Plesk & DrWeb: “read error” on e-mails being scanned

If you're running DrWeb32 anti-virus in combination with Plesk, you may have noticed a lot of "read error" messages since the last few days. In your maillogs, it could look like this.

Dec 19 06:00:07 server qmail-queue[9434]: scan: the message(drweb.tmp.hdrl8i) sent by  to daemon return error (read error, after scanning/curing composite object is clean) -- possible problem with daemon or file

The mails received contain content like this.

Antivirus filter report:
--- Antivirus report ---
Detailed report: [1636] drweb.tmp.0Ugml7 -- archive MAIL [1636] drweb.tmp.0Ugml7/[text:plain] -- Ok [1636] drweb.tmp.0Ugml7/ -- archive ZIP [1636] >drweb.tmp.0Ugml7/ -- Ok [1636] >drweb.tmp.0Ugml7/ -- read error!

Official fix by Parallels

Update: Parallels has released an official KB with a resolution: If that does not work, you can try the steps below -- but they should be obsolete.

Workaround without Parallels

Only try the steps below if the above KB doesn't resolve your issue.

A quick fix for now is to change the way DrWeb handles the files that contain scanning errors or processing errors. Edit the file /etc/drweb/drweb_handler.conf and search the following.

ScanningErrors = quarantine
ProcessingErrors = reject

And change it to the following.

ScanningErrors = pass
ProcessingErrors = pass

And restart DrWeb.

~# /etc/init.d/drwebd restart

The problem is caused by an update that was pushed automatically on December 15th. It will be resolved as soon as Parallels has a fix for this, after that the fix is also applied automatically as DrWeb loads it's updates.

# grep -Pi 'drweb' /etc/cron* -R
/etc/cron.d/drweb-update:*/30 * * * * drweb /opt/drweb/

In this case, every 30 minutes the update is being checked.

Looking for help?

Tired of fixing all these tech-problems yourself? We've got an excellent team at Nucleus, a top-class Belgian hosting provider, that can help you. Discover our Managed Hosting, where skilled engineers manage your servers and keep them up-to-date, so you can focus on your core business. We use a variety of Configuration Management Systems such as Puppet to make sure every config is reviewed, unit-tested and guaranteed to be working.

Want to get in touch? Find me as @mattiasgeniar on Twitter or via the contact-page on my blog.

Tagged with: ,
Posted in Plesk

Leave a Reply

Your email address will not be published. Required fields are marked *



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>