Clamav error when updating

hi i'm receiving email notifications saying the auto update for clamav failed

Cron  /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

ERROR: getpatch: Can't download daily-26099.cdiff from database.clamav.net

if i try to manually update, i get the following output:

[root@xxx bin]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Fri Sep 17 08:30:10 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.

verbose:

[root@xxx bin]# /usr/local/cpanel/3rdparty/bin/freshclam --verbose
Current working dir is /usr/local/cpanel/3rdparty/share/clamav
ClamAV update process started at Fri Sep 17 08:40:11 2021
Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net
TTL: 1800
Software version from DNS: 0.103.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 62
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cvd version from DNS: 26297
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
Querying current.cvd.clamav.net
TTL: 1800
Software version from DNS: 0.103.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 62
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cvd version from DNS: 26297
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
Querying current.cvd.clamav.net
TTL: 1789
Software version from DNS: 0.103.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 62
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cvd version from DNS: 26297
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
ERROR: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.

clamscan

[root@xxx bin]# /usr/local/cpanel/3rdparty/bin/clamscan
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
/usr/local/cpanel/3rdparty/bin/perl: Symbolic link
/usr/local/cpanel/3rdparty/bin/perl532: Symbolic link
/usr/local/cpanel/3rdparty/bin/pg_test_fsync: OK
/usr/local/cpanel/3rdparty/bin/my_print_defaults: OK
/usr/local/cpanel/3rdparty/bin/mysql: OK
/usr/local/cpanel/3rdparty/bin/pg_restore: OK
/usr/local/cpanel/3rdparty/bin/mysql_config: OK
/usr/local/cpanel/3rdparty/bin/pg_test_timing: OK
/usr/local/cpanel/3rdparty/bin/mysql_config_editor: OK
/usr/local/cpanel/3rdparty/bin/psql: OK
/usr/local/cpanel/3rdparty/bin/mysql_find_rows: OK
/usr/local/cpanel/3rdparty/bin/clamdscan: OK
/usr/local/cpanel/3rdparty/bin/mysql_waitpid: OK
/usr/local/cpanel/3rdparty/bin/mysqlaccess: OK
/usr/local/cpanel/3rdparty/bin/mysqladmin: OK
/usr/local/cpanel/3rdparty/bin/mysqlbinlog: OK
/usr/local/cpanel/3rdparty/bin/mysqlcheck: OK
/usr/local/cpanel/3rdparty/bin/mysqldump: OK
/usr/local/cpanel/3rdparty/bin/mysqlimport: OK
/usr/local/cpanel/3rdparty/bin/mysqlshow: OK
/usr/local/cpanel/3rdparty/bin/sqlite3: OK
/usr/local/cpanel/3rdparty/bin/pear: Symbolic link
/usr/local/cpanel/3rdparty/bin/php: Symbolic link
/usr/local/cpanel/3rdparty/bin/clamav-config: OK
/usr/local/cpanel/3rdparty/bin/clamav_setupcrontab: OK
/usr/local/cpanel/3rdparty/bin/php73: Symbolic link
/usr/local/cpanel/3rdparty/bin/clamconf: OK
/usr/local/cpanel/3rdparty/bin/gitk: OK
/usr/local/cpanel/3rdparty/bin/dropuser: OK
/usr/local/cpanel/3rdparty/bin/pg_basebackup: OK
/usr/local/cpanel/3rdparty/bin/clamd: OK
/usr/local/cpanel/3rdparty/bin/pg_receivexlog: OK
/usr/local/cpanel/3rdparty/bin/git: OK
/usr/local/cpanel/3rdparty/bin/git-receive-pack: OK
/usr/local/cpanel/3rdparty/bin/git-upload-archive: OK
/usr/local/cpanel/3rdparty/bin/git-upload-pack: OK
/usr/local/cpanel/3rdparty/bin/clamdtop: OK
/usr/local/cpanel/3rdparty/bin/git-cvsserver: OK
/usr/local/cpanel/3rdparty/bin/git-shell: OK
/usr/local/cpanel/3rdparty/bin/re2c: OK
/usr/local/cpanel/3rdparty/bin/spf_example: OK
/usr/local/cpanel/3rdparty/bin/clamscan: OK
/usr/local/cpanel/3rdparty/bin/spf_example_static: OK
/usr/local/cpanel/3rdparty/bin/spfd: OK
/usr/local/cpanel/3rdparty/bin/spfd_static: OK
/usr/local/cpanel/3rdparty/bin/spfquery: OK
/usr/local/cpanel/3rdparty/bin/spfquery_static: OK
/usr/local/cpanel/3rdparty/bin/spftest: OK
/usr/local/cpanel/3rdparty/bin/freshclam: OK
/usr/local/cpanel/3rdparty/bin/spftest_static: OK
/usr/local/cpanel/3rdparty/bin/srs: OK
/usr/local/cpanel/3rdparty/bin/spamc: Symbolic link
/usr/local/cpanel/3rdparty/bin/horde-db-migrate: Symbolic link
/usr/local/cpanel/3rdparty/bin/phar: Symbolic link
/usr/local/cpanel/3rdparty/bin/php-config: Symbolic link
/usr/local/cpanel/3rdparty/bin/phpize: Symbolic link
/usr/local/cpanel/3rdparty/bin/sa-update: Symbolic link
/usr/local/cpanel/3rdparty/bin/sa-learn: Symbolic link
/usr/local/cpanel/3rdparty/bin/php-cgi: Symbolic link
/usr/local/cpanel/3rdparty/bin/ingo-convert-prefs-to-sql: Symbolic link
/usr/local/cpanel/3rdparty/bin/pecl: Symbolic link
/usr/local/cpanel/3rdparty/bin/spamd: Symbolic link
/usr/local/cpanel/3rdparty/bin/sa-compile: Symbolic link
/usr/local/cpanel/3rdparty/bin/spamassassin: Symbolic link
/usr/local/cpanel/3rdparty/bin/mysqldiff: Symbolic link
/usr/local/cpanel/3rdparty/bin/peardev: Symbolic link
/usr/local/cpanel/3rdparty/bin/pigz: OK
/usr/local/cpanel/3rdparty/bin/unpigz: OK
/usr/local/cpanel/3rdparty/bin/webalizer: Symbolic link
/usr/local/cpanel/3rdparty/bin/webazolver: Symbolic link
/usr/local/cpanel/3rdparty/bin/analog: OK
/usr/local/cpanel/3rdparty/bin/analog.cfg: OK
/usr/local/cpanel/3rdparty/bin/clusterdb: OK
/usr/local/cpanel/3rdparty/bin/createdb: OK
/usr/local/cpanel/3rdparty/bin/createlang: OK
/usr/local/cpanel/3rdparty/bin/createuser: OK
/usr/local/cpanel/3rdparty/bin/dropdb: OK
/usr/local/cpanel/3rdparty/bin/droplang: OK
/usr/local/cpanel/3rdparty/bin/pg_dump: OK
/usr/local/cpanel/3rdparty/bin/pg_dumpall: OK
/usr/local/cpanel/3rdparty/bin/reindexdb: OK
/usr/local/cpanel/3rdparty/bin/vacuumdb: OK
/usr/local/cpanel/3rdparty/bin/puttygen: OK
/usr/local/cpanel/3rdparty/bin/awredir.pl: OK
/usr/local/cpanel/3rdparty/bin/awstats.pl: OK
/usr/local/cpanel/3rdparty/bin/sigtool: OK
/usr/local/cpanel/3rdparty/bin/logresolvemerge.pl: OK
/usr/local/cpanel/3rdparty/bin/perlcc: Symbolic link
/usr/local/cpanel/3rdparty/bin/python: Symbolic link
/usr/local/cpanel/3rdparty/bin/smartctl: Symbolic link
/usr/local/cpanel/3rdparty/bin/ldns-config: OK
/usr/local/cpanel/3rdparty/bin/xdelta3: OK
/usr/local/cpanel/3rdparty/bin/clambc: OK

----------- SCAN SUMMARY -----------
Known viruses: 10589798
Engine version: 0.101.5
Scanned directories: 1
Scanned files: 68
Infected files: 0
Data scanned: 52.88 MB
Data read: 58.06 MB (ratio 0.91:1)
Time: 20.778 sec (0 m 20 s)

any ideas why it can't connect to database.clamav.net? is there another mirror i can change to? the server is a vps

cPJustinD

September 17, 2021 13:12

Hey there! Are you able to reach database.clamav.net from your server using curl? You can verify with the following commands: curl -sIL database.clamav.net
curl -sIL https://database.clamav.net

mmaciel

September 17, 2021 13:23

hey @cPJustinD yeah, apparently it reaches

[root@xxx1 ~]# curl -sIL database.clamav.net
HTTP/1.1 200 OK
Date: Fri, 17 Sep 2021 13:21:10 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Tue, 13 Aug 2019 14:20:59 GMT
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 6902a2da5f9d7fe4-SAN

[root@ixxx ~]#  curl -sIL https://database.clamav.net
HTTP/1.1 200 OK
Date: Fri, 17 Sep 2021 13:21:24 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Tue, 13 Aug 2019 14:20:59 GMT
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 6902a32e1a147fea-SAN

September 17, 2021 13:28

Interesting. I was expecting a timeout since the destination couldn't be reached per the original log entries you provided. Do you see any issues using telnet
to connect to the database? telnet database.clamav.net 80

September 17, 2021 13:32

yeah, weird it also connects via telnet

[root@xxx ~]# telnet database.clamav.net 80
Trying 104.16.219.84...
Connected to database.clamav.net.
Escape character is '^]'.

September 17, 2021 13:35

Thank you for that confirmation. I think it would be best to open a support ticket so that our analysts can review the issue more thoroughly and determine what exactly is occurring. You can submit a support request using the "Submit a ticket" link in my signature below. Please be sure to link this thread when opening the ticket and provide the ticket number here so that we can track the issue appropriately. If possible, please post the resolution on this thread as it may help other community members with similar issues.

September 17, 2021 13:38

will do, thanks @cPJustinD edit: another thing @cPJustinD, not related to my problem, but the link in your sig doesn't work... not sure if its a problem on my end, but i tried with different browsers and two different internet providers and it wont open, keeps reloading a page, sometimes it redirects to this be the right place to open a ticket?

September 17, 2021 13:50

That link brings me to my own account portal, so that should be correct. For reference, the ticket submission process can also be found here:

September 17, 2021 13:56

alright, thanks ticket id #94363922

September 17, 2021 14:00

Thanks mmaciel! I'll be following the ticket on my end as well.

September 17, 2021 14:28

I successfully connected to the server via your ticket, and I believe I've identified the issue. I think the problem may be related to IPv6 connections on your server. I've sent a reply to the ticket that may contain sensitive information about your server, so please review my response, and we can continue to discuss the issue in the ticket. I'll be sure to post the official resolution here once you can confirm the issue is resolved.

cPRex Jurassic Moderator

September 20, 2021 15:16

We have some more details about this issue in the article here:

September 22, 2021 13:31

quick update, but shortly before closing the ticket, i reinstalled clamav via whm plugin manager, and left it alone, and today i realized i didn't receive any new mail notification about the failed updates (i would get one every 24hrs when the auto update failed), so i went into whm terminal and ran the freshclam command again, and to my surprise it actually ran without any errors

[root@xxx ~]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Wed Sep 22 09:18:35 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Downloading daily-26300.cdiff [100%]
daily.cld updated (version: 26300, sigs: 1935161, f-level: 90, builder: raynman)
bytecode.cld is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Database updated (8582680 signatures) from database.clamav.net (IP: 104.16.218.84)

so yeah, pretty weird, a simple reinstallation solved the problem (even tho i had done that already before creating this thread) but anyway, i would like to thank @cPJustinD for his help, he was able to identify the problem and replicate it on a test environment, but unfortunately the cause was yet unknown, so he opened the new article @cPRex linked

Clamav error when updating

Comments

Didn't find what you were looking for?