When running clamav-unofficial-sigs.sh (from crontab in my case), the script displays those errors:

host: convert UTF-8 textname to IDN encoding: prohibited character found
host: convert UTF-8 textname to IDN encoding: prohibited character found

The host command is called twiec in the script and its output is parsed with sed.
Apparently this parsing is not enough, and when data is fed back into host, it triggers the error.

I've patched clamav-unofficial-sigs.sh by changing the sed regex from .*\s to .*[ \t] as show in the diff below:

--- /usr/local/bin/clamav-unofficial-sigs.sh	2016-11-06 17:24:31.000000000 +0100
+++ /tmp/clamav-unofficial-sigs-new.sh	2016-11-16 15:28:42.609203000 +0100
@@ -1881,11 +1881,11 @@
         xshok_pretty_echo_and_log "Sanesecurity Database & GPG Signature File Updates" "="
         xshok_pretty_echo_and_log "Checking for Sanesecurity updates..."
 
-        sanesecurity_mirror_ips=$(host "$sanesecurity_url" | sed 's/.*\s//')
+        sanesecurity_mirror_ips=$(host "$sanesecurity_url" | sed 's/.*[ \t]//')
 
         if [ "$(xshok_array_count  "$sanesecurity_mirror_ips")" -ge "1" ] ; then
           for sanesecurity_mirror_ip in $sanesecurity_mirror_ips ; do
-            sanesecurity_mirror_name=$(host "$sanesecurity_mirror_ip" | sed 's/.*\s//' | sed 's/\.$//')
+            sanesecurity_mirror_name=$(host "$sanesecurity_mirror_ip" | sed 's/.*[ \t]//' | sed 's/\.$//')
             sanesecurity_mirror_site_info="$sanesecurity_mirror_name $sanesecurity_mirror_ip"
             xshok_pretty_echo_and_log "Sanesecurity mirror site used: $sanesecurity_mirror_site_info"
             $rsync_bin $rsync_output_level $no_motd --files-from="$sanesecurity_include_dbs" -ctuz $connect_timeout --timeout="$rsync_max_time" "rsync://$sanesecurity_mirror_ip/sanesecurity" "$work_dir_sanesecurity" 2>/dev/null


That's enough to fix the problem.