Documentation
You can view the documentation below, or browse our GitHub Repository, where you can contribute to user manual and FAQ.
General | Installing ClamAV | How to Report A Bug | Miscellaneous FAQ | ClamAV Virus Database FAQ | End of Life Policy (EOL) | Potentially Unwanted Applications (PUA) | Mailing Lists FAQ | Troubleshooting FAQ | Safebrowsing | Upgrading ClamAV | ClamAV on Microsoft Windows FAQ | How do I ignore/whitelist a ClamAV signature? | Which Version of ClamAV should I use? | Uninstalling ClamAV | ClamAV Overview | Interpreting Scan Alerts FAQ | Freshclam FAQ
Manual | Clam AntiVirus User Manual
Manual | UserManual | Installing ClamAV on Unix / Linux / macOS from Source | Installing ClamAV on Windows | Introduction | LibClamAV | On-Access Scanning | Creating signatures for ClamAV | Usage | ClamAV Development
Manual | UserManual | Installation-Unix | Installation on Debian and Ubuntu Linux Distributions | Installation on macOS (Mac OS X) | Installation on Redhat and CentOS Linux Distributions
Manual | UserManual | Signatures | Trusted and Revoked Certificates | Body-based Signature Content Format | Bytecode Signatures | Signatures based on container metadata | Database Info | Dynamic Configuration (DCONF) | Passwords for archive files \[experimental\] | Extended signature format | File Type Magic | ClamAV File Types | Functionality Levels (FLEVELs) | File hash signatures | Logical signatures | PhishSigs | Whitelist databases | Using YARA rules in ClamAV
Manual | UserManual | Usage | Configuration | Scanning | Signature Testing and Management
Additional | Microsoft Authenticode Signature Verification | Private Local Mirrors
ClamAV Virus Database FAQ
What does WARNING: DNS record is older than 3 hours mean?
freshclam attempts to detect potential problems with DNS caches and switches to the old mode if something looks suspicious. If this message appears seldomly, you can safely ignore it. If you get the error everytime you run freshclam, check your system clock. If it is set correctly, check your dns settings. If those didn’t help, try putting this at the top of your cronjob:
host -t txt current.cvd.clamav.net; perl -e 'printf "%d\n", time;'
The 4th field of the first line should be less than 3 ∗ 3600 behind the output of the second line. If not, you have a caching DNS server somewhere misbehaving.
How often is the virus database updated?
The virus database is usually updated many times per week. Sign up for our VirusDB mailing list to see our response times to new threats. The virusdb team tries to keep up with the latest threats in the wild. You can contribute to make the virusdb updating process more efficient by submitting samples of viruses via our “Contact” page on ClamAV.net.
How many times per hour shall I run freshclam?
You can check for database update as often as 4 times per hour provided that you have the following options in freshclam.conf:
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
The last CVD update crashed my ClamAV installation. Why?
Before publishing a CVD update, we verify that it can be correctly loaded by the last two stable release series of ClamAV.
The last CVD update detects a lot of false positives on my system. Why?
Before publishing a CVD update, we test it for false positives using the latest stable release of ClamAV. If you want to avoid problems with false positives, you must run the latest stable version of ClamAV.
I tried to submit a sample through the web interface, but it said the sample is already recognized by ClamAV. My clamscan tells me it’s not. I have already updated my database and ClamAV engine, what’s wrong with my setup?
Please run clamscan with the --detect-broken option. Also check that freshclam and clamscan are using the same path for storing/reading the database.
I found an infected file in my HD/floppy/mailbox, but ClamAV doesn’t recognize it yet. Can you help me?
Our virus database is kept up to date with the help of the community. Whenever you find a new virus which is not detected by ClamAV you should complete this form. The virusdb team will review your submission and update the database if necessary. Before submitting a new sample: - check that the value of DatabaseDirectory, in both clamd.conf and freshclam.conf, is the same - update your database by running freshclam
How do I keep my virus database up to date?
ClamAV comes with freshclam, a tool which periodically checks for new database releases and keeps your database up to date.
I get this error when running freshclam: Invalid DNS reply. Falling back to HTTP mode or ERROR: Can’t query current.cvd.clamav.net . What does it mean?
There is a problem with your DNS server. Please check the entries in /etc/resolv.conf and verify that you can resolve the TXT record manually:
$ host -t txt current.cvd.clamav.net
If you can’t, it means your network is broken. You’ll be still able to download the updates, but you’ll waste a lot of bandwidth checking for updates.
I get this error when running freshclam: ERROR: Connection with ??? failed . What shall I do?
Either your dns servers are not working or you are blocking port 53/tcp. You should manually check that you can resolve hostnames with:
$ host database.clamav.net
If it doesn’t work, check your dns settings in /etc/resolv.conf. If it works, check that you can receive dns answers longer than 512 bytes, e.g. check that your firewall is not blocking packets which originate from port 53/tcp.
An easy way to find it out is:
$ dig @ns1.clamav.net db.us.big.clamav.net
How do I know if my IP address has been blacklisted?
Try to download daily.cvd with lynx or wget from the same machine that is running freshclam. Future versions of freshclam will provide a better way to deal with this.
What is the mirrors.dat file?
mirrors.dat is used by freshclam to keep track of broken mirrors. It avoids the unnecessary delays caused by trying to download a CVD update from a mirror which failed multiple times during the last 24 hours.
I’m running ClamAV on a lot of clients on my local network. Can I serve the cvd files from a local server so that each client doesn’t have to download them from your servers?
Sure, you can find more details on our Mirror page.
If you want to take advantage of incremental updates, install a proxy server and then configure your freshclam clients to use it (watch for the HTTPProxyServer parameter in man freshclam.conf).
The second possible solution is to:
-
Configure a local webserver on one of your machines (say
machine1.mylan) -
Let freshclam download the
*.cvdfiles from http://database.clamav.net to the webserver’s DocumentRoot. -
Finally, change
freshclam.confon your clients so that it includes:DatabaseMirror machine1.mylanScriptedUpdates offFirst the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it.
Important: For this to work, you have to add
ScriptedUpdates offon all of your machines!
I can’t wait for you to update the database! I need to use the new signature NOW!
No problem, save your own signatures in a text file with the appropriate extension. Put it in the same dir where the .cvd files are located. ClamAV will load it after the official .cvd files. You need not to sign the .db file .
Can I download the virusdb manually?
Yes, the virusdb can be downloaded from the Latest releases section on our home page.
I can’t resolve current.cvd.clamav.net! Is there a problem with your/my DNS servers?
current.cvd.clamav.net has got only a TXT record, not a type A record! Try this command:
$ host -t txt current.cvd.clamav.net
Please note that some not RFC compliant DNS servers (namely the one shipped with the Alcatel (now Thomson) SpeedTouch 510 modem) can’t resolve TXT record. If that’s the case, please recompile ClamAV with the flag --enable-dns-fix.
© 2004 - 2020 Cisco and/or its affiliates. All rights reserved. | Privacy Policy | Sitemap
All content on this website, unless otherwise noted, is licensed under the Creative Commons Attribution - NoDerivs License.
