If you’re running DrWeb32 anti-virus in combination with Plesk, you may have noticed a lot of “read error” messages since the last few days. In your maillogs, it could look like this.
Dec 19 06:00:07 server qmail-queue[9434]: scan: the message(drweb.tmp.hdrl8i) sent by to user@domain.be daemon return error (read error, after scanning/curing composite object is clean) – possible problem with daemon or file
The mails received contain content like this.
Antivirus filter report:
-– Antivirus report -–
Detailed report:
127.0.0.1 [1636] drweb.tmp.0Ugml7 – archive MAIL
127.0.0.1 [1636] drweb.tmp.0Ugml7/[text:plain] – Ok
127.0.0.1 [1636] drweb.tmp.0Ugml7/test.zip – archive ZIP
127.0.0.1 [1636] >drweb.tmp.0Ugml7/test.zip/test.txt – Ok
**127.0.0.1 [1636] >drweb.tmp.0Ugml7/test.zip/ – read error!
**
Official fix by Parallels
Update: Parallels has released an official KB with a resolution: http://kb.parallels.com/en/113018. If that does not work, you can try the steps below – but they should be obsolete.
Workaround without Parallels
Only try the steps below if the above KB doesn’t resolve your issue.
A quick fix for now is to change the way DrWeb handles the files that contain scanning errors or processing errors. Edit the file /etc/drweb/drweb_handler.conf and search the following.
ScanningErrors = quarantine ProcessingErrors = reject
And change it to the following.
ScanningErrors = pass ProcessingErrors = pass
And restart DrWeb.
~# /etc/init.d/drwebd restart
The problem is caused by an update that was pushed automatically on December 15th. It will be resolved as soon as Parallels has a fix for this, after that the fix is also applied automatically as DrWeb loads it’s updates.
# grep -Pi 'drweb' /etc/cron* -R /etc/cron.d/drweb-update:*/30 * * * * drweb /opt/drweb/update.pl
In this case, every 30 minutes the update is being checked.