNS server, mail server, and so on
You can also manage it within the Services Management page in the Server Administration Panel.
The interaction with drwebd is established through the Dr.Web client. It can change antivirus parameters and start checking files. The client displays a full list of its attributes if run without attributes. Also, it can extract detailed operational information from the engine. The following command gives information about the Dr.Web version and virus database.
# /opt/drweb/drwebdc -sv -sb
By default, the virus databases are updated every 30 minutes by means of
the cron task: /opt/drweb/update/update.pl > dev/null 2>&1
Filtering Mail
Dr.Web substitutes the native qmail-queue filter used for transferring
incoming messages to the qmail queue with its own utility. The utility’s
configuration settings are stored in the /etc/drweb/drweb_handler.conf
file.
Dr.Web filtering is activated on the mail name level. If enabled it can
check incoming, outgoing or both kinds of messages. The information is
stored in the /etc/drweb/users.conf
file. The following is an example of
three mail names with different Dr.Web configurations:
# grep domain01 /etc/drweb/users.conf
allow any regex ^admin@domain01.tst$
allow to regex ^user01@domain.tst$
allow from regex ^user02@domain.tst$
In the above configuration, Dr.Web will check viruses in:
- Incoming and outgoing messages for
admin@domain01.tst
- Incoming messages for
user01@domain01.tst
- Outgoing messages for
user02@domain01.tst
Kaspersky Antivirus
Kaspersky Antivirus is a module that scans incoming and outgoing mail traffic on your server, and removes malicious and potentially dangerous code from email messages. In order to use Kaspersky Antivirus with your Plesk server, you need to install the Kaspersky Antivirus module, then purchase and install a license key.
Kaspersky Antivirus is distributed as an RPM package.
Kaspersky Antivirus Structure
Kaspersky Antivirus resides in the following directories in Plesk.
Root directory: /opt/kav/5.5/kav4mailservers
Configuration file: /etc/kav/5.5/kav4mailservers/kav4mailservers.conf
.
It contains parameters as key=value
pairs grouped by sections. They
define the operation of all Kaspersky Antivirus components. All
configuration file parameters are grouped into sections, each of them
corresponding to a particular component of the product.
Virus databases: /var/db/kav/5.5/kav4mailservers/bases
License keys directory: /var/db/kav/5.5/kav4mailservers/licenses
Incoming and outgoing mail messages are processed like this:
- The stream of mail messages comes in from other servers or mail clients via the SMTP protocol.
- The mail system receives the mail traffic and passes it to Kaspersky Antivirus for scanning.
- The application processes the mail traffic according to the specified settings, and returns it to the mail system along with an additional set of notifications.
- The mail system routes the mail traffic to its destination.