ClamAV's Unknown response from remote server email

Hello i started receiving notifications a few days ago from one of my servers, via e-mail:

Subject
Cron <root@ns1> /usr/share/clamav/freshclam-sleep
And the body
ERROR: getfile: Unknown response from remote server (IP: 87.110.220.5)
ERROR: getpatch: Can’t download daily-9342.cdiff from database.clamav.net
ERROR: getfile: Unknown response from remote server (IP: 87.110.220.5)
ERROR: Can’t download daily.cvd from database.clamav.net

What is this about and why the hell is that IP keep appearing, is it legitimate? And it seems that is nothing wrong, and the logs are clean. What other info should I offer?

Thanks - i’m starting to panic :slight_smile: any help would be greatly appreciated

ClamAV is a very chattery service. Stupidly chattery, one might say.

Basically, the mirror that your system is trying to use to download the daily ClamAV update is failing to respond appropriately, and so the download is failing.

Should you panic? No. Is it something you need to do something about? Maybe. I usually ignore the first five or six times ClamAV chatters on about something, because I know it’s just a chatty Cathy and is trying to waste my time with nonsense. So, if it persists, and happens every day, for a few days, you’ll probably want to dig in a bit and see if you can’t get the issue resolved.

I don’t have any ideas on how to resolve it. The ClamAV mirror system ought not be directing you to a bum server. I guess one way to resolve it would be to explicitly configure a download server by name rather than using the mirror system. (If you’re in the US, you could use something like db.us.rr.clamav.net. There are dozens of mirrors worldwide, and database.clamav.net is a magic DNS entry that tries to resolve to the best one for your location.)

Thanks for the lightning fast response. Got it, though I never saw in years such an e-mail, and it is given only by one server.

I don’t know, maybe because I’m using on all the others MailScanner and there are some differences… those are pretty silent.

So I’ll go for a beer :wink: Virtualmin is in charge. C ya there!

I don't know, maybe because I'm using on all the others MailScanner and there are some differences... those are pretty silent.

How it’s called doesn’t matter. ClamAV is just noisy.