# Freshclam: Can't query current.cvd.clamav.net

## rev138

```
Received signal: wake up

ClamAV update process started at Tue Apr 11 10:27:57 2006

ERROR: Can't query current.cvd.clamav.net

WARNING: Invalid DNS reply. Falling back to HTTP mode.
```

If I try typing "host -t txt current.cvd.clamav.net", as ClamAV's site suggests, it returns nothing. However, if I instead type "host -a current.cvd.clamav.net" I do get a valid response, and THEN "host -t txt ..." works properly, for a short while. This also seems to enable freshclam to properly resovle current.cvd.clamav.net temporarily. By the time it tries to update again, it has the same error.

This is extrememly odd. Any thoughts?

TIA

----------

## rev138

Anyone?

----------

## nayan

Type the DNS nameserver in your /etc/resolv.conf file as follows.

```

nameserver 111.222.333.4

domain vraja

```

where 111.222.333.4 is the IP address of the DNS nameserver provided by your ISP.

----------

## rev138

Thanks, but I'm not having generalized DNS issues. This is a problem specific to freshclam.

----------

## think4urs11

ask your DNS server admin (your ISP?) - seems to be either broken, 'oversecured' and/or misconfigured.

as a workaround maybe a local installation of dnsmasq is helpful

----------

## VinzC

I've had that problem too. I think this is due to a bug in /etc/init.d/clamav. When the latter launches freshclam there is no argument that tells freshclam to use /etc/freshclam.conf. So I worked around the problem by running freshclam --quiet -d --config-file=/etc/freshclam.conf in /etc/conf.d/local.start instead.

----------

## Robert S

That hasn't fixed it for me.  I still get  *Quote:*   

> ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

 

I have this problem on my amd64 and my x86 gentoo boxes, but NOT on a debian 3.1 box.  I therefore think that this is a gentoo problem.  My question on the clamav list http://lurker.clamav.net/message/20060817.215501.215f9df7.en.html has gone unanswered which also suggests this.

I tried installing it direct from source and had the same problem.

Any ideas out there?

----------

## VinzC

If you're on a LAN, mybe you could configure an intermediate machine to download the virus database and use the latter with freshclam instead of an extrenal server. You could also ping each of the servers implied in the virus database refresh process. But I guess you've already done that?

----------

## Robert S

This is weird.

My debian machine (at a different location):

 *Quote:*   

> $ ping database.clamav.net
> 
> PING db.au.clamav.net (61.8.0.16): 56 data bytes
> 
> 64 bytes from 61.8.0.16: icmp_seq=0 ttl=58 time=65.3 ms
> ...

 

My gentoo machine:

 *Quote:*   

> $ ping database.clamav.net
> 
> PING db.au.clamav.net (61.8.0.16) 56(84) bytes of data.
> 
> --- db.au.clamav.net ping statistics ---
> ...

 

My networking is otherwise working fine on my gentoo machine.  I can also point my web browser to http://db.au.clamav.net and get to the clamav mirror.

Could somebody kindly explain?

----------

## VinzC

This clearly suggests you have a routing problem on your Gentoo box...

EDIT: ... or IP conflict/subnet mismatch. Can you ping any machine in your LAN from Gentoo?

----------

## Robert S

I've had this setup for many months.  Strange that its just started misbehaving recently:

 *Quote:*   

> 
> 
> # route
> 
> Kernel IP routing table
> ...

 

----------

## VinzC

Weird indeed. I trid pinging the same clamav site than yours:

```
$ ping db.au.clamav.net

PING db.au.clamav.net (61.8.0.16) 56(84) bytes of data.

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=1 ttl=53 time=357 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=2 ttl=53 time=361 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=3 ttl=53 time=361 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=4 ttl=53 time=398 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=5 ttl=53 time=361 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=6 ttl=53 time=373 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=7 ttl=53 time=358 ms

64 bytes from virtuals.mirror.pacific.net.au (61.8.0.16): icmp_seq=8 ttl=53 time=363 ms

--- db.au.clamav.net ping statistics ---

8 packets transmitted, 8 received, 0% packet loss, time 7249ms

rtt min/avg/max/mdev = 357.745/367.043/398.448/12.689 ms
```

I suppose your Gentoo box can reach the Internet as you've installed packages?

EDIT: Are both your Debian and Gentoo machines on the same LAN? If yes, I suppose your LAN machines are source NAT'ed/MASQUERADEd?

----------

## Robert S

My gentoo and debian boxes are on separate networks.

The remainder of my networking works fine - as far as I can see.

I can't ping these sites from other machines on the same network as my gentoo box - windows or linux.

I'm able to connect to this site using "ftp mirror.clamavn.net.au" - I get prompted for a password.

----------

## Robert S

I've just discovered that my ISP blocks pings.  Could this explain why freshclam isn't working?  Apparently my ISP can allow pings on request.

----------

## VinzC

 *Robert S wrote:*   

> I've just discovered that my ISP blocks pings.  Could this explain why freshclam isn't working?

 

This is something you should check with clamav developers, I think for I have no idea. But I would rather believe, as clamav FAQ says, this can be due to some ISP not allowing specific DNS requests to be made. What are the results of the following command:

```
host -t txt current.cvd.clamav.net
```

----------

## Robert S

I'll get my ISP to allow pings.  Apparently they'll do it on request.

 *Quote:*   

> $ host -t txt current.cvd.clamav.net
> 
> current.cvd.clamav.net descriptive text "0.88.4:40:1699:1156160916:1"

 HTHLast edited by Robert S on Tue Aug 22, 2006 5:44 am; edited 1 time in total

----------

## VinzC

If you got a response, nothing should *theoretically* prevent freshclam from downloading the virus database. But I haven't read doc and FAQs thoroughly. Let's see if blocking ping requests was the problem...

----------

## Robert S

I've finally fixed it - by enabling CONFIG_SECURITY_CAPABILITIES in my kernel and using the US mirror (I tried a lot of other mirrors without success).  Because I did both things at the same time I don't know which one fixed it.

See http://lurker.clamav.net/thread/20060822.100350.3f5a8576.en.html for gory details.

----------

## Robert S

For the last word on this see http://lurker.clamav.net/message/20060822.195247.666e9e7e.en.html

----------

## skogs

I also experience this problem, but only lately.  Same timeframe you suggest.  

A bit irritating, as nothing has changed for over a month...except that now I am getting this error message and my freshclam is no worky.  

Workarounds do exist, and it is not a dns problem...but there really shouldn't need to be a workaround I don't believe.  Something got mis-engineered.

----------

## Robert S

Mine's been working OK for some time now - since I switched over to the US mirror.  I've now switched back to the .au one with no problems.

----------

## mimosinnet

I am having the same problem, and I am behind a Linksys router. I have been following this thread, and I do have much idea of what should I do next. Also, I am unable to access http://www.clamav.net/.  I have tried:

 *Quote:*   

> # ping www.clamav.net
> 
> ping: unknown host www.clamav.net

 

 *Quote:*   

> # host -t txt current.cvd.clamav.net
> 
> current.cvd.clamav.net has no TXT record

 

 *Quote:*   

> # ping database.clamav.net
> 
> PING db.eu.rr.clamav.net (195.214.240.53) 56(84) bytes of data.
> 
> 64 bytes from 195.214.240.53: icmp_seq=1 ttl=53 time=35.9 ms
> ...

 

 *Quote:*   

> # ping db.au.clamav.net
> 
> ping: unknown host db.au.clamav.net

 

----------

## mimosinnet

I have solved the issue. I had the wrong configuration in /etc/resolv.conf and, despite I was able to access the net, I had this weird behaviour. I am able now to access www.clamav.net, and:

 *Quote:*   

> #  host -t txt current.cvd.clamav.net
> 
> current.cvd.clamav.net descriptive text "0.90.2:43:3270:1179584941:1"

 

This tread has been very helpful at identifying I had a network problem. Thanks!

----------

