I'm on Debian 10 Testing, and clamav (app and sigs) updated today, no problem. I hope yours does soon!
I just saw your latest post, so I checked mine again in Debian 10 Testing. I'm using the clamav GUI (ClamTK) to download the sigs on a schedule and then run the scan. It updated fine just a few miutes ago according to the log, and running the scan now. The log is here on my PC: /var/log/clamav/freshclam.log I have no clue why yours isn't updating. I did a quick search online but found no reports of recent issues with clamav. I DO know the program (not just the sig update) was updated via apt just the other day on my PC.
I hope the new version fixed your problem! Debian was slow to send the clamav program update, too, but I wasn't too concerned about it. I don't usually pay much attention to clamav. When I install it I just set it to update & scan every file on my PC automatically every night. If it misses a sig update I don't fret about it. The only scan warning I ever get is for PUPs in a couple of reliable old Win utility programs I've had for years and only occasionally use, but I only download exe's in WIn 7 running inside VirtualBox under Linux, so if Win 7 eats a bad download or otherwise gets corrupted I can easily wipe & re-install it from a clean backup. I've never seen any warnings about any of my Linux files! I hope that means it really does check for known Linux baddies and my PC really is clean. So far I've had no reason to believe otherwise, but I'm careful online with a few pretty well locked-down, dedicated-use browsers. I consider clamav as a good safety net for Win users if I need to transfer files to a Win PC. I hope all is well for you now!
Sure. My clamav is 0.102.1++dfsg and clamTK is 6.02 according to Synaptic. So if the latest clamav is 0.102.2 then I don't have it yet. Debian is rock-stable even in Testing, and security updates come right away, but it's not always lightning-fast to offer the latest app updates. If I really need an app update right away I get it from the dev's site. Most of the time I don't need the very latest, except for browser security updates. My current sigs version is 25720 as of Tue Feb 11 08:40:54 2020 when I requested an update manually. That's the same version as last night. According to the log my sigs are updating on schedule and also when I update manually, since the log records the dates & times & sig version for each update request. It also sometimes records failure to download sigs, but I attribute that to slow internet access. Living in the sticks has many rewards, but cell towers & high-speed internet aren't among them, and satellite is outside my budget! If no NEW sigs are offered on a given day then the version recorded in the log won't change, but that's not the same as failure to download. I often turn off my PCs overnight or even for several days if I'm away or need a digital break, so of course sigs can't update those nights. That doesn't worry me at all. For years the only warning clamav has reported on any of my Linux machines is a PUA for the same portable app (Rufus) I occasionally run in Win 7 under VirtualBox in Linux. If I dual-booted Win (any) and took it online I'd run a lot more than just clamav! I hope your clamav is updating again!