freshclam.conf(5) Clam AntiVirus freshclam.conf(5)
NAME
freshclam.conf - Configuration file for Clam AntiVirus database update
tool
DESCRIPTION
The file freshclam.conf configures the Clam AntiVirus Database Updater,
freshclam(1).
FILE FORMAT
The file consists of comments and options with arguments. Each line
which starts with a hash (#) symbol is ignored by the parser. Options
and arguments are case sensitive and of the form Option Argument. The
arguments are of the following types:
BOOL Boolean value (yes/no or true/false or 1/0).
STRING String without blank characters.
SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes and
'K' or 'k' for kilobytes.
NUMBER Unsigned integer.
DIRECTIVES
When an option is not used (hashed or doesn't exist in the configuration
file) freshclam takes a default action.
Example
If this option is set freshclam will not run.
LogFileMaxSize SIZE
Limit the size of the log file. The logger will be automatically
disabled if the file is greater than SIZE. Value of 0 disables
the limit.
Default: 1M
LogTime BOOL
Log time with each message.
Default: no
LogSyslog BOOL
Enable logging to Syslog. May be used in combination with Up-
dateLogFile.
Default: disabled.
LogFacility STRING
Specify the type of syslog messages - please refer to 'man sys-
log' for facility names.
Default: LOG_LOCAL6
LogVerbose BOOL
Enable verbose logging.
Default: disabled
LogRotate BOOL
Rotate log file. Requires LogFileMaxSize option set prior to this
option.
Default: no
PidFile STRING
Write the daemon's pid to the specified file.
Default: disabled
DatabaseDirectory STRING
Path to a directory containing database files. This directory
must already exist, be an absolute path, be writeable by fresh-
clam and readable by clamd/clamscan.
Default: /var/lib/clamav
Foreground BOOL
Don't fork into background.
Default: no
Debug BOOL
Enable debug messages in libclamav.
Default: no
UpdateLogFile STRING
Enable logging to a specified file. Highly recommended.
Default: disabled.
DatabaseOwner STRING
When started by root, drop privileges to a specified user.
Default: clamav
Checks NUMBER
Number of database checks per day.
Default: 12
DNSDatabaseInfo STRING
Use DNS to verify the virus database version. FreshClam uses DNS
TXT records to verify the versions of the database and software
itself. With this directive you can change the database verifica-
tion domain.
WARNING: Please don't change it unless you're configuring fresh-
clam to use your own database verification domain.
Default: enabled, pointing to current.cvd.clamav.net
DatabaseMirror STRING
DatabaseMirror specifies to which mirror(s) freshclam should con-
nect. You should have at least one entries: database.clamav.net.
Now that CloudFlare is being used as our Content Delivery Network
(CDN), this one domain name works world-wide to direct freshclam
to the closest geographic endpoint.
Default: database.clamav.net
PrivateMirror STR
This option allows you to easily point freshclam to private mir-
rors. If PrivateMirror is set, freshclam does not attempt to use
DNS to determine whether its databases are out-of-date, instead
it will use the If-Modified-Since request or directly check the
headers of the remote database files. For each database, fresh-
clam first attempts to download the CLD file. If that fails, it
tries to download the CVD file. This option overrides Data-
baseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be used
multiple times to provide fall-back mirrors.
Default: disabled
MaxAttempts NUMBER
How many attempts (per mirror) to make before giving up.
Default: 3 (per mirror)
ScriptedUpdates BOOL
With this option you can control scripted updates. It's highly
recommended to keep it enabled.
Default: yes
TestDatabases BOOL
With this option enabled, freshclam will attempt to load new
databases into memory to make sure they are properly handled by
libclamav before replacing the old ones.
Default: enabled
CompressLocalDatabase BOOL
By default freshclam will keep the local databases (.cld) uncom-
pressed to make their handling faster. With this option you can
enable the compression; the change will take effect with the next
database update.
Default: no
ExtraDatabase STRING
Download an additional 3rd party signature database distributed
through the ClamAV mirrors. This option can be used multiple
times.
Default: disabled
ExcludeDatabase STRING
Exclude a standard signature database (opt-out). This option can
be used multiple times.
Default: disabled
DatabaseCustomURL STRING
With this option you can provide custom sources for database
files. This option can be used multiple times. Support for:
http(s)://, ftp(s)://, or file:// Example usage:
DatabaseCustomURL https://myserver.com:4567/allow_list.wdb
Default: disabled
HTTPProxyServer STR, HTTPProxyPort NUMBER
Use given proxy server and TCP port for database downloads. The
HTTPProxyServer may be prefixed with [scheme]:// to specify which
kind of proxy is used.
http:// HTTP Proxy. Default when no scheme or proxy type is
specified.
https:// HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS
and NSS)
socks4:// SOCKS4 Proxy.
socks4a:// SOCKS4a Proxy. Proxy resolves URL hostname.
socks5:// SOCKS5 Proxy.
socks5h:// SOCKS5 Proxy. Proxy resolves URL hostname.
HTTPProxyUsername STR,HTTPProxyPassword STRING
Proxy usage is authenticated through given username and password.
Default: disabled
HTTPUserAgent STRING
If your servers are behind a firewall/proxy which applies User-
Agent filtering, you can use this option to force the use of a
different User-Agent header. As of ClamAV 0.103.3, this setting
may not be used when updating from the clamav.net CDN and can
only be used when updating from a private mirror.
Default: clamav/version_number
NotifyClamd STRING
Notify a running clamd(8) to reload its database after a download
has occurred. The path for clamd.conf file must be provided.
Default: The default is to not notify clamd. See clamd.conf(5)'s
option SelfCheck for how clamd(8) handles database updates in
this case.
OnUpdateExecute STRING
Execute this command after the database has been successfully up-
dated.
Default: disabled
OnErrorExecute STRING
Execute this command after a database update has failed.
Default: disabled
OnOutdatedExecute STRING
Execute this command when freshclam reports outdated version. In
the command string %v will be replaced by the new version number.
Default: disabled
LocalIPAddress IP
Use IP as client address for downloading databases. Useful for
multi homed systems.
Default: Use OS'es default outgoing IP address.
ConnectTimeout NUMBER
Timeout in seconds when connecting to database server.
Default: 10
ReceiveTimeout NUMBER
Maximum time in seconds for each download operation. 0 means no
timeout.
Default: 0
Bytecode BOOL
This option enables downloading of bytecode.cvd, which includes
additional detection mechanisms and improvements to the ClamAV
engine.
Default: yes
FILES
/etc/clamav/freshclam.conf
AUTHOR
Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net>,
Kevin Lin <klin@sourcefire.com>
SEE ALSO
freshclam(1), clamd.conf(5), clamd(8), clamscan(1)
ClamAV 1.4.3 December 4, 2013 freshclam.conf(5)
Generated by dwww version 1.16 on Tue Dec 16 06:43:58 CET 2025.