freshclam.conf - Configuration file for Clam AntiVirus database update
The file freshclam.conf configures the Clam AntiVirus Database Updater,
The file consists of comments and options with arguments. Each line
which starts with a hash (#) symbol is ignored by the parser. Options
and arguments are case sensitive and of the form Option Argument. The
arguments are of the following types:
BOOL Boolean value (yes/no or true/false or 1/0).
STRING String without blank characters.
SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes
and 'K' or 'k' for kilobytes.
NUMBER Unsigned integer.
When an option is not used (hashed or doesn't exist in the
configuration file) freshclam takes a default action.
If this option is set freshclam will not run.
Limit the size of the log file. The logger will be automatically
disabled if the file is greater than SIZE. Value of 0 disables
Log time with each message.
Enable logging to Syslog. May be used in combination with
Specify the type of syslog messages - please refer to 'man
syslog' for facility names.
Enable verbose logging.
Rotate log file. Requires LogFileMaxSize option set prior to
This option allows you to save the process identifier of the
daemon to a file specified in the argument.
Path to a directory containing database files.
Don't fork into background.
Enable debug messages in libclamav.
Initialize supplementary group access (freshclam must be started
Enable logging to a specified file. Highly recommended.
When started by root, drop privileges to a specified user.
Number of database checks per day.
Use DNS to verify the virus database version. Freshclam uses DNS
TXT records to verify the versions of the database and software
itself. With this directive you can change the database
WARNING: Please don't change it unless you're configuring
freshclam to use your own database verification domain.
Default: enabled, pointing to current.cvd.clamav.net
DatabaseMirror specifies to which mirror(s) freshclam should
connect. You should have at least two entries: db.XY.clamav.net
(or db.XY.ipv6.clamav.net for IPv6) and database.clamav.net (in
this order). Please replace XY with your country code (see
is a round-robin record which points to our most reliable
mirrors. It's used as a fall back in case db.XY.clamav.net is
This option allows you to easily point freshclam to private
mirrors. If PrivateMirror is set, freshclam does not attempt to
use DNS to determine whether its databases are out-of-date,
instead it will use the If-Modified-Since request or directly
check the headers of the remote database files. For each
database, freshclam first attempts to download the CLD file. If
that fails, it tries to download the CVD file. This option
overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates.
It can be used multiple times to provide fall-back mirrors.
How many attempts (per mirror) to make before giving up.
Default: 3 (per mirror)
With this option you can control scripted updates. It's highly
recommended to keep it enabled.
With this option enabled, freshclam will attempt to load new
databases into memory to make sure they are properly handled by
libclamav before replacing the old ones.
By default freshclam will keep the local databases (.cld)
uncompressed to make their handling faster. With this option you
can enable the compression; the change will take effect with the
next database update.
Download an additional 3rd party signature database distributed
through the ClamAV mirrors. This option can be used multiple
times. Here you can find a list of available databases:
With this option you can provide custom sources (http:// or
file://) for database files. This option can be used multiple
HTTPProxyServer STR, HTTPProxyPort NUMBER
Use given proxy server and TCP port for database downloads.
HTTPProxyPort defaults to 8080.
HTTPProxyUsername STR,HTTPProxyPassword STRING
Proxy usage is authenticated through given username and
If your servers are behind a firewall/proxy which applies User-
Agent filtering, you can use this option to force the use of a
different User-Agent header.
Notify a running clamd(8) to reload its database after a
download has occurred. The path for clamd.conf file must be
Default: The default is to not notify clamd. See clamd.conf(5)'s
option SelfCheck for how clamd(8) handles database updates in
Execute this command after the database has been successfully
Execute this command after a database update has failed.
Execute this command when freshclam reports outdated version. In
the command string %v will be replaced by the new version
Use IP as client address for downloading databases. Useful for
multi homed systems.
Default: Use OS'es default outgoing IP address.
Timeout in seconds when connecting to database server.
Timeout in seconds when reading from database server.
When enabled freshclam will submit statistics to the ClamAV
Project about the latest virus detections in your environment.
The ClamAV maintainers will then use this data to determine what
types of malware are the most detected in the field and in what
geographic area they are. Freshclam will connect to clamd in
order to get the recent statistics. The path for clamd.conf file
must be provided.
Country of origin of malware/detection statistics (for
statistical purposes only). The statistics collector at
ClamAV.net will look up your IP address to determine the
geographical origin of the malware reported by your
installation. If this installation is mainly used to scan data
which comes from a different location, please enable this option
and enter a two-letter code (see
http://www.iana.org/domains/root/db/) of the country of origin.
This option enables support for our "Personal Statistics"
service. When this option is enabled, the information on malware
detected by your clamd installation is made available to you
through our website. To get your HostID, log on
http://www.stats.clamav.net and add a new host to your host
list. Once you have the HostID, uncomment this option and paste
the HostID here. As soon as your freshclam starts submitting
information to our stats collecting service, you will be able to
view the statistics of this clamd installation by logging into
http://www.stats.clamav.net with the same credentials you used
to generate the HostID. For more information refer to:
http://www.clamav.net/support/faq/faq-cctts/. This feature
requires SubmitDetectionStats to be enabled.
This option enables support for Google Safe Browsing. When
activated for the first time, freshclam will download a new
database file (safebrowsing.cvd) which will be automatically
loaded by clamd and clamscan during the next reload, provided
that the heuristic phishing detection is turned on. This
database includes information about websites that may be
phishing sites or possible sources of malware. When using this
option, it's mandatory to run freshclam at least every 30
minutes. Freshclam uses the ClamAV's mirror infrastructure to
distribute the database and its updates but all the contents are
http://safebrowsing.clamav.net for more information.
This option enables downloading of bytecode.cvd, which includes
additional detection mechanisms and improvements to the ClamAV
Thomas Lamy <email@example.com>, Tomasz Kojm <firstname.lastname@example.org>,
Kevin Lin <email@example.com>
freshclam(1), clamd.conf(5), clamd(8), clamscan(1)