1freshclam.conf(5)               Clam AntiVirus               freshclam.conf(5)
2
3
4

NAME

6       freshclam.conf  - Configuration file for Clam AntiVirus database update
7       tool
8

DESCRIPTION

10       The file freshclam.conf configures the Clam AntiVirus Database Updater,
11       freshclam(1).
12

FILE FORMAT

14       The  file  consists  of  comments and options with arguments. Each line
15       which starts with a hash (#) symbol is ignored by the  parser.  Options
16       and  arguments  are case sensitive and of the form Option Argument. The
17       arguments are of the following types:
18
19       BOOL   Boolean value (yes/no or true/false or 1/0).
20
21       STRING String without blank characters.
22
23       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers  for  megabytes
24              and 'K' or 'k' for kilobytes.
25
26       NUMBER Unsigned integer.
27

DIRECTIVES

29       When  an  option is not used (hashed or doesn't exist in the configura‐
30       tion file) freshclam takes a default action.
31
32       Example
33              If this option is set freshclam will not run.
34
35       LogFileMaxSize SIZE
36              Limit the size of the log file. The logger will be automatically
37              disabled  if  the file is greater than SIZE. Value of 0 disables
38              the limit.
39              Default: 1M
40
41       LogTime BOOL
42              Log time with each message.
43              Default: no
44
45       LogSyslog BOOL
46              Enable logging to Syslog. May be used in  combination  with  Up‐
47              dateLogFile.
48              Default: disabled.
49
50       LogFacility STRING
51              Specify  the type of syslog messages - please refer to 'man sys‐
52              log' for facility names.
53              Default: LOG_LOCAL6
54
55       LogVerbose BOOL
56              Enable verbose logging.
57              Default: disabled
58
59       LogRotate BOOL
60              Rotate log file. Requires LogFileMaxSize  option  set  prior  to
61              this option.
62              Default: no
63
64       PidFile STRING
65              This  option  allows  you  to save the process identifier of the
66              daemon to a file specified in the argument.
67              Default: disabled
68
69       DatabaseDirectory STRING
70              Path to a directory containing database files.
71              Default: /var/lib/clamav
72
73       Foreground BOOL
74              Don't fork into background.
75              Default: no
76
77       Debug BOOL
78              Enable debug messages in libclamav.
79              Default: no
80
81       UpdateLogFile STRING
82              Enable logging to a specified file. Highly recommended.
83              Default: disabled.
84
85       DatabaseOwner STRING
86              When started by root, drop privileges to a specified user.
87              Default: clamupdate
88
89       Checks NUMBER
90              Number of database checks per day.
91              Default: 12
92
93       DNSDatabaseInfo STRING
94              Use DNS to verify the virus database version. FreshClam uses DNS
95              TXT  records to verify the versions of the database and software
96              itself. With this directive you can change the database  verifi‐
97              cation domain.
98              WARNING: Please don't change it unless you're configuring fresh‐
99              clam to use your own database verification domain.
100              Default: enabled, pointing to current.cvd.clamav.net
101
102       DatabaseMirror STRING
103              DatabaseMirror specifies to  which  mirror(s)  freshclam  should
104              connect.  You  should  have  at least one entries: database.cla‐
105              mav.net.  Now that CloudFlare is being used as our  Content  De‐
106              livery  Network  (CDN), this one domain name works world-wide to
107              direct freshclam to the closest geographic endpoint.
108              Default: database.clamav.net
109
110       PrivateMirror STR
111              This option allows you to easily point freshclam to private mir‐
112              rors. If PrivateMirror is set, freshclam does not attempt to use
113              DNS to determine whether its databases are out-of-date,  instead
114              it  will use the If-Modified-Since request or directly check the
115              headers of the remote database files. For each database,  fresh‐
116              clam  first attempts to download the CLD file. If that fails, it
117              tries  to  download  the  CVD  file.   This   option   overrides
118              DatabaseMirror,  DNSDatabaseInfo  and ScriptedUpdates. It can be
119              used multiple times to provide fall-back mirrors.
120              Default: disabled
121
122       MaxAttempts NUMBER
123              How many attempts (per mirror) to make before giving up.
124              Default: 3 (per mirror)
125
126       ScriptedUpdates BOOL
127              With this option you can control scripted updates.  It's  highly
128              recommended to keep it enabled.
129              Default: yes
130
131       TestDatabases BOOL
132              With  this  option  enabled,  freshclam will attempt to load new
133              databases into memory to make sure they are properly handled  by
134              libclamav before replacing the old ones.
135              Default: enabled
136
137       CompressLocalDatabase BOOL
138              By default freshclam will keep the local databases (.cld) uncom‐
139              pressed to make their handling faster. With this option you  can
140              enable  the  compression;  the  change will take effect with the
141              next database update.
142              Default: no
143
144       ExtraDatabase STRING
145              Download an additional 3rd party signature database  distributed
146              through  the  ClamAV  mirrors.  This option can be used multiple
147              times.
148              Default: disabled
149
150       ExcludeDatabase STRING
151              Exclude a standard signature database (opt-out). This option can
152              be used multiple times.
153              Default: disabled
154
155       DatabaseCustomURL STRING
156              With  this  option  you  can provide custom sources for database
157              files. This option can be used multiple times.  Support for:
158                http(s)://, ftp(s)://, or file:// Example usage:
159                DatabaseCustomURL https://myserver.com:4567/allow_list.wdb
160              Default: disabled
161
162       HTTPProxyServer STR, HTTPProxyPort NUMBER
163              Use given proxy server and TCP port for database downloads.  The
164              HTTPProxyServer  may  be  prefixed  with  [scheme]:// to specify
165              which kind of proxy is used.
166                http://     HTTP Proxy. Default when no scheme or  proxy  type
167              is specified.
168                https://     HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS
169              and NSS)
170                socks4://   SOCKS4 Proxy.
171                socks4a://  SOCKS4a Proxy. Proxy resolves URL hostname.
172                socks5://   SOCKS5 Proxy.
173                socks5h://  SOCKS5 Proxy. Proxy resolves URL hostname.
174
175       HTTPProxyUsername STR,HTTPProxyPassword STRING
176              Proxy usage is authenticated through given  username  and  pass‐
177              word.
178              Default: disabled
179
180       HTTPUserAgent STRING
181              If  your servers are behind a firewall/proxy which applies User-
182              Agent filtering, you can use this option to force the use  of  a
183              different User-Agent header.  As of ClamAV 0.103.3, this setting
184              may not be used when updating from the clamav.net  CDN  and  can
185              only be used when updating from a private mirror.
186              Default: clamav/version_number
187
188       NotifyClamd STRING
189              Notify  a  running clamd(8) to reload its database after a down‐
190              load has occurred. The path for clamd.conf  file  must  be  pro‐
191              vided.
192              Default: The default is to not notify clamd. See clamd.conf(5)'s
193              option SelfCheck for how clamd(8) handles  database  updates  in
194              this case.
195
196       OnUpdateExecute STRING
197              Execute  this  command  after the database has been successfully
198              updated.
199              Default: disabled
200
201       OnErrorExecute STRING
202              Execute this command after a database update has failed.
203              Default: disabled
204
205       OnOutdatedExecute STRING
206              Execute this command when freshclam reports outdated version. In
207              the  command  string %v will be replaced by the new version num‐
208              ber.
209              Default: disabled
210
211       LocalIPAddress IP
212              Use IP as client address for downloading databases.  Useful  for
213              multi homed systems.
214              Default: Use OS'es default outgoing IP address.
215
216       ConnectTimeout NUMBER
217              Timeout in seconds when connecting to database server.
218              Default: 10
219
220       ReceiveTimeout NUMBER
221              Maximum  time in seconds for each download operation. 0 means no
222              timeout.
223              Default: 0
224
225       Bytecode BOOL
226              This option enables downloading of bytecode.cvd, which  includes
227              additional  detection  mechanisms and improvements to the ClamAV
228              engine.
229              Default: yes
230

FILES

232       /etc/freshclam.conf
233

AUTHOR

235       Thomas Lamy <thomas.lamy@netwake.de>, Tomasz  Kojm  <tkojm@clamav.net>,
236       Kevin Lin <klin@sourcefire.com>
237

SEE ALSO

239       freshclam(1), clamd.conf(5), clamd(8), clamscan(1)
240
241
242
243ClamAV 1.0.4                   December 4, 2013              freshclam.conf(5)
Impressum