1freshclam.conf(5) Clam AntiVirus freshclam.conf(5)
2
6 freshclam.conf - Configuration file for Clam AntiVirus database update
7 tool
8
10 The file freshclam.conf configures the Clam AntiVirus Database Updater,
11 freshclam(1).
12
14 The file consists of comments and options with arguments. Each line
15 which starts with a hash (#) symbol is ignored by the parser. Options
16 and arguments are case sensitive and of the form Option Argument. The
17 arguments are of the following types:
18 BOOL Boolean value (yes/no or true/false or 1/0).
20 STRING String without blank characters.
22 SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes
24 and 'K' or 'k' for kilobytes.
25 NUMBER Unsigned integer.
27
29 When an option is not used (hashed or doesn't exist in the configura‐
30 tion file) freshclam takes a default action.
31 Example
33 If this option is set freshclam will not run.
34 LogFileMaxSize SIZE
36 Limit the size of the log file. The logger will be automatically
37 disabled if the file is greater than SIZE. Value of 0 disables
38 the limit.
39 Default: 1M
40 LogTime BOOL
42 Log time with each message.
43 Default: no
44 LogSyslog BOOL
46 Enable logging to Syslog. May be used in combination with
47 UpdateLogFile.
48 Default: disabled.
49 LogFacility STRING
51 Specify the type of syslog messages - please refer to 'man sys‐
52 log' for facility names.
53 Default: LOG_LOCAL6
54 LogVerbose BOOL
56 Enable verbose logging.
57 Default: disabled
58 LogRotate BOOL
60 Rotate log file. Requires LogFileMaxSize option set prior to
61 this option.
62 Default: no
63 PidFile STRING
65 This option allows you to save the process identifier of the
66 daemon to a file specified in the argument.
67 Default: disabled
68 DatabaseDirectory STRING
70 Path to a directory containing database files.
71 Default: /var/lib/clamav
72 Foreground BOOL
74 Don't fork into background.
75 Default: no
76 Debug BOOL
78 Enable debug messages in libclamav.
79 Default: no
80 UpdateLogFile STRING
82 Enable logging to a specified file. Highly recommended.
83 Default: disabled.
84 DatabaseOwner STRING
86 When started by root, drop privileges to a specified user.
87 Default:
88 Checks NUMBER
90 Number of database checks per day.
91 Default: 12
92 DNSDatabaseInfo STRING
94 Use DNS to verify the virus database version. Freshclam uses DNS
95 TXT records to verify the versions of the database and software
96 itself. With this directive you can change the database verifi‐
97 cation domain.
98 WARNING: Please don't change it unless you're configuring fresh‐
99 clam to use your own database verification domain.
100 Default: enabled, pointing to current.cvd.clamav.net
101 DatabaseMirror STRING
103 DatabaseMirror specifies to which mirror(s) freshclam should
104 connect. You should have at least two entries: db.XY.clamav.net
105 (or db.XY.ipv6.clamav.net for IPv6) and database.clamav.net (in
106 this order). Please replace XY with your country code (see
107 https://www.iana.org/domains/root/db). database.clamav.net is a
108 round-robin record which points to our most reliable mirrors.
109 It's used as a fall back in case db.XY.clamav.net is not work‐
110 ing.
111 Default: database.clamav.net
112 PrivateMirror STR
114 This option allows you to easily point freshclam to private mir‐
115 rors. If PrivateMirror is set, freshclam does not attempt to use
116 DNS to determine whether its databases are out-of-date, instead
117 it will use the If-Modified-Since request or directly check the
118 headers of the remote database files. For each database, fresh‐
119 clam first attempts to download the CLD file. If that fails, it
120 tries to download the CVD file. This option overrides
121 DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be
122 used multiple times to provide fall-back mirrors.
123 Default: disabled
124 MaxAttempts NUMBER
126 How many attempts (per mirror) to make before giving up.
127 Default: 3 (per mirror)
128 ScriptedUpdates BOOL
130 With this option you can control scripted updates. It's highly
131 recommended to keep it enabled.
132 Default: yes
133 TestDatabases BOOL
135 With this option enabled, freshclam will attempt to load new
136 databases into memory to make sure they are properly handled by
137 libclamav before replacing the old ones.
138 Default: enabled
139 CompressLocalDatabase BOOL
141 By default freshclam will keep the local databases (.cld) uncom‐
142 pressed to make their handling faster. With this option you can
143 enable the compression; the change will take effect with the
144 next database update.
145 Default: no
146 ExtraDatabase STRING
148 Download an additional 3rd party signature database distributed
149 through the ClamAV mirrors. This option can be used multiple
150 times.
151 Default: disabled
152 DatabaseCustomURL STRING
154 With this option you can provide custom sources (http:// or
155 file://) for database files. This option can be used multiple
156 times.
157 Default: disabled
158 HTTPProxyServer STR, HTTPProxyPort NUMBER
160 Use given proxy server and TCP port for database downloads.
161 HTTPProxyPort defaults to 8080.
162 HTTPProxyUsername STR,HTTPProxyPassword STRING
164 Proxy usage is authenticated through given username and pass‐
165 word.
166 Default: disabled
167 HTTPUserAgent STRING
169 If your servers are behind a firewall/proxy which applies User-
170 Agent filtering, you can use this option to force the use of a
171 different User-Agent header.
172 Default: clamav/version_number
173 NotifyClamd STRING
175 Notify a running clamd(8) to reload its database after a down‐
176 load has occurred. The path for clamd.conf file must be pro‐
177 vided.
178 Default: The default is to not notify clamd. See clamd.conf(5)'s
179 option SelfCheck for how clamd(8) handles database updates in
180 this case.
181 OnUpdateExecute STRING
183 Execute this command after the database has been successfully
184 updated.
185 Default: disabled
186 OnErrorExecute STRING
188 Execute this command after a database update has failed.
189 Default: disabled
190 OnOutdatedExecute STRING
192 Execute this command when freshclam reports outdated version. In
193 the command string %v will be replaced by the new version num‐
194 ber.
195 Default: disabled
196 LocalIPAddress IP
198 Use IP as client address for downloading databases. Useful for
199 multi homed systems.
200 Default: Use OS'es default outgoing IP address.
201 ConnectTimeout NUMBER
203 Timeout in seconds when connecting to database server.
204 Default: 10
205 ReceiveTimeout NUMBER
207 Timeout in seconds when reading from database server.
208 Default: 30
209 SafeBrowsing BOOL
211 This option enables support for Google Safe Browsing. When acti‐
212 vated for the first time, freshclam will download a new database
213 file (safebrowsing.cvd) which will be automatically loaded by
214 clamd and clamscan during the next reload, provided that the
215 heuristic phishing detection is turned on. This database
216 includes information about websites that may be phishing sites
217 or possible sources of malware. When using this option, it's
218 mandatory to run freshclam at least every 30 minutes. Freshclam
219 uses the ClamAV's mirror infrastructure to distribute the data‐
220 base and its updates but all the contents are provided under
221 Google's terms of use. See https://sup‐
222 port.google.com/code/answer/70015 and https://www.cla‐
223 mav.net/documents/safebrowsing for more information.
224 Default: disabled
225 Bytecode BOOL
227 This option enables downloading of bytecode.cvd, which includes
228 additional detection mechanisms and improvements to the ClamAV
229 engine.
230 Default: enabled
231
233 /etc/freshclam.conf
234
236 Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net>,
237 Kevin Lin <klin@sourcefire.com>
238
240 freshclam(1), clamd.conf(5), clamd(8), clamscan(1)
241ClamAV 0.101.2 December 4, 2013 freshclam.conf(5)