| freshclam.conf(5) - phpMan
freshclam.conf(5) Clam AntiVirus freshclam.conf(5)
NAME
freshclam.conf - Configuration file for Clam AntiVirus database update tool
DESCRIPTION
The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1).
FILE FORMAT
The file consists of comments and options with arguments. Each line which starts with a
hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of
the form Option Argument. The arguments are of the following types:
BOOL Boolean value (yes/no or true/false or 1/0).
STRING String without blank characters.
SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for
kilobytes.
NUMBER Unsigned integer.
DIRECTIVES
When an option is not used (hashed or doesn't exist in the configuration file) freshclam
takes a default action.
Example
If this option is set freshclam will not run.
LogFileMaxSize SIZE
Limit the size of the log file. The logger will be automatically disabled if the
file is greater than SIZE. Value of 0 disables the limit.
Default: 1M
LogTime BOOL
Log time with each message.
Default: no
LogSyslog BOOL
Enable logging to Syslog. May be used in combination with UpdateLogFile.
Default: disabled.
LogFacility STRING
Specify the type of syslog messages - please refer to 'man syslog' for facility
names.
Default: LOG_LOCAL6
LogVerbose BOOL
Enable verbose logging.
Default: disabled
LogRotate BOOL
Rotate log file. Requires LogFileMaxSize option set prior to this option.
Default: no
PidFile STRING
This option allows you to save the process identifier of the daemon to a file spec‐
ified in the argument.
Default: disabled
DatabaseDirectory STRING
Path to a directory containing database files.
Default: /var/lib/clamav
Foreground BOOL
Don't fork into background.
Default: no
Debug BOOL
Enable debug messages in libclamav.
Default: no
UpdateLogFile STRING
Enable logging to a specified file. Highly recommended.
Default: disabled.
DatabaseOwner STRING
When started by root, drop privileges to a specified user.
Default:
Checks NUMBER
Number of database checks per day.
Default: 12
DNSDatabaseInfo STRING
Use DNS to verify the virus database version. Freshclam uses DNS TXT records to
verify the versions of the database and software itself. With this directive you
can change the database verification domain.
WARNING: Please don't change it unless you're configuring freshclam to use your own
database verification domain.
Default: enabled, pointing to current.cvd.clamav.net
DatabaseMirror STRING
DatabaseMirror specifies to which mirror(s) freshclam should connect. You should
have at least two entries: db.XY.clamav.net (or db.XY.ipv6.clamav.net for IPv6) and
database.clamav.net (in this order). Please replace XY with your country code (see
https://www.iana.org/domains/root/db). database.clamav.net is a round-robin record
which points to our most reliable mirrors. It's used as a fall back in case
db.XY.clamav.net is not working.
Default: database.clamav.net
PrivateMirror STR
This option allows you to easily point freshclam to private mirrors. If PrivateMir‐
ror is set, freshclam does not attempt to use DNS to determine whether its data‐
bases are out-of-date, instead it will use the If-Modified-Since request or
directly check the headers of the remote database files. For each database, fresh‐
clam first attempts to download the CLD file. If that fails, it tries to download
the CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo and ScriptedUp‐
dates. It can be used multiple times to provide fall-back mirrors.
Default: disabled
MaxAttempts NUMBER
How many attempts (per mirror) to make before giving up.
Default: 3 (per mirror)
ScriptedUpdates BOOL
With this option you can control scripted updates. It's highly recommended to keep
it enabled.
Default: yes
TestDatabases BOOL
With this option enabled, freshclam will attempt to load new databases into memory
to make sure they are properly handled by libclamav before replacing the old ones.
Default: enabled
CompressLocalDatabase BOOL
By default freshclam will keep the local databases (.cld) uncompressed to make
their handling faster. With this option you can enable the compression; the change
will take effect with the next database update.
Default: no
ExtraDatabase STRING
Download an additional 3rd party signature database distributed through the ClamAV
mirrors. This option can be used multiple times.
Default: disabled
DatabaseCustomURL STRING
With this option you can provide custom sources (http:// or file://) for database
files. This option can be used multiple times.
Default: disabled
HTTPProxyServer STR, HTTPProxyPort NUMBER
Use given proxy server and TCP port for database downloads. HTTPProxyPort defaults
to 8080.
HTTPProxyUsername STR,HTTPProxyPassword STRING
Proxy usage is authenticated through given username and password.
Default: disabled
HTTPUserAgent STRING
If your servers are behind a firewall/proxy which applies User-Agent filtering, you
can use this option to force the use of a different User-Agent header.
Default: clamav/version_number
NotifyClamd STRING
Notify a running clamd(8) to reload its database after a download has occurred. The
path for clamd.conf file must be provided.
Default: The default is to not notify clamd. See clamd.conf(5)'s option SelfCheck
for how clamd(8) handles database updates in this case.
OnUpdateExecute STRING
Execute this command after the database has been successfully updated.
Default: disabled
OnErrorExecute STRING
Execute this command after a database update has failed.
Default: disabled
OnOutdatedExecute STRING
Execute this command when freshclam reports outdated version. In the command string
%v will be replaced by the new version number.
Default: disabled
LocalIPAddress IP
Use IP as client address for downloading databases. Useful for multi homed systems.
Default: Use OS'es default outgoing IP address.
ConnectTimeout NUMBER
Timeout in seconds when connecting to database server.
Default: 10
ReceiveTimeout NUMBER
Timeout in seconds when reading from database server.
Default: 30
SafeBrowsing BOOL
This option enables support for Google Safe Browsing. When activated for the first
time, freshclam will download a new database file (safebrowsing.cvd) which will be
automatically loaded by clamd and clamscan during the next reload, provided that
the heuristic phishing detection is turned on. This database includes information
about websites that may be phishing sites or possible sources of malware. When
using this option, it's mandatory to run freshclam at least every 30 minutes.
Freshclam uses the ClamAV's mirror infrastructure to distribute the database and
its updates but all the contents are provided under Google's terms of use. See
https://support.google.com/code/answer/70015 and https://www.clamav.net/docu‐
ments/safebrowsing for more information.
Default: disabled
Bytecode BOOL
This option enables downloading of bytecode.cvd, which includes additional detec‐
tion mechanisms and improvements to the ClamAV engine.
Default: enabled
FILES
/etc/clamav/freshclam.conf
AUTHOR
Thomas Lamy <thomas.lamy AT netwake.de>, Tomasz Kojm <tkojm AT clamav.net>, Kevin Lin
<klin AT sourcefire.com>
SEE ALSO
freshclam(1), clamd.conf(5), clamd(8), clamscan(1)
ClamAV 0.100.0 December 4, 2013 freshclam.conf(5)
|