• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue Unusually high rate of failed Dr.Web updates

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
Server operating system version
Alma 8
Plesk version and microupdate number
Latest
What's the problem with updates.drweb.com? For weeks we've been getting frequent update errors. Yet the server itself is online, but it responds with a 503 error. Example:

Email message:
Code: 
/etc/cron.daily/drweb-update:
ERROR: Dr.Web Updater: failed to download files !

On the console:
Code: 
[root@...]# curl -I updates.drweb.com
HTTP/1.1 503 Service Temporarily Unavailable
Server: nginx
Date: Tue, 22 Apr 2025 07:46:16 GMT
Content-Type: text/html; charset=windows-1251
Connection: keep-alive

[root@...]# ping updates.drweb.com
PING updates.drweb.com (213.79.65.35) 56(84) bytes of data.
64 bytes from frnc-01-prd-all.drweb.com (213.79.65.35): icmp_seq=1 ttl=55 time=53.1 ms
64 bytes from frnc-01-prd-all.drweb.com (213.79.65.35): icmp_seq=2 ttl=55 time=53.1 ms
64 bytes from frnc-01-prd-all.drweb.com (213.79.65.35): icmp_seq=3 ttl=55 time=53.1 ms
^C
--- updates.drweb.com ping statistics ---
3 packets transmitted, 7 received, 0% packet loss, time 6993ms
rtt min/avg/max/mdev = 52.917/53.050/53.140/0.068 ms

Manual downloads of the virus definition file work fine, example:
Code: 
[root@...]# wget http://update.geo.drweb.com/plesk/1100/unix/drw11000.vdb
--2025-04-22 09:49:06--  http://update.geo.drweb.com/plesk/1100/unix/drw11000.vdb
Resolving update.geo.drweb.com (update.geo.drweb.com)... 195.133.219.93, 85.10.234.30, 213.59.3.178, ...
Connecting to update.geo.drweb.com (update.geo.drweb.com)|195.133.219.93|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18796765 (18M) [application/octet-stream]
Saving to: âdrw11000.vdbâ

drw11000.vdb                            100%[===============================================================================>]  17.93M  1.36MB/s    in 13s

2025-04-22 09:49:19 (1.35 MB/s) - âdrw11000.vdbâ saved [18796765/18796765]

Why don't the nightly downloads work reliably any longer? There have been times in the past when they had scheduled maintenance, but this has been going on for weeks now.
 
Hello, Peter. I can see a few other reports about the same case and it was identified as a temporary issue. Is it still ongoing on your end? Could you please try updating it manually:

/opt/drweb/update.pl
Click to expand...

Also, would you mind sharing what Firewall are you using on the server in question?
 
/opt/drweb/update.pl worked without issues and returned
Code: 
Dr.Web update details:
Update server: http://update.geo.drweb.com/plesk/1100/unix
Update has begun at Tue Apr 22 22:21:45 2025
Update has finished at Tue Apr 22 22:21:48 2025

Following files have been updated:
        /var/drweb/bases/drwdaily.vdb
        /var/drweb/bases/drwtoday.vdb
        /var/drweb/bases/dwmtoday.vdb
        /var/drweb/bases/dwntoday.vdb
        /var/drweb/bases/dwrtoday.vdb
        /var/drweb/bases/timestamp
        /var/drweb/updates/timestamp

I was thinking about an issue with blocked IPs or subnets, but could not verify that. The IP of their update servers does not seem to be on any blocklist here. We're using iptables.
 
Sebahat.hadzhi said:
Thank you for the confirmation. If you observe any additional issues please let us know.
Click to expand...

@Sebahat.hadzhi and @Peter,

It seems to be the case that, in addition to the odd error notifications, there are some connectivity issues.

The connectivity issues are NOT the root cause of the problem of the error notifications.

Nevertheless, there is the need to get this "connectivity issue" solved too - that is something that Plesk cannot do though, only DrWeb can.


There are some STR (Steps to Reproduce), which STR might also be handy to minimize connectivity issues.

The STR are :

1 - run command : dig update.geo.drweb.com +short

2 - inspect the IPs presented, which should be identical (or at least similar to) :

195.133.219.91
81.176.67.172
195.133.219.93
213.59.3.178
85.10.234.30
195.161.158.50

3 - ping each and every IP with the command : ping update.geo.drweb.com

4 - repeat the ping command until you have ping times for all IPs mentioned in step 2

5 - inspect the IPs and the times : for most IPs, the ping time is very very high, with the exception of IP 85.10.234.30 (still not low, but lowest ping time).

6 - optional : it should be possible to minimize the connectivity issues by adding the line

[IP with lowest ping time] update.geo.drweb.com

to the /etc/hosts file

7 - required : it is necessary to check that the IP addresses from step 2 are not banned by Fail2Ban


Plesk should be aware of the fact that there is another ISSUE, due to these very high ping times : a time out can occur.

In addition, but probably related to the time out, a manual run of the /opt/drweb/update.pl script can fail.


Plesk should take PROPER ACTION and my suggestions would be

a) to ascertain that DrWeb takes proper actions quick (!),

OR

b) to create an update mirror managed by Plesk : this should resolve a lot of future issues.


I hope the above helps ....


Kind regards....
 
You must log in or register to reply here.

Similar threads

Bitpalast
Resolved Wordpress not downloadable/installable in different versions on several servers [due to rate-limiting on WP side]
Replies
15
Views
3K
Bitpalast
Bitpalast
H
Resolved Extension catalog doesn't show
Replies
10
Views
5K
jmgmedia
J
L
Issue Again I cant update from autoinstall.plesk.com
Replies
5
Views
3K
lepe
L
M
High ping loss and connection problems
Replies
1
Views
3K
MarcSerra
M
Back
Top