You can view the documentation below, or browse our GitHub Repository, where you can contribute to user manual and FAQ.
General | Installing ClamAV | How to Report A Bug | Miscellaneous FAQ | ClamAV Virus Database FAQ | End of Life Policy (EOL) | Potentially Unwanted Applications (PUA) | Mailing Lists FAQ | Troubleshooting FAQ | Safebrowsing | Upgrading ClamAV | ClamAV on Microsoft Windows FAQ | Which Version of ClamAV should I use? | Uninstalling ClamAV | ClamAV Overview | Interpreting Scan Alerts FAQ | Freshclam FAQ | How do I ignore a ClamAV signature?
Manual | Clam AntiVirus User Manual
Manual | UserManual | Installing ClamAV on Unix / Linux / macOS from Source | Installing ClamAV on Windows | Introduction | LibClamAV | On-Access Scanning | Creating signatures for ClamAV | Usage | ClamAV Development | Contribute
Manual | UserManual | Installation-Unix | Installation on Debian and Ubuntu Linux Distributions | Installation on macOS (Mac OS X) | Installation on Redhat and CentOS Linux Distributions
Manual | UserManual | Signatures | Trusted and Revoked Certificates | Body-based Signature Content Format | Bytecode Signatures | Signatures based on container metadata | Database Info | Dynamic Configuration (DCONF) | Passwords for archive files \[experimental\] | Extended signature format | File Type Magic | ClamAV File Types | Functionality Levels (FLEVELs) | File hash signatures | Logical signatures | PhishSigs | Using YARA rules in ClamAV | Allow list databases
Manual | UserManual | Usage | Configuration | Scanning | Signature Testing and Management
Additional | Microsoft Authenticode Signature Verification | Private Local Mirrors
ClamAV comes with FreshClam, a tool which periodically checks for new database releases and keeps your database up to date. It is encouraged that you update to at least version 0.103.2, which respects our bandwidth limitations.
The virus database is usually updated once or twice per day. Sign up for our VirusDB mailing list to see our response times to new threats. The virusdb team tries to keep up with the latest threats in the wild. You can contribute to make the virusdb updating process more efficient by submitting samples of viruses via our “Contact” page on ClamAV.net.
Before publishing a CVD update, we verify that it can be correctly loaded by the last two stable release series of ClamAV. Please stay tuned to our EOL policy for what versions are actively supported.
Before publishing a CVD update, we test it for false positives using the latest stable release of ClamAV. If you want to avoid problems with false positives, you must run the latest stable version of ClamAV.
Please run ClamScan with the --alert-broken
option. Also check that FreshClam and ClamScan are using the same path for storing/reading the database.
Our virus database is kept up to date with the help of the community. Whenever you find a new virus which is not detected by ClamAV you should complete this form. The virusdb team will review your submission and update the database if necessary. Before submitting a new sample: - check that the value of DatabaseDirectory
, in both clamd.conf
and freshclam.conf
, is the same - and update your database by running FreshClam to ensure you’ve scanned it with the latest virus database.
Sure, you can find more details on our Private Local Mirror page.
If you want to take advantage of incremental updates, install a proxy server and then configure your FreshClam clients to use it (watch for the HTTPProxyServer parameter in freshclam.conf
).
The second possible solution is to:
Configure a local webserver on one of your machines (say machine1.mylan
)
Let FreshClam download the *.cvd
files from http://database.clamav.net to the webserver’s DocumentRoot.
Finally, change freshclam.conf
on your clients so that it includes:
DatabaseMirror machine1.mylan
ScriptedUpdates off
First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it.
Important: For this to work, you have to add ScriptedUpdates off
on all of your machines!
No problem, save your own signatures in a text file with the appropriate extension (see our signature writing documentation for more information). Put the signature file in the same directory where the .cvd
files are located. ClamAV will load it after the official .cvd
files. You do not need to sign the .db
file.
This practice is discouraged, please use either FreshClam or CvdUpdate to update your definitions. Please check out our FreshClam FAQ and our Private Mirror Documentation for further information and links to CvdUpdate.
Are you attempting to download safebrowsing.cvd and getting a 403? If so, take a look at this blog post, otherwise check out our Freshclam FAQ under the section on “Error Codes”
current.cvd.clamav.net
! Is there a problem with your/my DNS servers?current.cvd.clamav.net
has got only a TXT record, not a type A record! Try this command:
$ host -t txt current.cvd.clamav.net
Please note that some not RFC compliant DNS servers (namely the one shipped with the Alcatel (now Thomson) SpeedTouch 510 modem) can’t resolve TXT
record. If that’s the case, please recompile ClamAV with the flag --enable-dns-fix
if using ./configure
or -D ENABLE_FRESHCLAM_DNS_FIX=ON
if using CMake.
For other questions regarding issues with Freshclam, see our Freshclam Troubleshooting FAQ.