Plesk & DrWeb: “read error” on e-mails being scanned

If you're running DrWeb32 anti-virus in combination with Plesk, you may have noticed a lot of "read error" messages since the last few days. In your maillogs, it could look like this.

Dec 19 06:00:07 server qmail-queue[9434]: scan: the message(drweb.tmp.hdrl8i) sent by  to daemon return error (read error, after scanning/curing composite object is clean) -- possible problem with daemon or file

The mails received contain content like this.

Antivirus filter report:
--- Antivirus report ---
Detailed report: [1636] drweb.tmp.0Ugml7 -- archive MAIL [1636] drweb.tmp.0Ugml7/[text:plain] -- Ok [1636] drweb.tmp.0Ugml7/ -- archive ZIP [1636] >drweb.tmp.0Ugml7/ -- Ok [1636] >drweb.tmp.0Ugml7/ -- read error!

Official fix by Parallels

Update: Parallels has released an official KB with a resolution: If that does not work, you can try the steps below -- but they should be obsolete.

Workaround without Parallels

Only try the steps below if the above KB doesn't resolve your issue.

A quick fix for now is to change the way DrWeb handles the files that contain scanning errors or processing errors. Edit the file /etc/drweb/drweb_handler.conf and search the following.

ScanningErrors = quarantine
ProcessingErrors = reject

And change it to the following.

ScanningErrors = pass
ProcessingErrors = pass

And restart DrWeb.

~# /etc/init.d/drwebd restart

The problem is caused by an update that was pushed automatically on December 15th. It will be resolved as soon as Parallels has a fix for this, after that the fix is also applied automatically as DrWeb loads it's updates.

# grep -Pi 'drweb' /etc/cron* -R
/etc/cron.d/drweb-update:*/30 * * * * drweb /opt/drweb/

In this case, every 30 minutes the update is being checked.

Leave a Reply

Your email address will not be published. Required fields are marked *



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Why ads?

I'm glad you made it to this blogpost. I hope it helps solve your problem. So why then do I show ads on the site? Writing content, testing it and making sure the layout isn't totally b0rked takes time. A lot of time. The ads are a way to pay back a small portion of that time.

And as you know running a site costs (a bit of) money: the domain name, webhosting, time spent writing and updating content, ... So if you like the content of this blog, consider disabling your AdBlocker for this domain. Thanks!

Recent posts

Looking for help?

Tired of fixing all these tech-problems yourself? We've got an excellent team at Nucleus, a top-class Belgian hosting provider, that can help you.

Discover our Managed Hosting, where skilled engineers manage your servers and keep them up-to-date, so you can focus on your core business. We use a variety of Configuration Management Systems such as Puppet to make sure every config is reviewed, unit-tested and guaranteed to be working.

Want to get in touch? Find me as @mattiasgeniar on Twitter or via the contact-page on this blog.