Clamav error when updating

[mmaciel]

hi

i'm receiving email notifications saying the auto update for clamav failed

Cron <[email protected]> /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

ERROR: getpatch: Can't download daily-26099.cdiff from database.clamav.net

if i try to manually update, i get the following output:

[[email protected] bin]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Fri Sep 17 08:30:10 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.

verbose:

[[email protected] bin]# /usr/local/cpanel/3rdparty/bin/freshclam --verbose
Current working dir is /usr/local/cpanel/3rdparty/share/clamav
ClamAV update process started at Fri Sep 17 08:40:11 2021
Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net
TTL: 1800
Software version from DNS: 0.103.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 62
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cvd version from DNS: 26297
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
Querying current.cvd.clamav.net
TTL: 1800
Software version from DNS: 0.103.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 62
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cvd version from DNS: 26297
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: Can't download daily.cvd from database.clamav.net
Trying again in 5 secs...
Querying current.cvd.clamav.net
TTL: 1789
Software version from DNS: 0.103.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 62
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cvd version from DNS: 26297
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
WARNING: getpatch: Can't download daily-26099.cdiff from database.clamav.net
Retrieving http://database.clamav.net/daily-26099.cdiff
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
ERROR: getpatch: Can't download daily-26099.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 104.16.219.84 (due to previous errors)
Ignoring mirror 104.16.218.84 (due to previous errors)
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.

clamscan

[[email protected] bin]# /usr/local/cpanel/3rdparty/bin/clamscan
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
/usr/local/cpanel/3rdparty/bin/perl: Symbolic link
/usr/local/cpanel/3rdparty/bin/perl532: Symbolic link
/usr/local/cpanel/3rdparty/bin/pg_test_fsync: OK
/usr/local/cpanel/3rdparty/bin/my_print_defaults: OK
/usr/local/cpanel/3rdparty/bin/mysql: OK
/usr/local/cpanel/3rdparty/bin/pg_restore: OK
/usr/local/cpanel/3rdparty/bin/mysql_config: OK
/usr/local/cpanel/3rdparty/bin/pg_test_timing: OK
/usr/local/cpanel/3rdparty/bin/mysql_config_editor: OK
/usr/local/cpanel/3rdparty/bin/psql: OK
/usr/local/cpanel/3rdparty/bin/mysql_find_rows: OK
/usr/local/cpanel/3rdparty/bin/clamdscan: OK
/usr/local/cpanel/3rdparty/bin/mysql_waitpid: OK
/usr/local/cpanel/3rdparty/bin/mysqlaccess: OK
/usr/local/cpanel/3rdparty/bin/mysqladmin: OK
/usr/local/cpanel/3rdparty/bin/mysqlbinlog: OK
/usr/local/cpanel/3rdparty/bin/mysqlcheck: OK
/usr/local/cpanel/3rdparty/bin/mysqldump: OK
/usr/local/cpanel/3rdparty/bin/mysqlimport: OK
/usr/local/cpanel/3rdparty/bin/mysqlshow: OK
/usr/local/cpanel/3rdparty/bin/sqlite3: OK
/usr/local/cpanel/3rdparty/bin/pear: Symbolic link
/usr/local/cpanel/3rdparty/bin/php: Symbolic link
/usr/local/cpanel/3rdparty/bin/clamav-config: OK
/usr/local/cpanel/3rdparty/bin/clamav_setupcrontab: OK
/usr/local/cpanel/3rdparty/bin/php73: Symbolic link
/usr/local/cpanel/3rdparty/bin/clamconf: OK
/usr/local/cpanel/3rdparty/bin/gitk: OK
/usr/local/cpanel/3rdparty/bin/dropuser: OK
/usr/local/cpanel/3rdparty/bin/pg_basebackup: OK
/usr/local/cpanel/3rdparty/bin/clamd: OK
/usr/local/cpanel/3rdparty/bin/pg_receivexlog: OK
/usr/local/cpanel/3rdparty/bin/git: OK
/usr/local/cpanel/3rdparty/bin/git-receive-pack: OK
/usr/local/cpanel/3rdparty/bin/git-upload-archive: OK
/usr/local/cpanel/3rdparty/bin/git-upload-pack: OK
/usr/local/cpanel/3rdparty/bin/clamdtop: OK
/usr/local/cpanel/3rdparty/bin/git-cvsserver: OK
/usr/local/cpanel/3rdparty/bin/git-shell: OK
/usr/local/cpanel/3rdparty/bin/re2c: OK
/usr/local/cpanel/3rdparty/bin/spf_example: OK
/usr/local/cpanel/3rdparty/bin/clamscan: OK
/usr/local/cpanel/3rdparty/bin/spf_example_static: OK
/usr/local/cpanel/3rdparty/bin/spfd: OK
/usr/local/cpanel/3rdparty/bin/spfd_static: OK
/usr/local/cpanel/3rdparty/bin/spfquery: OK
/usr/local/cpanel/3rdparty/bin/spfquery_static: OK
/usr/local/cpanel/3rdparty/bin/spftest: OK
/usr/local/cpanel/3rdparty/bin/freshclam: OK
/usr/local/cpanel/3rdparty/bin/spftest_static: OK
/usr/local/cpanel/3rdparty/bin/srs: OK
/usr/local/cpanel/3rdparty/bin/spamc: Symbolic link
/usr/local/cpanel/3rdparty/bin/horde-db-migrate: Symbolic link
/usr/local/cpanel/3rdparty/bin/phar: Symbolic link
/usr/local/cpanel/3rdparty/bin/php-config: Symbolic link
/usr/local/cpanel/3rdparty/bin/phpize: Symbolic link
/usr/local/cpanel/3rdparty/bin/sa-update: Symbolic link
/usr/local/cpanel/3rdparty/bin/sa-learn: Symbolic link
/usr/local/cpanel/3rdparty/bin/php-cgi: Symbolic link
/usr/local/cpanel/3rdparty/bin/ingo-convert-prefs-to-sql: Symbolic link
/usr/local/cpanel/3rdparty/bin/pecl: Symbolic link
/usr/local/cpanel/3rdparty/bin/spamd: Symbolic link
/usr/local/cpanel/3rdparty/bin/sa-compile: Symbolic link
/usr/local/cpanel/3rdparty/bin/spamassassin: Symbolic link
/usr/local/cpanel/3rdparty/bin/mysqldiff: Symbolic link
/usr/local/cpanel/3rdparty/bin/peardev: Symbolic link
/usr/local/cpanel/3rdparty/bin/pigz: OK
/usr/local/cpanel/3rdparty/bin/unpigz: OK
/usr/local/cpanel/3rdparty/bin/webalizer: Symbolic link
/usr/local/cpanel/3rdparty/bin/webazolver: Symbolic link
/usr/local/cpanel/3rdparty/bin/analog: OK
/usr/local/cpanel/3rdparty/bin/analog.cfg: OK
/usr/local/cpanel/3rdparty/bin/clusterdb: OK
/usr/local/cpanel/3rdparty/bin/createdb: OK
/usr/local/cpanel/3rdparty/bin/createlang: OK
/usr/local/cpanel/3rdparty/bin/createuser: OK
/usr/local/cpanel/3rdparty/bin/dropdb: OK
/usr/local/cpanel/3rdparty/bin/droplang: OK
/usr/local/cpanel/3rdparty/bin/pg_dump: OK
/usr/local/cpanel/3rdparty/bin/pg_dumpall: OK
/usr/local/cpanel/3rdparty/bin/reindexdb: OK
/usr/local/cpanel/3rdparty/bin/vacuumdb: OK
/usr/local/cpanel/3rdparty/bin/puttygen: OK
/usr/local/cpanel/3rdparty/bin/awredir.pl: OK
/usr/local/cpanel/3rdparty/bin/awstats.pl: OK
/usr/local/cpanel/3rdparty/bin/sigtool: OK
/usr/local/cpanel/3rdparty/bin/logresolvemerge.pl: OK
/usr/local/cpanel/3rdparty/bin/perlcc: Symbolic link
/usr/local/cpanel/3rdparty/bin/python: Symbolic link
/usr/local/cpanel/3rdparty/bin/smartctl: Symbolic link
/usr/local/cpanel/3rdparty/bin/ldns-config: OK
/usr/local/cpanel/3rdparty/bin/xdelta3: OK
/usr/local/cpanel/3rdparty/bin/clambc: OK

----------- SCAN SUMMARY -----------
Known viruses: 10589798
Engine version: 0.101.5
Scanned directories: 1
Scanned files: 68
Infected files: 0
Data scanned: 52.88 MB
Data read: 58.06 MB (ratio 0.91:1)
Time: 20.778 sec (0 m 20 s)

any ideas why it can't connect to database.clamav.net? is there another mirror i can change to? the server is a vps

this post from cPWilliamL suggest another mirror (DatabaseMirror db.us.rr.clamav.net), and it worked for that person, but it's from 2018, not sure if it's still in use

appreciate any help, thanks

 

[cPJustinD]

Hey there! Are you able to reach database.clamav.net from your server using curl? You can verify with the following commands:

curl -sIL database.clamav.net
curl -sIL https://database.clamav.net

 

[mmaciel]

Hey there! Are you able to reach database.clamav.net from your server using curl? You can verify with the following commands:

curl -sIL database.clamav.net
curl -sIL https://database.clamav.net

hey @cPJustinD

yeah, apparently it reaches

[[email protected] ~]# curl -sIL database.clamav.net
HTTP/1.1 200 OK
Date: Fri, 17 Sep 2021 13:21:10 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Tue, 13 Aug 2019 14:20:59 GMT
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 6902a2da5f9d7fe4-SAN

[[email protected] ~]#  curl -sIL https://database.clamav.net
HTTP/1.1 200 OK
Date: Fri, 17 Sep 2021 13:21:24 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Tue, 13 Aug 2019 14:20:59 GMT
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 6902a32e1a147fea-SAN

 

[cPJustinD]

Interesting. I was expecting a timeout since the destination couldn't be reached per the original log entries you provided.

Do you see any issues using telnet to connect to the database?

telnet database.clamav.net 80

 

[mmaciel]

Interesting. I was expecting a timeout since the destination couldn't be reached per the original log entries you provided.

Do you see any issues using telnet to connect to the database?

telnet database.clamav.net 80

yeah, weird

it also connects via telnet

[[email protected] ~]# telnet database.clamav.net 80
Trying 104.16.219.84...
Connected to database.clamav.net.
Escape character is '^]'.

 

[cPJustinD]

Thank you for that confirmation. I think it would be best to open a support ticket so that our analysts can review the issue more thoroughly and determine what exactly is occurring.

You can submit a support request using the "Submit a ticket" link in my signature below. Please be sure to link this thread when opening the ticket and provide the ticket number here so that we can track the issue appropriately. If possible, please post the resolution on this thread as it may help other community members with similar issues.

 

[mmaciel]

will do, thanks @cPJustinD

edit: another thing @cPJustinD, not related to my problem, but the link in your sig doesn't work... not sure if its a problem on my end, but i tried with different browsers and two different internet providers and it wont open, keeps reloading a page, sometimes it redirects to cPanel

would this be the right place to open a ticket?

 

[cPJustinD]

That link brings me to my own account portal, so that should be correct. For reference, the ticket submission process can also be found here:

How To Open a Technical Support Ticket

 

[mmaciel]

alright, thanks

ticket id #94363922

 

[cPJustinD]

Thanks mmaciel! I'll be following the ticket on my end as well.

 

[cPJustinD]

I successfully connected to the server via your ticket, and I believe I've identified the issue. I think the problem may be related to IPv6 connections on your server.

I've sent a reply to the ticket that may contain sensitive information about your server, so please review my response, and we can continue to discuss the issue in the ticket. I'll be sure to post the official resolution here once you can confirm the issue is resolved.

 

[cPRex]

We have some more details about this issue in the article here: https://support.cpanel.net/hc/en-us...to-update-via-Freshclam-due-to-rate-limiting-

 

[mmaciel]

quick update, but shortly before closing the ticket, i reinstalled clamav via whm plugin manager, and left it alone, and today i realized i didn't receive any new mail notification about the failed updates (i would get one every 24hrs when the auto update failed), so i went into whm terminal and ran the freshclam command again, and to my surprise it actually ran without any errors

[[email protected] ~]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Wed Sep 22 09:18:35 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Downloading daily-26300.cdiff [100%]
daily.cld updated (version: 26300, sigs: 1935161, f-level: 90, builder: raynman)
bytecode.cld is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Database updated (8582680 signatures) from database.clamav.net (IP: 104.16.218.84)

so yeah, pretty weird, a simple reinstallation solved the problem (even tho i had done that already before creating this thread)

but anyway, i would like to thank @cPJustinD for his help, he was able to identify the problem and replicate it on a test environment, but unfortunately the cause was yet unknown, so he opened the new article @cPRex linked