iRadio - no streaming since few days

Since a few days my Mu-so (1st generation) and Mu-so Qb can’t stream any of the iRadio channels anymore. All other functions do work. Both are connected via wifi to the network. I did a full reboot of the Mu-so but that did not solve the issue. Today the rebooted MU-so is also not visible in my app anymore after I successfully added it yesterday after the reboot?
I also checked my network firewall and security center and there were alerts that my Mu-so was “attacked” on his IP address by a USA IP address with malware !!
see message below from threat center

ET MALWARE User-Agent (Mozilla/4.0 (compatible))

Date 09/16/2021

Time 08:18:19 AM

Severity High

Type A Network Trojan was Detected


Interface eth1

Source : 3142

Country: USA

Destination : 80

Protocol http


This scares me quite a lot as it looks like my Mu-so equipment is infected by malware and therefore can’t stream or connect to the app. HELP!

I also have a Naim Unity (wired) and that works well, also the iRadio channels.

Paging @tomvamos

Hi @Peter27, sounds really frustrating. Might be tricky to solve here without going through a bunch of steps. Could I ask you to contact Support on and they can contact you and launch in to some diagnostics.

Hi Tom,
Sure, I will do that. The firewall blocked all in and outgoing traffic from my mu-so equipment, so that probably also causes the streaming issues. But I need to be sure no malware has been installed on the equipment before reconnecting.

Hi @Peter27

The firewall has falsely triggered.

The internet radio service uses two servers based in the USA: - (primary server) - (secondary server)

These addresses need to be allowed through the firewall for the system to work. As these are http based services the server does not route back in, but rather the streamer does an http request out to the server and a reply comes back.

Once unblocked, restart the Muso (a long press and hold on the standby button to shut it down, then a short press to start it up).

Best regards

Steve Harris
Software DIrector
Naim Audio Ltd.

Thanks Steve,

These were indeed the 2 IP addresses that were detected by my Unify network firewall and Threat management and identified as High risk as it was recognized/detected as Network Trojan malware.
Any idea how this could have happened since last Friday, as I never had these warning is the past 3 years? And how certain are we that there is indeed no malware being installed via these 2 servers …

Hi Peter27,

The only thing that these servers return back are text xml files based on requests made by the streamer, which eventually have VTuner URL’s in them for stations to play. The server URL’s haven’t changed for years as well.

What is more likely that the firewall software provider did an update on their side and they’re just misrecognising it. Note in their log its under IPS_VALUES_CATEGORY_EMERGING-MALWARE which uses signatures to double guess if something is questionable. Aka - its not a known real virus, or an antivirus engineer has pulled apart, but they have some code that just looks out for likely characteristics. I suspect lots of URL’s in an XML file might of triggered it,



Thanks Steve,

Happy to hear. I just wanted to be sure to avoid any risks on my home network. I have unblocked both IP addresses and all is working well again now :smiley:

Have a great day,


1 Like

Hi, I think I have the same issue with one of my 1st Gen QBs. I recently set up a new wi-fi mesh system and one of my QBs now no longer picks up internet radio. Are you able to help with how I can bypass the fire wall?

Hi Quince,

Make sure your firewall does not block any traffic from: (primary server) (secondary server)

My firewall (Unify) blocked all traffic from both IP addresses as it identified it as very insecure. Not sure why, but after unblocking it all worked well again.

Thanks, I fear I’m not quite as familiar with my firewall settings as you are with yours, will have to poke around to see what I can find. The odd thing is that it works on my other QB.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.