DESCRIPTION

The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1).

FILE FORMAT

The file consists of comments and options with arguments. Each line which starts with a hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of the form Option Argument. The arguments are of the following types:

BOOL

Boolean value (yes/no or true/false or 1/0).

STRING

String without blank characters.

SIZE

Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.

NUMBER

Unsigned integer.

DIRECTIVES

When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action.

Example

If this option is set freshclam will not run.

LogFileMaxSize SIZE

Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.

Default: 1M

LogTime BOOL

Log time with each message.

Default: no

LogSyslog BOOL

Enable logging to Syslog. May be used in combination with UpdateLogFile.

Default: disabled.

LogFacility STRING

Specify the type of syslog messages - please refer to 'man syslog' for facility names.

Default: LOG_LOCAL6

LogVerbose BOOL

Enable verbose logging.

Default: disabled

LogRotate BOOL

Rotate log file. Requires LogFileMaxSize option set prior to this option.

Default: no

PidFile STRING

This option allows you to save the process identifier of the daemon to a file specified in the argument.

Default: disabled

DatabaseDirectory STRING

Path to a directory containing database files.

Default: /var/lib/clamav

Foreground BOOL

Don't fork into background.

Default: no

Debug BOOL

Enable debug messages in libclamav.

Default: no

UpdateLogFile STRING

Enable logging to a specified file. Highly recommended.

Default: disabled.

DatabaseOwner STRING

When started by root, drop privileges to a specified user.

Default:

Checks NUMBER

Number of database checks per day.

Default: 12

DNSDatabaseInfo STRING

Use DNS to verify the virus database version. Freshclam uses DNS TXT records to verify the versions of the database and software itself. With this directive you can change the database verification domain.

WARNING: Please don't change it unless you're configuring freshclam to use your own database verification domain.

Default: enabled, pointing to current.cvd.clamav.net

DatabaseMirror STRING

DatabaseMirror specifies to which mirror(s) freshclam should connect. You should have at least two entries: db.XY.clamav.net (or db.XY.ipv6.clamav.net for IPv6) and database.clamav.net (in this order). Please replace XY with your country code (see http://www.iana.org/cctld/cctld-whois.htm). database.clamav.net is a round-robin record which points to our most reliable mirrors. It's used as a fall back in case db.XY.clamav.net is not working.

Default: database.clamav.net

PrivateMirror STR

This option allows you to easily point freshclam to private mirrors. If PrivateMirror is set, freshclam does not attempt to use DNS to determine whether its databases are out-of-date, instead it will use the If-Modified-Since request or directly check the headers of the remote database files. For each database, freshclam first attempts to download the CLD file. If that fails, it tries to download the CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUpdates. It can be used multiple times to provide fall-back mirrors.

Default: disabled

MaxAttempts NUMBER

How many attempts (per mirror) to make before giving up.

Default: 3 (per mirror)

ScriptedUpdates BOOL

With this option you can control scripted updates. It's highly recommended to keep it enabled.

Default: yes

TestDatabases BOOL

With this option enabled, freshclam will attempt to load new databases into memory to make sure they are properly handled by libclamav before replacing the old ones.

Default: enabled

CompressLocalDatabase BOOL

By default freshclam will keep the local databases (.cld) uncompressed to make their handling faster. With this option you can enable the compression; the change will take effect with the next database update.

Default: no

ExtraDatabase STRING

Download an additional 3rd party signature database distributed through the ClamAV mirrors. This option can be used multiple times. Here you can find a list of available databases: http://www.clamav.net/download/cvd/3rdparty

Default: disabled

DatabaseCustomURL STRING

With this option you can provide custom sources (http:// or file://) for database files. This option can be used multiple times.

Default: disabled

HTTPProxyServer STR, HTTPProxyPort NUMBER

Use given proxy server and TCP port for database downloads. HTTPProxyPort defaults to 8080.

HTTPProxyUsername STR,HTTPProxyPassword STRING

Proxy usage is authenticated through given username and password.

Default: disabled

HTTPUserAgent STRING

If your servers are behind a firewall/proxy which applies User-Agent filtering, you can use this option to force the use of a different User-Agent header.

Default: clamav/version_number

NotifyClamd STRING

Notify a running clamd(8) to reload its database after a download has occurred. The path for clamd.conf file must be provided.

Default: The default is to not notify clamd. See clamd.conf(5)'s option SelfCheck for how clamd(8) handles database updates in this case.

OnUpdateExecute STRING

Execute this command after the database has been successfully updated.

Default: disabled

OnErrorExecute STRING

Execute this command after a database update has failed.

Default: disabled

OnOutdatedExecute STRING

Execute this command when freshclam reports outdated version. In the command string %v will be replaced by the new version number.

Default: disabled

LocalIPAddress IP

Use IP as client address for downloading databases. Useful for multi homed systems.

Default: Use OS'es default outgoing IP address.

ConnectTimeout NUMBER

Timeout in seconds when connecting to database server.

Default: 10

ReceiveTimeout NUMBER

Timeout in seconds when reading from database server.

Default: 30

SubmitDetectionStats STRING

When enabled freshclam will submit statistics to the ClamAV Project about the latest virus detections in your environment. The ClamAV maintainers will then use this data to determine what types of malware are the most detected in the field and in what geographic area they are. Freshclam will connect to clamd in order to get the recent statistics. The path for clamd.conf file must be provided.

Default: disabled

DetectionStatsCountry STRING

Country of origin of malware/detection statistics (for statistical purposes only). The statistics collector at ClamAV.net will look up your IP address to determine the geographical origin of the malware reported by your installation. If this installation is mainly used to scan data which comes from a different location, please enable this option and enter a two-letter code (see http://www.iana.org/domains/root/db/) of the country of origin.

Default: disabled

DetectionStatsHostID STRING

This option enables support for our "Personal Statistics" service. When this option is enabled, the information on malware detected by your clamd installation is made available to you through our website. To get your HostID, log on http://www.stats.clamav.net and add a new host to your host list. Once you have the HostID, uncomment this option and paste the HostID here. As soon as your freshclam starts submitting information to our stats collecting service, you will be able to view the statistics of this clamd installation by logging into http://www.stats.clamav.net with the same credentials you used to generate the HostID. For more information refer to: http://www.clamav.net/documents/clamav-community-threat-tracking-system/. This feature requires SubmitDetectionStats to be enabled.

Default: disabled

SafeBrowsing BOOL

This option enables support for Google Safe Browsing. When activated for the first time, freshclam will download a new database file (safebrowsing.cvd) which will be automatically loaded by clamd and clamscan during the next reload, provided that the heuristic phishing detection is turned on. This database includes information about websites that may be phishing sites or possible sources of malware. When using this option, it's mandatory to run freshclam at least every 30 minutes. Freshclam uses the ClamAV's mirror infrastructure to distribute the database and its updates but all the contents are provided under Google's terms of use. See http://code.google.com/support/bin/answer.py?answer=70015 and http://safebrowsing.clamav.net for more information.

Default: disabled

Bytecode BOOL

This option enables downloading of bytecode.cvd, which includes additional detection mechanisms and improvements to the ClamAV engine.

Default: enabled

FILES

/etc/clamav/freshclam.conf

AUTHOR

Thomas Lamy <[email protected]>, Tomasz Kojm <[email protected]>, Kevin Lin <[email protected]>

RELATED TO freshclam.conf…