Plesk for Linux supports the following antivirus software:

  • Plesk Premium Antivirus based on Dr.Web.
  • Kaspersky Antivirus.

Both these solutions provide you with real-time mail traffic scanning and malware protection for customers. In this section you will find detailed information on these antivirus solutions.

Plesk Premium Antivirus

Plesk Premium Antivirus is shipped with Plesk in the form of RPM packages.

Directory Structure

Root directory: /opt/drweb/

Configuration files:

  • /etc/drweb/ is a directory with various configuration files.
  • /etc/drweb/drweb32.ini is the default configuration file for drwebd engine.
  • /etc/drweb/drweb_qmail.conf is the configuration file for the qmail-queue filter.
  • /etc/drweb/users.conf stores the configuration for every mail name for which antivirus is enabled.

Virus databases: /var/drweb/bases/*vdb

Quarantine directory: /var/drweb/infected/

Log file: /var/drweb/log/drwebd.log

Managing the Antivirus

The Dr.Web service is a standalone drwebd daemon (also called engine), which is started from the /etc/init.d/drwebd script. You can also stop and start it again with the following command:

# /etc/init.d/psa stopall
# /etc/init.d/psa start

Note: these commands stop and start other Plesk services: DNS server, mail server, and so on

You can also manage it within the Services Management page in the Server Administration Panel.

The interaction with drwebd is established through the Dr.Web client. It can change antivirus parameters and start checking files. The client displays a full list of its attributes if run without attributes. Also, it can extract detailed operational information from the engine. The following command gives information about the Dr.Web version and virus database.

# /opt/drweb/drwebdc -sv -sb

By default, the virus databases are updated every 30 minutes by means of the cron task: /opt/drweb/update/ > dev/null 2>&1

Filtering Mail

Dr.Web substitutes the native qmail-queue filter used for transferring incoming messages to the qmail queue with its own utility. The utility’s configuration settings are stored in the /etc/drweb/drweb_handler.conf file.

Dr.Web filtering is activated on the mail name level. If enabled it can check incoming, outgoing or both kinds of messages. The information is stored in the /etc/drweb/users.conf file. The following is an example of three mail names with different Dr.Web configurations:

# grep domain01 /etc/drweb/users.conf
allow   any     regex   ^admin@domain01.tst$
allow   to      regex   ^user01@domain.tst$
allow   from    regex   ^user02@domain.tst$

In the above configuration, Dr.Web will check viruses in:

  • Incoming and outgoing messages for admin@domain01.tst
  • Incoming messages for user01@domain01.tst
  • Outgoing messages for user02@domain01.tst

Kaspersky Antivirus

Kaspersky Antivirus is a module that scans incoming and outgoing mail traffic on your server, and removes malicious and potentially dangerous code from email messages. In order to use Kaspersky Antivirus with your Plesk server, you need to install the Kaspersky Antivirus module, then purchase and install a license key.

Kaspersky Antivirus is distributed as an RPM package.

Kaspersky Antivirus Structure

Kaspersky Antivirus resides in the following directories in Plesk.

Root directory: /opt/kav/5.5/kav4mailservers

Configuration file: /etc/kav/5.5/kav4mailservers/kav4mailservers.conf. It contains parameters as key=value pairs grouped by sections. They define the operation of all Kaspersky Antivirus components. All configuration file parameters are grouped into sections, each of them corresponding to a particular component of the product.

Virus databases: /var/db/kav/5.5/kav4mailservers/bases

License keys directory: /var/db/kav/5.5/kav4mailservers/licenses

Incoming and outgoing mail messages are processed like this:

  1. The stream of mail messages comes in from other servers or mail clients via the SMTP protocol.
  2. The mail system receives the mail traffic and passes it to Kaspersky Antivirus for scanning.
  3. The application processes the mail traffic according to the specified settings, and returns it to the mail system along with an additional set of notifications.
  4. The mail system routes the mail traffic to its destination.