The daemon listens for incoming connections on Unix or TCP socket and scans files or directories on demand. It's a part of the Clam AntiVirus package. It reads its configuration information from a clamd.conf file. It provides on\-access scanning feature (clamuko) under Linux.
The daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from @CFGDIR@/clamd.conf
.SH"COMMANDS"
.LP
clamd recognizes the following commands:
Note: It's recommended to prefix clamd commands with the letter \fBn\fR (eg. nSCAN) to indicate that the command will be delimited by a newline character and that clamd should continue reading command data until a newline is read. The newline delimiter assures that the complete command and its entire argument will be processed as a single command.
.TP
\fBPING\fR
Check the server's state. It should reply with "PONG".
.TP
\fBVERSION\fR
Print a version information.
Print program and database versions.
.TP
\fBRELOAD\fR
Reload the virus databases.
.TP
\fBQUIT\fR
\fBSHUTDOWN\fR
Perform a clean exit.
.TP
\fBSCAN file/directory\fR
@ -34,13 +32,16 @@ Scan a file or a directory (recursively) with archive support enabled (if not di
Scan a file or directory (recursively) with archive support disabled. A full path is required.
.TP
\fBCONTSCAN file/directory\fR
Scan a file or directory (recursively) with archive support enabled and continue scanning even when virus is found. A full path is required.
Scan file or directory (recursively) with archive support enabled and don't stop the scanning when a virus is found.
.TP
\fBMULTISCAN file/directory\fR
Scan directories with multiple threads.
Scan file in a standard way or scan directory (recursively) using multiple threads (to make the scanning faster on SMP machines).
.TP
\fBSTREAM\fR
Scan stream \- on this command clamd will return "PORT number" and you can connect to that port and send a data to scan.
Scan stream \- on this command clamd will return "PORT number" you should connect to and send data to scan.
.TP
\fBSESSION, END\fR
Start/end a clamd session which will allow you to run multiple commands per TCP session. It's recommended to prefix clamd commands with the letter \fBn\fR (eg. nSCAN) to indicate that the command will be delimited by a newline character and that clamd should continue reading command data until a newline is read. The newline delimiter assures that the complete command and its entire argument will be processed as a single command.
.SH"OPTIONS"
.LP
@ -63,4 +64,4 @@ Please check the full documentation for credits.
\fBclamd.conf\fR\- Configuration file for Clam AntiVirus Daemon
@ -7,7 +6,10 @@
.LP
clamd.conf configures the Clam AntiVirus daemon, clamd(8).
.SH"FILE FORMAT"
The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:
The file consists of comments and options with arguments. Each line which starts with a hash (\fB#\fR) symbol is ignored by the parser. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The arguments are of the following types:
.TP
\fBBOOL\fR
Boolean value (yes/no or true/false or 1/0).
.TP
\fBSTRING\fR
String without blank characters.
@ -19,7 +21,7 @@ Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for
Unsigned integer.
.SH"DIRECTIVES"
.LP
When an option is not used (hashed or doesn't exist in the configuration file) clamd takes a default action.
When some option is not used (commented out or not included in the configuration file at all) clamd takes a default action.
.TP
\fBExample\fR
If this option is set clamd will not run.
@ -27,47 +29,47 @@ If this option is set clamd will not run.
\fBLogFile STRING\fR
Enable logging to selected file.
.br
Default: disabled
Default: no
.TP
\fBLogFileUnlock\fR
\fBLogFileUnlock BOOL\fR
Disable a system lock that protects against running clamd with a same configuration file multiple times.
.br
Default: disabled
Default: no
.TP
\fBLogFileMaxSize SIZE\fR
Limit the size of a log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
.br
Default: 1M
.TP
\fBLogTime\fR
Log time with each message.
\fBLogTime BOOL\fR
Log time for each message.
.br
Default: disabled
Default: no
.TP
\fBLogClean\fR
\fBLogClean BOOL\fR
Log clean files.
.br
Default: disabled
Default: no
.TP
\fBLogSyslog\fR
\fBLogSyslog BOOL\fR
Use system logger (can work together with LogFile).
.br
Default: disabled
Default: no
.TP
\fBLogFacility\fR
\fBLogFacility STRING\fR
Specify the type of syslog messages \- please refer to 'man syslog' for facility names.
.br
Default: LOG_LOCAL6
.TP
\fBLogVerbose\fR
\fBLogVerbose BOOL\fR
Enable verbose logging.
.br
Default: disabled
Default: no
.TP
\fBPidFile STRING\fR
Save the process identifier of a listening daemon (main thread) to a specified file.
.br
Default: disabled
Default: no
.TP
\fBTemporaryDirectory STRING\fR
Optional path to the global temporary directory.
@ -82,22 +84,22 @@ Default: @DBDIR@
\fBLocalSocket STRING\fR
Path to a local (Unix) socket the daemon will listen on.
.br
Default: disabled
Default: no
.TP
\fBFixStaleSocket\fR
\fBFixStaleSocket BOOL\fR
Remove stale socket after unclean shutdown.
.br
Default: disabled
Default: no
.TP
\fBTCPSocket NUMBER\fR
TCP port number the daemon will listen on.
.br
Default: disabled
Default: no
.TP
\fBTCPAddr STRING\fR
TCP socket address to bind to. By default clamd binds to INADDR_ANY.
.br
Default: disabled
Default: no
.TP
\fBMaxConnectionQueueLength NUMBER\fR
Maximum length the queue of pending connections may grow to.
@ -105,7 +107,7 @@ Maximum length the queue of pending connections may grow to.
Default: 15
.TP
\fBMaxThreads NUMBER\fR
Maximal number of threads running at the same time.
Maximum number of threads running at the same time.
.br
Default: 10
.TP
@ -120,62 +122,61 @@ Waiting for a new job will timeout after this time (seconds).
Default: 30
.TP
\fBMaxDirectoryRecursion NUMBER\fR
Maximal depth directories are scanned at.
Maximum depth directories are scanned at.
.br
Default: 15
.TP
\fBFollowDirectorySymlinks\fR
\fBFollowDirectorySymlinks BOOL\fR
Follow directory symlinks.
.br
Default: disabled
Default: no
.TP
\fBFollowFileSymlinks\fR
\fBFollowFileSymlinks BOOL\fR
Follow regular file symlinks.
.br
Default: disabled
Default: no
.TP
\fBSelfCheck NUMBER\fR
Do internal sanity checks every NUMBER seconds.
Perform a database check.
.br
Default: 1800
.TP
\fBVirusEvent COMMAND\fR
Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.
Execute COMMAND when a virus is found. In the command string %v will be replaced with the virus name.
\fR
.br
Default: disabled
Default: no
.TP
\fBExitOnOOM\fR
\fBExitOnOOM BOOL\fR
Stop daemon when libclamav reports out of memory condition.
.br
Default: disabled
.TP
Default: no
.TP
\fBUser STRING\fR
Run as selected user.
Run as another user (clamd must be started by root to make this option working).
.br
Default: disabled
Default: no
.TP
\fBAllowSupplementaryGroups\fR
\fBAllowSupplementaryGroups BOOL\fR
Initialize supplementary group access (clamd must be started by root).
.br
Default: disabled
Default: no
.TP
\fBForeground\fR
\fBForeground BOOL\fR
Don't fork into background.
.br
Default: disabled
Default: no
.TP
\fBDebug\fR
\fBDebug BOOL\fR
Enable debug messages from libclamav.
.TP
\fBLeaveTemporaryFiles\fR
Do not remove temporary files (for debug purposes).
\fBLeaveTemporaryFiles BOOL\fR
Do not remove temporary files (for debug purpose).
.br
Default: disabled
Default: no
.TP
\fBStreamMaxLength SIZE\fR
Clamd uses FTP\-like protocol to receive data from remote clients. If you are using clamav\-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the maximal limit for data transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximal attachment size.
Clamd uses FTP\-like protocol to receive data from remote clients. If you are using clamav\-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximum attachment size.
.br
Default: 10M
.TP
@ -189,78 +190,80 @@ Limit data port range.
.br
Default: 2048
.TP
\fBAlgorithmicDetection\fR
\fBAlgorithmicDetection BOOL\fR
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option controls the algorithmic detection.
.br
Default: yes
.TP
\fBScanPE\fR
PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
\fBScanPE BOOL\fR
PE stands for Portable Executable \- it's an executable file format used in all 32 and 64\-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
.br
Default: enabled
Default: yes
.TP
\fBScanELF\fR
\fBScanELF BOOL\fR
Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning of ELF files.
.br
Default: enabled
Default: yes
.TP
\fBDetectBrokenExecutables\fR
\fBDetectBrokenExecutables BOOL\fR
With this option clamd will try to detect broken executables (both PE and ELF) and mark them as Broken.Executable.
.br
Default: disabled
Default: no
.TP
\fBScanOLE2\fR
Enables scanning of Microsoft Office document macros.
\fBScanOLE2 BOOL\fR
This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.
.br
Default: enabled
Default: yes
.TP
\fBScanHTML\fR
\fBScanHTML BOOL\fR
Enables HTML detection and normalisation.
.br
Default: enabled
Default: yes
.TP
\fBScanMail\fR
\fBScanMail BOOL\fR
Enable scanning of mail files.
.br
Default: enabled
Default: yes
.TP
\fBMailFollowURLs\fR
\fBMailFollowURLs BOOL\fR
If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
.br
Default: disabled
Default: no
.TP
\fBMailMaxRecursion\fR
\fBMailMaxRecursion NUMBER\fR
Recursion level limit for the mail scanner.
.br
Default: 64
.TP
\fBPhishingSignatures\fR
\fBPhishingSignatures BOOL\fR
With this option enabled ClamAV will try to detect phishing attempts by using signatures.
.br
Default: enabled
.TP
\fBPhishingScanAllDomains\fR
Use phishing detection for all domains (not just those listed in database).
It is not recommended to turn this option on, it is meant for internal use.
Requires --enable-experimntal configure option.
Default: yes
.TP
\fBPhishingScanURLs BOOL\fR
Scan URLs in mails for phishing attempts (available in experimental builds only).
.br
Default: disabled
Default: yes
.TP
\fBPhishingRestrictedScan BOOL\fR
Use phishing detection only for domains listed in the .pdb database. It is not recommended to have this option turned off, because scanning of all domains may lead to many false positives! (available in experimental builds only)
.br
Default: no
.TP
\fBPhishingAlwaysBlockSSLMismatch BOOL\fR
Always block SSL mismatches in URLs, even if the URL isn't in the database. This can lead to false positives. (available in experimental builds only)
.br
Default: no
.TP
\fBPhishingScanURLs\fR
Scan urls found in mails for phishing attempts.
Requires --enable-experimental configure option.
\fBPhishingAlwaysBlockCloak BOOL\fR
Always block cloaked URLs, even if URL isn't in database. There is a remote possibility, that this will lead to false positives. (available in experimental builds only)
.br
Default: enabled
Default: no
.TP
\fBScanArchive\fR
\fBScanArchive BOOL\fR
Enable archive scanning.
.br
Default: enabled
.TP
\fBScanRAR\fR
Enable scanning of RAR archives. Due to license issues libclamav does not support RAR 3.0 archives (only the old 2.0 format is supported). Because some users report stability problems with unrarlib it's disabled by default and must be enabled in the config file.
.br
Default: disabled
Default: yes
.TP
\fBArchiveMaxFileSize SIZE\fR
Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.
@ -273,7 +276,7 @@ Limit archive recursion level. Value of 0 disables the limit.
Default: 8
.TP
\fBArchiveMaxFiles NUMBER\fR
Number of files to be scanned within archive. Value of 0 disables the limit.
Number of files to be scanned within an archive. Value of 0 disables the limit.
.br
Default: 1000
.TP
@ -282,65 +285,60 @@ Analyze compression ratio of every file in an archive and mark potential archive
.br
Default: 250
.TP
\fBArchiveLimitMemoryUsage\fR
Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
\fBArchiveLimitMemoryUsage BOOL\fR
Use slower decompression algorithm which uses less memory. This option only affects the bzip2 decompressor.
.br
Default: disabled
Default: no
.TP
\fBArchiveBlockEncrypted\fR
\fBArchiveBlockEncrypted BOOL\fR
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
.br
Default: disabled
Default: no
.TP
\fBArchiveBlockMax\fR
\fBArchiveBlockMax BOOL\fR
Mark archives as viruses (e.g RAR.ExceededFileSize, Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached.
.br
Default: disabled
Default: no
.TP
\fBNodalCoreAcceleration\fR
\fBNodalCoreAcceleration BOOL\fR
Enable support for Sensory Networks' NodalCore hardware accelerator.
.br
Default: disabled
Default: no
.TP
\fBClamukoScanOnAccess\fR
\fBClamukoScanOnAccess BOOL\fR
Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
.br
Default: disabled
Default: no
.TP
\fBClamukoScanOnOpen\fR
\fBClamukoScanOnOpen BOOL\fR
Scan files on open.
.br
Default: disabled
Default: no
.TP
\fBClamukoScanOnClose\fR
\fBClamukoScanOnClose BOOL\fR
Scan files on close.
.br
Default: disabled.
Default: no.
.TP
\fBClamukoScanOnExec\fR
\fBClamukoScanOnExec BOOL\fR
Scan files on execute.
.br
Default: disabled
Default: no
.TP
\fBClamukoIncludePath STRING\fR
Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
Set the include paths (all files and directories inside them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
.br
Default: disabled
Default: no
.TP
\fBClamukoExcludePath\fR
\fBClamukoExcludePath STRING\fR
Set the exclude paths. All subdirectories will also be excluded.
.br
Default: disabled
Default: no
.TP
\fBClamukoMaxFileSize SIZE\fR
Don't scan files larger than SIZE.
Ignore files larger than SIZE.
.br
Default: 5M
.TP
\fBClamukoScanArchive\fR
Enable archive scanning. It uses ArchiveMax* limits.
clamdscan \- scan files and directories against viruses using Clam AntiVirus Daemon
clamdscan \- scan files and directories for viruses using Clam AntiVirus Daemon
.SH"SYNOPSIS"
.LP
clamdscan [options] [file/directory]
.SH"DESCRIPTION"
.LP
clamdscan is a simple clamd client which may be used as a clamscan replacement. clamdscan accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd. clamdscan is a part of the Clam AntiVirus package.
clamdscan is a simple clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd.
.SH"OPTIONS"
.LP
.TP
\fB\-h, \-\-help\fR
Output help information and exit.
Display help information and exit.
.TP
\fB\-V, \-\-version\fR
Print version number and exit.
.TP
\fB\-v, \-\-verbose\fR
Be verbose. This option causes clamscan to print many additional informations.
Be verbose.
.TP
\fB\-\-quiet\fR
Be quiet \- only output error messages.
@ -73,4 +72,4 @@ Please check the full documentation for credits.
Move infected files into DIRECTORY. Directory must be writable for the 'clamav' user or unprivileged user running clamscan.
.TP
\fB\-\-copy=DIRECTORY\fR
Copy infected files into DIRECTORY. Directory must be writable for the 'clamav' user or unprivileged user running clamscan.
.TP
\fB\-\-no\-mail\fR
Disable scanning of mail files.
.TP
\fB\-\-no\-phishing\fR
Disable detection of phishing messages.
\fB\-\-no\-phishing\-sigs\fR
Disable signature-based phishing detection.
.TP
\fB\-\-no\-phishing\-scan\-urls\fR
Disable url-based phishing detection. (Only available in experimental builds)
@ -85,7 +87,7 @@ Always block SSL mismatches in URLs (might lead to false positives!). (Only avai
\fB\-\-phishing\-cloak\fR
Always block cloaked URLs (might lead to some false positives). (Only available in experimental builds)
.TP
\fB\-\-no\-algo\fR
\fB\-\-no\-algorithmic\fR
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option disables the algorithmic detection.
.TP
\fB\-\-no\-pe\fR
@ -95,7 +97,7 @@ PE stands for Portable Executable \- it's an executable file format used in all
Executable and Linking Format is a standard format for UN*X executables. This option \fBdisables\fR ELF support.
.TP
\fB\-\-no\-ole2\fR
Disable support for Microsoft Office document files.
Disable support for Microsoft Office documents and .msi files.
.TP
\fB\-\-no\-html\fR
Disable support for HTML detection and normalisation.
@ -119,7 +121,7 @@ If an email contains URLs ClamAV can download and scan them. \fBWARNING: This op
Extract first #n files from each archive. This option protects your system against DoS attacks (default: 500)
.TP
\fB\-\-max\-space=#n\fR
Extract first #n kilobytes from each archive. You may give the number in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 10 MB)
Extract first #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 10 MB)
.TP
\fB\-\-max\-recursion=#n\fR
Set archive recursion level limit. This option protects your system against DoS attacks (default: 8).
@ -134,10 +136,10 @@ Recursion level limit for the internal mail scanner.
Maximum depth directories are scanned at (default: 15).
.TP
\fB\-\-unzip[=FULLPATH]\fR
In most cases you don't need this option \- the built\-in unarchiver will do extract Zip archives. This option however may be used as a backup for internal unpacker \- see the full documentation for more information. When enabled without an argument, unzip program will be searched in $PATH. If unzip cannot be found in $PATH, you must force it with =pathname. Remember about '=' between the option and an argument.
In most cases you don't need this option \- the built\-in unarchiver will extract Zip archives. Howvere, this option may be used as a backup for internal unpacker \- see the full documentation for more information. When enabled without an argument, unzip program will be searched in $PATH. If unzip cannot be found in $PATH, you must force it with =pathname. Remember about '=' between the option and the argument.
.TP
\fB\-\-unrar[=FULLPATH]\fR
Scan .rar files.
Scan .rar files. In most cases the unpacker built into libclamav is enough.
.TP
\fB\-\-arj[=FULLPATH]\fR
Scan .arj files.
@ -149,24 +151,24 @@ Scan .zoo files.
Scan .lzh files.
.TP
\fB\-\-jar[=FULLPATH]\fR
clamscan uses unzip for .jar files, so optionally eventually you will need to pass a full path to unzip.
clamscan uses unzip for .jar files, so in some cases you may need to pass a full path to unzip. In most cases the unpacker built into libclamav is enough.
.TP
\fB\-\-deb[=FULLPATH]\fR
This option supports debian binary packages. Implies \-\-tgz, but doesn't conflict with \-\-tgz=FULLPATH. It requires ar utility.
.TP
\fB\-\-tar[=FULLPATH]\fR
This option supports non\-compressed archives.
This option supports non\-compressed tar archives. In most cases the unpacker built into libclamav is enough.
.TP
\fB\-\-tgz[=FULLPATH]\fR
This option supports tar.gz and .tgz files. You need GNU tar, on non\-Linux system you probably have it installed as gtar. If it's in $PATH, please use \-\-tgz=gtar in other case please pass a full path.
This option supports tar.gz and .tgz files. You need GNU tar, on non\-Linux system you probably have it installed as gtar. If it's in $PATH, please use \-\-tgz=gtar in other case please pass a full path. In most cases the unpacker built into libclamav is enough.
.SH"EXAMPLES"
.LP
.TP
(0) Scan selected file:
(0) Scan a single file:
\fBclamscan file\fR
.TP
(1) Scan current working directory:
(1) Scan a current working directory:
\fBclamscan\fR
.TP
@ -174,20 +176,20 @@ This option supports tar.gz and .tgz files. You need GNU tar, on non\-Linux syst
\fBclamscan \-r /home\fR
.TP
(3) Load database from selected file and limit disk usage to 50 Mb:
(3) Load database from a file and limit disk usage to 50 MB:
freshclam updates the virus database. It's a part of the Clam AntiVirus package. It requires an Internet connection.
freshclam is a virus database update tool for ClamAV.
.SH"OPTIONS"
.LP
Freshclam reads its configuration from freshclam.conf. The settings can be overwritten with command line options.
@ -26,21 +25,21 @@ Be verbose. This option causes freshclam to print many additional informations.
Be quiet \- output only error messages.
.TP
\fB\-\-stdout\fR
Write all messages to the standard output (stdout), instead of the standard error output (stderr).
Write all messages to stdout.
.TP
\fB\-l FILE, \-\-log=FILE\fR
Save download report in FILE.
Write download report to FILE.
.TP
\fB\-\-datadir=DIRECTORY\fR
Install new database in DIRECTORY. The directory must be writable for the 'clamav' user or unprivileged user running freshclam.
.TP
\fB\-u USER, \-\-user USER\fR
Run as USER. By default (when started by root) freshclam drops privileges and works as the 'clamav' user.
Run as USER. By default (when started by root) freshclam drops privileges and operates as the 'clamav' user.
.TP
\fB\-d, \-\-daemon\fR
Run in a daemon mode. This option requires \-\-checks.
\fB\-p FILE, \-\-pid=FILE\fR
Save daemon's pid in FILE.
Write daemon's pid to FILE.
.TP
\fB\-\-no\-dns\fR
This option forces old non\-DNS verification method (without a TTL delay).
@ -49,7 +48,7 @@ This option forces old non\-DNS verification method (without a TTL delay).
Check #n times per day for a new database. #n must be between 1 and 50.
.TP
\fB\-\-daemon\-notify=/path/to/clamd.conf\fR
Notify the daemon about the new database. By default it reads a hardcoded config file but you can use an another one. Both local and TCP sockets are supported.
Notify the daemon about the new database. By default it reads a hardcoded config file but you can use a different one. Both local and TCP sockets are supported.
.TP
\fB\-a IP, \-\-local\-address=IP\fR
Use (local) IP for HTTP downloads. Useful for multi\-homed systems. If binding fails for whatever reason, a warning is issued and freshclam behaves like without this flag.
@ -62,6 +61,9 @@ Execute COMMAND after successful update.
.TP
\fB\-\-on\-outdated\-execute=COMMAND\fR
Execute COMMAND when freshclam reports outdated version. In the command string %v will be replaced by the new version number.
.TP
\fB\-\-list\-mirrors\fR
Pring mirror details from mirrors.dat (cache file for the mirror manager).
.SH"EXAMPLES"
.LP
.TP
@ -118,4 +120,4 @@ Please check the full documentation for credits.
\fBfreshclam.conf\fR\- Configuration file for Clam AntiVirus Database Updater
\fBfreshclam.conf\fR\- Configuration file for Clam AntiVirus database update tool
.SH"DESCRIPTION"
.LP
The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1).
.SH"FILE FORMAT"
The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are of the following types:
The file consists of comments and options with arguments. Each line which starts with a hash (\fB#\fR) symbol is ignored by the parser. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The arguments are of the following types:
.TP
\fBBOOL\fR
Boolean value (yes/no or true/false or 1/0).
.TP
\fBSTRING\fR
String without blank characters.
@ -29,7 +31,7 @@ When started by root, drop privileges to a specified user.
.br
Default: @CLAMAVUSER@
.TP
\fBAllowSupplementaryGroups\fR
\fBAllowSupplementaryGroups BOOL\fR
Initialize supplementary group access (freshclam must be started by root).
.br
Default: disabled
@ -39,7 +41,7 @@ Path to a directory containing database files.
.br
Default: @DBDIR@
.TP
\fBChecks NUM\fR
\fBChecks NUMBER\fR
Number of database checks per day.
.br
Default: 12
@ -49,28 +51,28 @@ Enable logging to a specified file. Highly recommended.
.br
Default: disabled.
.TP
\fBLogSyslog\fR
\fBLogSyslog BOOL\fR
Enable logging to Syslog. May be used in combination with UpdateLogFile.
.br
Default: disabled.
.TP
\fBLogFacility\fR
\fBLogFacility STRING\fR
Specify the type of syslog messages \- please refer to 'man syslog' for facility names.
.br
Default: LOG_LOCAL6
.TP
\fBPidFile\fR
This option allows you to save the process identifier of the daemon.
\fBPidFile STRING\fR
This option allows you to save the process identifier of the daemon to a file specified in the argument.
.br
Default: disabled
.TP
\fBLogVerbose\fR
\fBLogVerbose BOOL\fR
Enable verbose logging.
.br
Default: disabled
.TP
\fBDNSDatabaseInfo STRING\fR
This directive enables database and software version verification through DNS TXT records.
This directive enables database and software version checks through DNS TXT records.
.br
Default: enabled, pointing to current.cvd.clamav.net
.TP
@ -79,8 +81,8 @@ Server name where database updates are downloaded from. In order to download the
.br
Default: database.clamav.net
.TP
\fBMaxAttempts NUM\fR
Freshclam(1) tries every mirror this number of times before switching to the next mirror.
\fBMaxAttempts NUMBER\fR
How many attempts (per mirror) to make before giving up.
.br.
Default: 3 (per mirror)
.TP
@ -89,10 +91,10 @@ With this option you can control scripted updates. It's highly recommended to ke
Proxy usage is authenticated through given username and password.
.br.
Default: no proxy authentication
@ -107,8 +109,8 @@ Use \fBIP\fR as client address for downloading databases. Useful for multi homed
.br.
Default: Use OS\'es default outgoing IP address.
.TP
\fBNotifyClamd \[STRING\]\fR
Notify a running clamd(8) to reload its database after a download has occurred. Optionally a clamd.conf(5) file location may be given to tell freshclam(1) how to communicate with clamd(8).
\fBNotifyClamd STRING\fR
Notify a running clamd(8) to reload its database after a download has occurred. The path for clamd.conf file must be provided.
.br.
Default: The default is to not notify clamd. See clamd.conf(5)\'s option SelfCheck for how clamd(8) handles database updates in this case.
.TP
@ -127,24 +129,22 @@ Execute this command after a database update has failed.
.br
Default: disabled
.TP
\fBConnectTimeout\fR
\fBConnectTimeout NUMBER\fR
Timeout in seconds when connecting to database server.
.br
Default: 10
.TP
\fBReceiveTimeout\fR
\fBReceiveTimeout NUMER\fR
Timeout in seconds when reading from database server.
.br
Default: 30
.SH"NOTE"
While not reasonable, any configuration option from clamd.conf(5) may be given.
.SH"FILES"
.LP
@CFGDIR@/freshclam.conf
.SH"AUTHOR"
.LP
Thomas Lamy <thomas.lamy@netwake.de>
Thomas Lamy <thomas.lamy@netwake.de>, Tomasz Kojm <tkojm@clamav.net>
sigtool can be used to generate MD5 checksums, convert data
into hexadecimal format, and build/unpack CVD databases. It's also to verify digital signatures of databases and list virus signature names.
sigtool can be used to generate MD5 checksums, convert data into hexadecimal format, list virus signatures and build/unpack/test/verify CVD databases and update scripts.
.SH"OPTIONS"
.LP
@ -24,7 +22,7 @@ Print version number and exit.
Be quiet \- output only error messages.
.TP
\fB\-\-stdout\fR
Write all messages (except forlibclamav output) to the standard output (stdout).
Write all messages to stdout.
.TP
\fB\-\-hex\-dump\fR
Read data from stdin and write hex string to stdout.
@ -35,12 +33,14 @@ Generate MD5 checksum from stdin or MD5 sigs for FILES.
\fB\-\-html\-normalise=FILE\fR
Create normalised HTML files comment.html, nocomment.html, and script.html in current working directory.
.TP
\fB\-\-utf16\-decode=FILE\fR
Decode UTF16 encoded data.
.TP
\fB\-\-vba=FILE\fR
Extract VBA/Word6 macros from given MS Office document.
.TP
\fB\-\-vba\-hex=FILE\fR
Extract Word6 macros from given MS Office document, and
display the corresponding hex values.
Extract Word6 macros from given MS Office document and display the corresponding hex values.
.TP
\fB\-i, \-\-info\fR
Print a CVD information and verify MD5 and a digital signature.
@ -49,13 +49,22 @@ Print a CVD information and verify MD5 and a digital signature.
Build a CVD file. \-s, \-\-server is required.
.TP
\fB\-\-server\fR
ClamAV Signing Service address (for virus database developers only).
ClamAV Signing Service address (for virus database maintainers only).
.TP
\fB\-\-unpack, \-u\fR
Unpack a selected CVD file to a current directory.
\fB\-\-unpack FILE, \-u FILE\fR
Unpack FILE (CVD) to a current directory.
.TP
\fB\-\-unpack\-current\fR
Unpack a local CVD file to a current directory.
Unpack a local CVD file (main or daily) to current directory.
Tomasz Kojm
19 years ago