1freshclam.conf(5) Clam AntiVirus freshclam.conf(5)
2
6 freshclam.conf - Configuration file for Clam AntiVirus database update
7 tool
8
10 The file freshclam.conf configures the Clam AntiVirus Database Updater,
11 freshclam(1).
12
14 The file consists of comments and options with arguments. Each line
15 which starts with a hash (#) symbol is ignored by the parser. Options
16 and arguments are case sensitive and of the form Option Argument. The
17 arguments are of the following types:
18 BOOL Boolean value (yes/no or true/false or 1/0).
20 STRING String without blank characters.
22 SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes
24 and 'K' or 'k' for kilobytes.
25 NUMBER Unsigned integer.
27
29 When an option is not used (hashed or doesn't exist in the configura‐
30 tion file) freshclam takes a default action.
31 Example
33 If this option is set freshclam will not run.
34 LogFileMaxSize SIZE
36 Limit the size of the log file. The logger will be automatically
37 disabled if the file is greater than SIZE. Value of 0 disables
38 the limit.
39 Default: 1M
40 LogTime BOOL
42 Log time with each message.
43 Default: no
44 LogSyslog BOOL
46 Enable logging to Syslog. May be used in combination with
47 UpdateLogFile.
48 Default: disabled.
49 LogFacility STRING
51 Specify the type of syslog messages - please refer to 'man sys‐
52 log' for facility names.
53 Default: LOG_LOCAL6
54 LogVerbose BOOL
56 Enable verbose logging.
57 Default: disabled
58 LogRotate BOOL
60 Rotate log file. Requires LogFileMaxSize option set prior to
61 this option.
62 Default: no
63 PidFile STRING
65 This option allows you to save the process identifier of the
66 daemon to a file specified in the argument.
67 Default: disabled
68 DatabaseDirectory STRING
70 Path to a directory containing database files.
71 Default: /var/lib/clamav
72 Foreground BOOL
74 Don't fork into background.
75 Default: no
76 Debug BOOL
78 Enable debug messages in libclamav.
79 Default: no
80 UpdateLogFile STRING
82 Enable logging to a specified file. Highly recommended.
83 Default: disabled.
84 DatabaseOwner STRING
86 When started by root, drop privileges to a specified user.
87 Default:
88 Checks NUMBER
90 Number of database checks per day.
91 Default: 12
92 DNSDatabaseInfo STRING
94 Use DNS to verify the virus database version. Freshclam uses DNS
95 TXT records to verify the versions of the database and software
96 itself. With this directive you can change the database verifi‐
97 cation domain.
98 WARNING: Please don't change it unless you're configuring fresh‐
99 clam to use your own database verification domain.
100 Default: enabled, pointing to current.cvd.clamav.net
101 DatabaseMirror STRING
103 DatabaseMirror specifies to which mirror(s) freshclam should
104 connect. You should have at least one entries: database.cla‐
105 mav.net. Now that CloudFlare is being used as our Content
106 Delivery Network (CDN), this one domain name works world-wide to
107 direct freshclam to the closest geographic endpoint.
108 Default: database.clamav.net
109 PrivateMirror STR
111 This option allows you to easily point freshclam to private mir‐
112 rors. If PrivateMirror is set, freshclam does not attempt to use
113 DNS to determine whether its databases are out-of-date, instead
114 it will use the If-Modified-Since request or directly check the
115 headers of the remote database files. For each database, fresh‐
116 clam first attempts to download the CLD file. If that fails, it
117 tries to download the CVD file. This option overrides
118 DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be
119 used multiple times to provide fall-back mirrors.
120 Default: disabled
121 MaxAttempts NUMBER
123 How many attempts (per mirror) to make before giving up.
124 Default: 3 (per mirror)
125 ScriptedUpdates BOOL
127 With this option you can control scripted updates. It's highly
128 recommended to keep it enabled.
129 Default: yes
130 TestDatabases BOOL
132 With this option enabled, freshclam will attempt to load new
133 databases into memory to make sure they are properly handled by
134 libclamav before replacing the old ones.
135 Default: enabled
136 CompressLocalDatabase BOOL
138 By default freshclam will keep the local databases (.cld) uncom‐
139 pressed to make their handling faster. With this option you can
140 enable the compression; the change will take effect with the
141 next database update.
142 Default: no
143 ExtraDatabase STRING
145 Download an additional 3rd party signature database distributed
146 through the ClamAV mirrors. This option can be used multiple
147 times.
148 Default: disabled
149 ExcludeDatabase STRING
151 Exclude a standard signature database (opt-out). This option can
152 be used multiple times.
153 Default: disabled
154 DatabaseCustomURL STRING
156 With this option you can provide custom sources for database
157 files. This option can be used multiple times. Support for:
158 http(s)://, ftp(s)://, or file:// Example usage:
159 DatabaseCustomURL https://myserver.com:4567/whitelist.wdb
160 Default: disabled
161 HTTPProxyServer STR, HTTPProxyPort NUMBER
163 Use given proxy server and TCP port for database downloads. The
164 HTTPProxyServer may be prefixed with [scheme]:// to specify
165 which kind of proxy is used.
166 http:// HTTP Proxy. Default when no scheme or proxy type
167 is specified.
168 https:// HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS
169 and NSS)
170 socks4:// SOCKS4 Proxy.
171 socks4a:// SOCKS4a Proxy. Proxy resolves URL hostname.
172 socks5:// SOCKS5 Proxy.
173 socks5h:// SOCKS5 Proxy. Proxy resolves URL hostname.
174 HTTPProxyUsername STR,HTTPProxyPassword STRING
176 Proxy usage is authenticated through given username and pass‐
177 word.
178 Default: disabled
179 HTTPUserAgent STRING
181 If your servers are behind a firewall/proxy which applies User-
182 Agent filtering, you can use this option to force the use of a
183 different User-Agent header.
184 Default: clamav/version_number
185 NotifyClamd STRING
187 Notify a running clamd(8) to reload its database after a down‐
188 load has occurred. The path for clamd.conf file must be pro‐
189 vided.
190 Default: The default is to not notify clamd. See clamd.conf(5)'s
191 option SelfCheck for how clamd(8) handles database updates in
192 this case.
193 OnUpdateExecute STRING
195 Execute this command after the database has been successfully
196 updated.
197 Default: disabled
198 OnErrorExecute STRING
200 Execute this command after a database update has failed.
201 Default: disabled
202 OnOutdatedExecute STRING
204 Execute this command when freshclam reports outdated version. In
205 the command string %v will be replaced by the new version num‐
206 ber.
207 Default: disabled
208 LocalIPAddress IP
210 Use IP as client address for downloading databases. Useful for
211 multi homed systems.
212 Default: Use OS'es default outgoing IP address.
213 ConnectTimeout NUMBER
215 Timeout in seconds when connecting to database server.
216 Default: 10
217 ReceiveTimeout NUMBER
219 Timeout in seconds when reading from database server. 0 means no
220 timeout.
221 Default: 0
222 SafeBrowsing BOOL
224 This option enables support for Google Safe Browsing. When acti‐
225 vated for the first time, freshclam will download a new database
226 file (safebrowsing.cvd) which will be automatically loaded by
227 clamd and clamscan during the next reload, provided that the
228 heuristic phishing detection is turned on. This database
229 includes information about websites that may be phishing sites
230 or possible sources of malware. When using this option, it's
231 mandatory to run freshclam at least every 30 minutes. Freshclam
232 uses the ClamAV's mirror infrastructure to distribute the data‐
233 base and its updates but all the contents are provided under
234 Google's terms of use. See https://sup‐
235 port.google.com/code/answer/70015 and https://www.cla‐
236 mav.net/documents/safebrowsing for more information.
237 Default: no
238 Bytecode BOOL
240 This option enables downloading of bytecode.cvd, which includes
241 additional detection mechanisms and improvements to the ClamAV
242 engine.
243 Default: yes
244
246 /etc/freshclam.conf
247
249 Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net>,
250 Kevin Lin <klin@sourcefire.com>
251
253 freshclam(1), clamd.conf(5), clamd(8), clamscan(1)
254ClamAV 0.102.2 December 4, 2013 freshclam.conf(5)