After successfully using ClamWin for about a year now with no problems (save the AVI false positive issue a long time ago ) now after upgrading to 0.88.1, updates via the interface are no longer working as expected. Running Win98SE + .NET.

I took note of the changes in DLLs, et cetra and thinking this may solve the problem, uninstalled and reinstalled, but alas, no luck. At first, before the uninstall/reinstall it was giving error message similar to this: https://forums.clamwin.com/viewtopic.php?t=99 , but after it is just sitting there with no error message at all, and is not attempting to make a connection (per TCPView). Firewall is fully permitted (ZA 2.6). I have examined the .conf files and all appears normal.

I have searched locally, this forum and the ClamAV site and not found a satisfactory answer: i'm stumped. All else is working as it should (scanning, et cetra) -- its the update that is not. For now, I am xferring the sigs manually from the ClamAV site. I waited a couple of days to see if anyone else was having problems... Suggestions?

try turning your firewall off and updating again to eliminate firewall blocking

I have the same exact problem with win 98se.
It is not intermintant...100% reproducable each time.

I have the problem with all my win98se machines,
some with software firewalls, some without.

Earlier versions of winclam always worked 100% ok.

I have pinged and web browsed to the ip addresses
that I get the error on. Both pings and Mozilla browsing
worked 100%...so not a firewall or network issue.

I have also downloaded the daily updates from these
sites (since the auto update not working!).

Here is a sample:

------- cut ---------

freshclam daemon 0.88.1 (OS: win32, ARCH: x86, CPU: i686)
ClamAV update process started at Fri Apr 07 19:10:29 2006
ERROR: DNS Resolver: gethostbyname() for dns failed
WARNING: Invalid DNS reply. Falling back to HTTP mode.
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 209.8.40.140: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Fri Apr 07 19:10:29 2006
ERROR: DNS Resolver: gethostbyname() for dns failed
WARNING: Invalid DNS reply. Falling back to HTTP mode.
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 209.8.40.140: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Fri Apr 07 19:10:29 2006
ERROR: DNS Resolver: gethostbyname() for dns failed
WARNING: Invalid DNS reply. Falling back to HTTP mode.
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 209.8.40.140: Host not found
ERROR: No servers could be reached. Giving up
Giving up on database.clamav.net...
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

---------- cut ------------


Oddly enough the "Trying again in 5 secs..." does not work either,
it instantly trys again, so all the above error messages occured
instantly.

If you need any other diagnostic info please ask...

I do not think it has anything with the network.

Thanksyou and Regards,

are you ssure that the firewall is not blocking an updated freshclam.exe?

I have run on machines with no software firewalls,
My hardware firewall tracks every blocked outbound
attempt. I have specifically cleared the logs, then run
the clamav update process (that failed), and then
re-examined the logs. No entries of blocked outbound
attempts were logged.

No changes have been made to any software or hardware
firewalls in quite a number of months. So only clamav was
upgraded from 88 to 88.1. I also tested the older 88 on one
machine and update worked fine at the exact same time
another machine with 88.1 was getting the update error.

do you use a proxy server in clamwin config and/or on your netrwork?

No Proxy - nothing extra except for a hardware firewall.

No trouble with .88 or any previous clamav.
Firewall reports any blocked traffic inbound or outbound.
No blocked traffic incidents during clamav virus update.

My guesses are as follows (I am NOT an expert at all):

Perhaps using a win32 api that is in XP but not win98se.
(Microsoft is known to have added or changed some functions
between win98 and the NT/2000/XP series).
Perhaps it is something simple like an extra character (space) in
an IP address, or perhaps attempting to lookup an IP address
after it is already been translated to an ip format (nnn.nnn.nn.n)?

the thing is that I tested it with windows98 Second Edition before releasing and just now - database download worked fine.

Here are some ideas, not sure if they are right or good.

There a a few versions of WIN98SE out there, perhaps 3 or
4 versions see this links:

https://www.techweb.com/winmag/columns/insider/1999/080499.htm

The responses from a DNS server seem to vary. I have seen this,
some are more forgiving of formating, some less. I do not have
a good example, but I have noticed difference responses from
clamwin updates before, specifically:

With Clamwin .88 and earlier, on some networks (router/DNS/ISP's) I always
get the following message during update:

"Falling back to HTTP mode. "

On other networks (router/DNS/ISP's) , I never see this message.

Perhaps this difference (in 88.1) now has fatal consequences.

In my case, ClamWin 0.88 always works on the win98se os and network
combination, and 0.88.1 does not.

If you look at the source did the DNS source or related network interfacing
change at all between the versions. Does one use the cygwin POSIX equavalents
and one use the Win32 native API calls?

Could you make a specific version of ClamWin that print the error codes
returned during these messages:

ERROR: DNS Resolver: gethostbyname() for dns failed
WARNING: Invalid DNS reply. Falling back to HTTP mode.
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 209.8.40.140: Host not found
ERROR: No servers could be reached. Giving up

Also is it odd that the main.cvd shows that it is ok? Does this not mean
it was able to contact the update servers online in some way?

I am willing to help test any solutiuons.

try different database servers,
db.local.clamav.net
db.xx.clamav.net (xx is a country code)
then try entering IP addresses directly

EDIT: what is 209.8.40.140? this is not a database server.

Have tried a few host names and clam database IP's
In all cases update did not work.

Ping to the host name or ip's always works.
(I notice each ping to db.us2.clamav.net
comes up with a new IP [ I guess this is
round robin working on purpose ])

In this report you will notice that the IP address of db.us2.clamav.net
keeps changing. This implies that the DNS lookup is working fine,
with round robin working fine, but then there is some strange trouble.
Notice main.cvd cheks out as up to date, but daily is an issue.


---- cut ----

ClamAV update process started at Wed Apr 12 06:15:26 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Can't connect to port 80 of host db.us2.clamav.net (IP: 209.200.146.2)
Trying host db.us2.clamav.net (64.18.103.6)...
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 64.18.103.6: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Wed Apr 12 06:16:11 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Can't connect to port 80 of host db.us2.clamav.net (IP: 209.200.146.2)
Trying host db.us2.clamav.net (64.18.103.6)...
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 64.18.103.6: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Wed Apr 12 06:16:57 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
ERROR: Can't get information about 209.59.139.38: Host not found
ERROR: No servers could be reached. Giving up
Giving up on db.us2.clamav.net...
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

-------------------
Completed
-------------------

---- cut ----

from what I can see freshclam.exe cannot access the internet. I don't think I will be able to determine why. I suggest you use ethereal packet logger and see what is going on:
https://www.ethereal.com/download.html

I got this IP (209.59.139.38) from a ping to db.local.clamav.net
I tested with mozilla and it is a valid mirror, I then put it
into the clamwin config. Here is the response:

---- cut -------
ClamAV update process started at Wed Apr 12 06:36:10 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
ERROR: Can't get information about 209.59.139.38: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Wed Apr 12 06:36:10 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
ERROR: Can't get information about 209.59.139.38: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Wed Apr 12 06:36:10 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
ERROR: Can't get information about 209.59.139.38: Host not found
ERROR: No servers could be reached. Giving up
Giving up on 209.59.139.38...
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

-------------------
Completed
-------------------

I am sure this issue is not related to Windows 98 and clamwin 0.88.1
Please use Ethereal to examine network packets.

Got freshclam to work ok in command mode
Here is the run:

-------cut----------

C:\Program Files\ClamWin\bin>freshclam
ClamAV update process started at Wed Apr 12 07:05:08 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Downloading main.cvd [*]
main.cvd updated (version: 37, sigs: 46700, f-level: 7, builder: ccordes)
Downloading daily.cvd [*]
daily.cvd updated (version: 1393, sigs: 3875, f-level: 7, builder: arnaud)
Database updated (50575 signatures) from db.local.clamav.net (IP: 65.110.48.11)

C:\Program Files\ClamWin\bin>type clamd.conf
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

C:\Program Files\ClamWin\bin>

---- cut -----

Still trouble with the GUI:

---- cut -----
ClamAV update process started at Wed Apr 12 07:11:12 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
ERROR: Can't get information about 65.110.48.11: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Wed Apr 12 07:11:12 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
ERROR: Can't get information about 65.110.48.11: Host not found
ERROR: No servers could be reached. Giving up
Trying again in 5 secs...
ClamAV update process started at Wed Apr 12 07:11:12 2006
WARNING: Invalid DNS reply. Falling back to HTTP mode.
ERROR: Can't get information about 65.110.48.11: Host not found
ERROR: No servers could be reached. Giving up
Giving up on 65.110.48.11...
ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

---- cut ----