1freshclam.conf(5) Clam AntiVirus freshclam.conf(5)
2
6 freshclam.conf - Configuration file for Clam AntiVirus database update
7 tool
8
10 The file freshclam.conf configures the Clam AntiVirus Database Updater,
11 freshclam(1).
12
14 The file consists of comments and options with arguments. Each line
15 which starts with a hash (#) symbol is ignored by the parser. Options
16 and arguments are case sensitive and of the form Option Argument. The
17 arguments are of the following types:
18 BOOL Boolean value (yes/no or true/false or 1/0).
20 STRING String without blank characters.
22 SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes
24 and 'K' or 'k' for kilobytes.
25 NUMBER Unsigned integer.
27
29 When an option is not used (hashed or doesn't exist in the configura‐
30 tion file) freshclam takes a default action.
31 Example
33 If this option is set freshclam will not run.
34 LogFileMaxSize SIZE
36 Limit the size of the log file. The logger will be automatically
37 disabled if the file is greater than SIZE. Value of 0 disables
38 the limit.
39 Default: 1M
40 LogTime BOOL
42 Log time with each message.
43 Default: no
44 LogSyslog BOOL
46 Enable logging to Syslog. May be used in combination with Up‐
47 dateLogFile.
48 Default: disabled.
49 LogFacility STRING
51 Specify the type of syslog messages - please refer to 'man sys‐
52 log' for facility names.
53 Default: LOG_LOCAL6
54 LogVerbose BOOL
56 Enable verbose logging.
57 Default: disabled
58 LogRotate BOOL
60 Rotate log file. Requires LogFileMaxSize option set prior to
61 this option.
62 Default: no
63 PidFile STRING
65 This option allows you to save the process identifier of the
66 daemon to a file specified in the argument.
67 Default: disabled
68 DatabaseDirectory STRING
70 Path to a directory containing database files.
71 Default: /var/lib/clamav
72 Foreground BOOL
74 Don't fork into background.
75 Default: no
76 Debug BOOL
78 Enable debug messages in libclamav.
79 Default: no
80 UpdateLogFile STRING
82 Enable logging to a specified file. Highly recommended.
83 Default: disabled.
84 DatabaseOwner STRING
86 When started by root, drop privileges to a specified user.
87 Default:
88 Checks NUMBER
90 Number of database checks per day.
91 Default: 12
92 DNSDatabaseInfo STRING
94 Use DNS to verify the virus database version. FreshClam uses DNS
95 TXT records to verify the versions of the database and software
96 itself. With this directive you can change the database verifi‐
97 cation domain.
98 WARNING: Please don't change it unless you're configuring fresh‐
99 clam to use your own database verification domain.
100 Default: enabled, pointing to current.cvd.clamav.net
101 DatabaseMirror STRING
103 DatabaseMirror specifies to which mirror(s) freshclam should
104 connect. You should have at least one entries: database.cla‐
105 mav.net. Now that CloudFlare is being used as our Content De‐
106 livery Network (CDN), this one domain name works world-wide to
107 direct freshclam to the closest geographic endpoint.
108 Default: database.clamav.net
109 PrivateMirror STR
111 This option allows you to easily point freshclam to private mir‐
112 rors. If PrivateMirror is set, freshclam does not attempt to use
113 DNS to determine whether its databases are out-of-date, instead
114 it will use the If-Modified-Since request or directly check the
115 headers of the remote database files. For each database, fresh‐
116 clam first attempts to download the CLD file. If that fails, it
117 tries to download the CVD file. This option overrides
118 DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be
119 used multiple times to provide fall-back mirrors.
120 Default: disabled
121 MaxAttempts NUMBER
123 How many attempts (per mirror) to make before giving up.
124 Default: 3 (per mirror)
125 ScriptedUpdates BOOL
127 With this option you can control scripted updates. It's highly
128 recommended to keep it enabled.
129 Default: yes
130 TestDatabases BOOL
132 With this option enabled, freshclam will attempt to load new
133 databases into memory to make sure they are properly handled by
134 libclamav before replacing the old ones.
135 Default: enabled
136 CompressLocalDatabase BOOL
138 By default freshclam will keep the local databases (.cld) uncom‐
139 pressed to make their handling faster. With this option you can
140 enable the compression; the change will take effect with the
141 next database update.
142 Default: no
143 ExtraDatabase STRING
145 Download an additional 3rd party signature database distributed
146 through the ClamAV mirrors. This option can be used multiple
147 times.
148 Default: disabled
149 ExcludeDatabase STRING
151 Exclude a standard signature database (opt-out). This option can
152 be used multiple times.
153 Default: disabled
154 DatabaseCustomURL STRING
156 With this option you can provide custom sources for database
157 files. This option can be used multiple times. Support for:
158 http(s)://, ftp(s)://, or file:// Example usage:
159 DatabaseCustomURL https://myserver.com:4567/whitelist.wdb
160 Default: disabled
161 HTTPProxyServer STR, HTTPProxyPort NUMBER
163 Use given proxy server and TCP port for database downloads. The
164 HTTPProxyServer may be prefixed with [scheme]:// to specify
165 which kind of proxy is used.
166 http:// HTTP Proxy. Default when no scheme or proxy type
167 is specified.
168 https:// HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS
169 and NSS)
170 socks4:// SOCKS4 Proxy.
171 socks4a:// SOCKS4a Proxy. Proxy resolves URL hostname.
172 socks5:// SOCKS5 Proxy.
173 socks5h:// SOCKS5 Proxy. Proxy resolves URL hostname.
174 HTTPProxyUsername STR,HTTPProxyPassword STRING
176 Proxy usage is authenticated through given username and pass‐
177 word.
178 Default: disabled
179 HTTPUserAgent STRING
181 If your servers are behind a firewall/proxy which applies User-
182 Agent filtering, you can use this option to force the use of a
183 different User-Agent header. As of ClamAV 0.103.3, this setting
184 may not be used when updating from the clamav.net CDN and can
185 only be used when updating from a private mirror.
186 Default: clamav/version_number
187 NotifyClamd STRING
189 Notify a running clamd(8) to reload its database after a down‐
190 load has occurred. The path for clamd.conf file must be pro‐
191 vided.
192 Default: The default is to not notify clamd. See clamd.conf(5)'s
193 option SelfCheck for how clamd(8) handles database updates in
194 this case.
195 OnUpdateExecute STRING
197 Execute this command after the database has been successfully
198 updated.
199 Default: disabled
200 OnErrorExecute STRING
202 Execute this command after a database update has failed.
203 Default: disabled
204 OnOutdatedExecute STRING
206 Execute this command when freshclam reports outdated version. In
207 the command string %v will be replaced by the new version num‐
208 ber.
209 Default: disabled
210 LocalIPAddress IP
212 Use IP as client address for downloading databases. Useful for
213 multi homed systems.
214 Default: Use OS'es default outgoing IP address.
215 ConnectTimeout NUMBER
217 Timeout in seconds when connecting to database server.
218 Default: 10
219 ReceiveTimeout NUMBER
221 Maximum time in seconds for each download operation. 0 means no
222 timeout.
223 Default: 0
224 Bytecode BOOL
226 This option enables downloading of bytecode.cvd, which includes
227 additional detection mechanisms and improvements to the ClamAV
228 engine.
229 Default: yes
230
232 /etc/freshclam.conf
233
235 Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net>,
236 Kevin Lin <klin@sourcefire.com>
237
239 freshclam(1), clamd.conf(5), clamd(8), clamscan(1)
240ClamAV 0.103.7 December 4, 2013 freshclam.conf(5)