logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

freshclam.conf - Configuration file for Clam AntiVirus database update tool

Contents

Author

Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>

Description

The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1).

Directives

When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action. Example If this option is set freshclam will not run. LogFileMaxSizeSIZE Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit. Default: 1M LogTimeBOOL Log time with each message. Default: no LogSyslogBOOL Enable logging to Syslog. May be used in combination with UpdateLogFile. Default: disabled. LogFacilitySTRING Specify the type of syslog messages - please refer to 'man syslog' for facility names. Default: LOG_LOCAL6 LogVerboseBOOL Enable verbose logging. Default: disabled LogRotateBOOL Rotate log file. Requires LogFileMaxSize option set prior to this option. Default: no PidFileSTRING Write the daemon's pid to the specified file. Default: disabled DatabaseDirectorySTRING Path to a directory containing database files. This directory must already exist, be an absolute path, be writeable by freshclam and readable by clamd/clamscan. Default: /var/lib/clamav ForegroundBOOL Don't fork into background. Default: no DebugBOOL Enable debug messages in libclamav. Default: no UpdateLogFileSTRING Enable logging to a specified file. Highly recommended. Default: disabled. DatabaseOwnerSTRING When started by root, drop privileges to a specified user. Default: clamav ChecksNUMBER Number of database checks per day. Default: 12 DNSDatabaseInfoSTRING Use DNS to verify the virus database version. FreshClam uses DNS TXT records to verify the versions of the database and software itself. With this directive you can change the database verification domain. WARNING: Please don't change it unless you're configuring freshclam to use your own database verification domain. Default: enabled, pointing to current.cvd.clamav.net DatabaseMirrorSTRING DatabaseMirror specifies to which mirror(s) freshclam should connect. You should have at least one entries: database.clamav.net. Now that CloudFlare is being used as our Content Delivery Network (CDN), this one domain name works world-wide to direct freshclam to the closest geographic endpoint. Default: database.clamav.net PrivateMirrorSTR This option allows you to easily point freshclam to private mirrors. If PrivateMirror is set, freshclam does not attempt to use DNS to determine whether its databases are out-of-date, instead it will use the If-Modified-Since request or directly check the headers of the remote database files. For each database, freshclam first attempts to download the CLD file. If that fails, it tries to download the CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be used multiple times to provide fall-back mirrors. Default: disabled MaxAttemptsNUMBER How many attempts (per mirror) to make before giving up. Default: 3 (per mirror) ScriptedUpdatesBOOL With this option you can control scripted updates. It's highly recommended to keep it enabled. Default: yes TestDatabasesBOOL With this option enabled, freshclam will attempt to load new databases into memory to make sure they are properly handled by libclamav before replacing the old ones. Default: enabled CompressLocalDatabaseBOOL By default freshclam will keep the local databases (.cld) uncompressed to make their handling faster. With this option you can enable the compression; the change will take effect with the next database update. Default: no ExtraDatabaseSTRING Download an additional 3rd party signature database distributed through the ClamAV mirrors. This option can be used multiple times. Default: disabled ExcludeDatabaseSTRING Exclude a standard signature database (opt-out). This option can be used multiple times. Default: disabled DatabaseCustomURLSTRING With this option you can provide custom sources for database files. This option can be used multiple times. Support for: http(s)://, ftp(s)://, or file:// Example usage: DatabaseCustomURL https://myserver.com:4567/allow_list.wdb Default: disabled HTTPProxyServerSTR, HTTPProxyPortNUMBER Use given proxy server and TCP port for database downloads. The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind of proxy is used. http:// HTTP Proxy. Default when no scheme or proxy type is specified. https:// HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS) socks4:// SOCKS4 Proxy. socks4a:// SOCKS4a Proxy. Proxy resolves URL hostname. socks5:// SOCKS5 Proxy. socks5h:// SOCKS5 Proxy. Proxy resolves URL hostname. HTTPProxyUsernameSTR,HTTPProxyPasswordSTRING Proxy usage is authenticated through given username and password. Default: disabled HTTPUserAgentSTRING If your servers are behind a firewall/proxy which applies User-Agent filtering, you can use this option to force the use of a different User-Agent header. As of ClamAV 0.103.3, this setting may not be used when updating from the clamav.net CDN and can only be used when updating from a private mirror. Default: clamav/version_number NotifyClamdSTRING Notify a running clamd(8) to reload its database after a download has occurred. The path for clamd.conf file must be provided. Default: The default is to not notify clamd. See clamd.conf(5)'s option SelfCheck for how clamd(8) handles database updates in this case. OnUpdateExecuteSTRING Execute this command after the database has been successfully updated. Default: disabled OnErrorExecuteSTRING Execute this command after a database update has failed. Default: disabled OnOutdatedExecuteSTRING Execute this command when freshclam reports outdated version. In the command string %v will be replaced by the new version number. Default: disabled LocalIPAddressIP Use IP as client address for downloading databases. Useful for multi homed systems. Default: Use OS'es default outgoing IP address. ConnectTimeoutNUMBER Timeout in seconds when connecting to database server. Default: 10 ReceiveTimeoutNUMBER Maximum time in seconds for each download operation. 0 means no timeout. Default: 0 BytecodeBOOL This option enables downloading of bytecode.cvd, which includes additional detection mechanisms and improvements to the ClamAV engine. Default: yes

File Format

The file consists of comments and options with arguments. Each line which starts with a hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of the form OptionArgument. The arguments are of the following types: BOOL Boolean value (yes/no or true/false or 1/0). STRING String without blank characters. SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes. NUMBER Unsigned integer.

Files

/etc/clamav/freshclam.conf

Name

freshclam.conf - Configuration file for Clam AntiVirus database update tool

See Also

freshclam(1), clamd.conf(5), clamd(8), clamscan(1) ClamAV 1.4.3 December 4, 2013 freshclam.conf(5)

See Also

Man Pages
defaults Man Pages
Man Pages
Mojo::Pg::Database Man Pages
Man Pages
freshclam Man Pages
Option
Option PNG Icons
Filing
Filing PNG Icons
Disabled
Disabled PNG Icons
Man Pages
proxy Man Pages
Man Pages
clamav Man Pages
✳️
Eight Spoked Asterisk Emojis
← View File formats Category← Back to Application configuration🙏  Credits & Acknowledgments