NAME¶
freshclam.conf - Configuration file for Clam AntiVirus database update
tool
DESCRIPTION¶
The file freshclam.conf configures the Clam AntiVirus Database Updater,
freshclam(1).
The file consists of comments and options with arguments. Each line which starts
with a hash (
#) symbol is ignored by the parser. Options and arguments
are case sensitive and of the form
Option Argument. The arguments are
of the following types:
- BOOL
- Boolean value (yes/no or true/false or 1/0).
- STRING
- String without blank characters.
- SIZE
- Size in bytes. You can use 'M' or 'm' modifiers for
megabytes and 'K' or 'k' for kilobytes.
- NUMBER
- Unsigned integer.
DIRECTIVES¶
When an option is not used (hashed or doesn't exist in the configuration file)
freshclam takes a default action.
- Example
- If this option is set freshclam will not run.
- LogFileMaxSize SIZE
- Limit the size of the log file. The logger will be
automatically disabled if the file is greater than SIZE. Value of 0
disables the limit.
Default: 1M
- LogTime BOOL
- Log time with each message.
Default: no
- LogSyslog BOOL
- Enable logging to Syslog. May be used in combination with
UpdateLogFile.
Default: disabled.
- LogFacility STRING
- Specify the type of syslog messages - please refer to 'man
syslog' for facility names.
Default: LOG_LOCAL6
- LogVerbose BOOL
- Enable verbose logging.
Default: disabled
- LogRotate BOOL
- Rotate log file. Requires LogFileMaxSize option set prior
to this option.
Default: no
- PidFile STRING
- This option allows you to save the process identifier of
the daemon to a file specified in the argument.
Default: disabled
- DatabaseDirectory STRING
- Path to a directory containing database files.
Default: /var/lib/clamav
- Foreground BOOL
- Don't fork into background.
Default: no
- Debug BOOL
- Enable debug messages in libclamav.
Default: no
- AllowSupplementaryGroups BOOL
- Initialize supplementary group access (freshclam must be
started by root).
Default: disabled
- UpdateLogFile STRING
- Enable logging to a specified file. Highly recommended.
Default: disabled.
- DatabaseOwner STRING
- When started by root, drop privileges to a specified user.
Default:
- Checks NUMBER
- Number of database checks per day.
Default: 12
- DNSDatabaseInfo STRING
- Use DNS to verify the virus database version. Freshclam
uses DNS TXT records to verify the versions of the database and software
itself. With this directive you can change the database verification
domain.
WARNING: Please don't change it unless you're configuring freshclam
to use your own database verification domain.
Default: enabled, pointing to current.cvd.clamav.net
- DatabaseMirror STRING
- DatabaseMirror specifies to which mirror(s) freshclam
should connect. You should have at least two entries: db.XY.clamav.net (or
db.XY.ipv6.clamav.net for IPv6) and database.clamav.net (in this order).
Please replace XY with your country code (see
http://www.iana.org/cctld/cctld-whois.htm). database.clamav.net is a
round-robin record which points to our most reliable mirrors. It's used as
a fall back in case db.XY.clamav.net is not working.
Default: database.clamav.net
- PrivateMirror STR
- This option allows you to easily point freshclam to private
mirrors. If PrivateMirror is set, freshclam does not attempt to use DNS to
determine whether its databases are out-of-date, instead it will use the
If-Modified-Since request or directly check the headers of the remote
database files. For each database, freshclam first attempts to download
the CLD file. If that fails, it tries to download the CVD file. This
option overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It
can be used multiple times to provide fall-back mirrors.
Default: disabled
- MaxAttempts NUMBER
- How many attempts (per mirror) to make before giving up.
Default: 3 (per mirror)
- ScriptedUpdates BOOL
- With this option you can control scripted updates. It's
highly recommended to keep it enabled.
Default: yes
- TestDatabases BOOL
- With this option enabled, freshclam will attempt to load
new databases into memory to make sure they are properly handled by
libclamav before replacing the old ones.
Default: enabled
- CompressLocalDatabase BOOL
- By default freshclam will keep the local databases (.cld)
uncompressed to make their handling faster. With this option you can
enable the compression; the change will take effect with the next database
update.
Default: no
- ExtraDatabase STRING
- Download an additional 3rd party signature database
distributed through the ClamAV mirrors. This option can be used multiple
times. Here you can find a list of available databases:
http://www.clamav.net/download/cvd/3rdparty
Default: disabled
- DatabaseCustomURL STRING
- With this option you can provide custom sources (http:// or
file://) for database files. This option can be used multiple times.
Default: disabled
- HTTPProxyServer STR, HTTPProxyPort
NUMBER
- Use given proxy server and TCP port for database downloads.
HTTPProxyPort defaults to 8080.
- HTTPProxyUsername STR,HTTPProxyPassword
STRING
- Proxy usage is authenticated through given username and
password.
Default: disabled
- HTTPUserAgent STRING
- If your servers are behind a firewall/proxy which applies
User-Agent filtering, you can use this option to force the use of a
different User-Agent header.
Default: clamav/version_number
- NotifyClamd STRING
- Notify a running clamd(8) to reload its database after a
download has occurred. The path for clamd.conf file must be provided.
Default: The default is to not notify clamd. See clamd.conf(5)'s option
SelfCheck for how clamd(8) handles database updates in this case.
- OnUpdateExecute STRING
- Execute this command after the database has been
successfully updated.
Default: disabled
- OnErrorExecute STRING
- Execute this command after a database update has failed.
Default: disabled
- OnOutdatedExecute STRING
- Execute this command when freshclam reports outdated
version. In the command string %v will be replaced by the new version
number.
Default: disabled
- LocalIPAddress IP
- Use IP as client address for downloading databases.
Useful for multi homed systems.
Default: Use OS'es default outgoing IP address.
- ConnectTimeout NUMBER
- Timeout in seconds when connecting to database server.
Default: 10
- ReceiveTimeout NUMBER
- Timeout in seconds when reading from database server.
Default: 30
- SubmitDetectionStats STRING
- When enabled freshclam will submit statistics to the ClamAV
Project about the latest virus detections in your environment. The ClamAV
maintainers will then use this data to determine what types of malware are
the most detected in the field and in what geographic area they are.
Freshclam will connect to clamd in order to get the recent statistics. The
path for clamd.conf file must be provided.
Default: disabled
- DetectionStatsCountry STRING
- Country of origin of malware/detection statistics (for
statistical purposes only). The statistics collector at ClamAV.net will
look up your IP address to determine the geographical origin of the
malware reported by your installation. If this installation is mainly used
to scan data which comes from a different location, please enable this
option and enter a two-letter code (see
http://www.iana.org/domains/root/db/) of the country of origin.
Default: disabled
- DetectionStatsHostID STRING
- This option enables support for our "Personal
Statistics" service. When this option is enabled, the information on
malware detected by your clamd installation is made available to you
through our website. To get your HostID, log on
http://www.stats.clamav.net and add a new host to your host list. Once you
have the HostID, uncomment this option and paste the HostID here. As soon
as your freshclam starts submitting information to our stats collecting
service, you will be able to view the statistics of this clamd
installation by logging into http://www.stats.clamav.net with the same
credentials you used to generate the HostID. For more information refer
to: http://www.clamav.net/support/faq/faq-cctts/. This feature requires
SubmitDetectionStats to be enabled.
Default: disabled
- SafeBrowsing BOOL
- This option enables support for Google Safe Browsing. When
activated for the first time, freshclam will download a new database file
(safebrowsing.cvd) which will be automatically loaded by clamd and
clamscan during the next reload, provided that the heuristic phishing
detection is turned on. This database includes information about websites
that may be phishing sites or possible sources of malware. When using this
option, it's mandatory to run freshclam at least every 30 minutes.
Freshclam uses the ClamAV's mirror infrastructure to distribute the
database and its updates but all the contents are provided under Google's
terms of use. See
http://code.google.com/support/bin/answer.py?answer=70015 and
http://safebrowsing.clamav.net for more information.
Default: disabled
- Bytecode BOOL
- This option enables downloading of bytecode.cvd, which
includes additional detection mechanisms and improvements to the ClamAV
engine.
Default: enabled
FILES¶
/etc/clamav/freshclam.conf
AUTHOR¶
Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm
<tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
SEE ALSO¶
freshclam(1),
clamd.conf(5),
clamd(8),
clamscan(1)