|
|
Good malware hunting for Linux
|
|
freshclam.conf(5) Clam AntiVirus freshclam.conf(5) NAME
freshclam.conf - Configuration file for Clam AntiVirus database update tool DESCRIPTION
The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1). FILE FORMAT
The file consists of comments and options with arguments. Each line which starts with a hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of the form Option Argument. The arguments are of the following types: BOOL Boolean value (yes/no or true/false or 1/0). STRING String without blank characters. SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes. NUMBER Unsigned integer. DIRECTIVES
When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action. Example If this option is set freshclam will not run. DatabaseOwner STRING When started by root, drop privileges to a specified user. Default: AllowSupplementaryGroups BOOL Initialize supplementary group access (freshclam must be started by root). Default: disabled DatabaseDirectory STRING Path to a directory containing database files. Default: /var/lib/clamav Checks NUMBER Number of database checks per day. Default: 12 UpdateLogFile STRING Enable logging to a specified file. Highly recommended. Default: disabled. LogFileMaxSize SIZE Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit. Default: 1M LogSyslog BOOL Enable logging to Syslog. May be used in combination with UpdateLogFile. Default: disabled. LogFacility STRING Specify the type of syslog messages - please refer to 'man syslog' for facility names. Default: LOG_LOCAL6 PidFile STRING This option allows you to save the process identifier of the daemon to a file specified in the argument. Default: disabled LogVerbose BOOL Enable verbose logging. Default: disabled DNSDatabaseInfo STRING This directive enables database and software version checks through DNS TXT records. Default: enabled, pointing to current.cvd.clamav.net DatabaseMirror STRING Server name where database updates are downloaded from. In order to download the database from the closest mirror you should config- ure freshclam to use db.xy.clamav.net where xy represents your country code. If this option is given multiple times, freshclam(1) tries them in the order given. It's strongly recommended that you use db.xy.clamav.net as the first mirror and database.clamav.net as the second. Default: database.clamav.net MaxAttempts NUMBER How many attempts (per mirror) to make before giving up. Default: 3 (per mirror) ScriptedUpdates BOOL With this option you can control scripted updates. It's highly recommended to keep it enabled. Default: enabled TestDatabases BOOL With this option enabled, freshclam will attempt to load new databases into memory to make sure they are properly handled by libcla- mav before replacing the old ones. Default: enabled CompressLocalDatabase BOOL By default freshclam will keep the local databases (.cld) uncompressed to make their handling faster. With this option you can enable the compression; the change will take effect with the next database update. Default: no HTTPProxyServer STR, HTTPProxyPort NUMBER Use given proxy server and TCP port for database downloads. HTTPProxyUsername STR,HTTPProxyPassword STRING Proxy usage is authenticated through given username and password. Default: no proxy authentication HTTPUserAgent STRING If your servers are behind a firewall/proxy which applies User-Agent filtering, you can use this option to force the use of a dif- ferent User-Agent header. Default: clamav/version_number LocalIPAddress IP Use IP as client address for downloading databases. Useful for multi homed systems. Default: Use OS'es default outgoing IP address. NotifyClamd STRING Notify a running clamd(8) to reload its database after a download has occurred. The path for clamd.conf file must be provided. Default: The default is to not notify clamd. See clamd.conf(5)'s option SelfCheck for how clamd(8) handles database updates in this case. OnUpdateExecute STRING Execute this command after the database has been successfully updated. Default: disabled OnOutdatedExecute STRING Execute this command when freshclam reports outdated version. In the command string %v will be replaced by the new version number. Default: disabled OnErrorExecute STRING Execute this command after a database update has failed. Default: disabled ConnectTimeout NUMBER Timeout in seconds when connecting to database server. Default: 10 ReceiveTimeout NUMBER Timeout in seconds when reading from database server. Default: 30 SubmitDetectionStats STRING When enabled freshclam will submit statistics to the ClamAV Project about the latest virus detections in your environment. The Cla- mAV maintainers will then use this data to determine what types of malware are the most detected in the field and in what geographic area they are. This feature requires LogTime and LogFile to be enabled in clamd.conf. The path for clamd.conf file must be provided. Default: disabled DetectionStatsCountry STRING Country of origin of malware/detection statistics (for statistical purposes only). The statistics collector at ClamAV.net will look up your IP address to determine the geographical origin of the malware reported by your installation. If this installation is mainly used to scan data which comes from a different location, please enable this option and enter a two-letter code (see http://www.iana.org/domains/root/db/) of the country of origin. Default: disabled DetectionStatsHostID STRING This option enables support for our "Personal Statistics" service. When this option is enabled, the information on malware detected by your clamd installation is made available to you through our website. To get your HostID, log on http://www.stats.clamav.net and add a new host to your host list. Once you have the HostID, uncomment this option and paste the HostID here. As soon as your fresh- clam starts submitting information to our stats collecting service, you will be able to view the statistics of this clamd installa- tion by logging into http://www.stats.clamav.net with the same credentials you used to generate the HostID. For more information refer to: http://www.clamav.net/support/faq/faq-cctts/. This feature requires SubmitDetectionStats to be enabled. Default: disabled SafeBrowsing BOOL This option enables support for Google Safe Browsing. When activated for the first time, freshclam will download a new database file (safebrowsing.cvd) which will be automatically loaded by clamd and clamscan during the next reload, provided that the heuristic phishing detection is turned on. This database includes information about websites that may be phishing sites or possible sources of malware. When using this option, it's mandatory to run freshclam at least every 30 minutes. Freshclam uses the ClamAV's mirror in- frastructure to distribute the database and its updates but all the contents are provided under Google's terms of use. See http://code.google.com/support/bin/answer.py?answer=70015 and http://safebrowsing.clamav.net for more information. Default: disabled Bytecode BOOL This option enables downloading of bytecode.cvd, which includes additional detection mechanisms and improvements to the ClamAV engine. Default: enabled FILES
/etc/freshclam.conf AUTHOR
Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net> SEE ALSO
freshclam(1), clamd.conf(5), clamd(8), clamscan(1) ClamAV 0.96.1 February 12, 2007 freshclam.conf(5)
