You can view the documentation below, or browse our GitHub Repository, where you can contribute to user manual and FAQ.
General | Installing ClamAV | How to Report A Bug | Miscellaneous FAQ | ClamAV Virus Database FAQ | End of Life Policy (EOL) | Potentially Unwanted Applications (PUA) | Mailing Lists FAQ | Troubleshooting FAQ | Safebrowsing | Upgrading ClamAV | ClamAV on Microsoft Windows FAQ | Which Version of ClamAV should I use? | Uninstalling ClamAV | ClamAV Overview | Interpreting Scan Alerts FAQ | Freshclam FAQ | How do I ignore a ClamAV signature?
Manual | Clam AntiVirus User Manual
Manual | UserManual | Installing ClamAV on Unix / Linux / macOS from Source | Installing ClamAV on Windows | Introduction | LibClamAV | On-Access Scanning | Creating signatures for ClamAV | Usage | ClamAV Development
Manual | UserManual | Installation-Unix | Installation on Debian and Ubuntu Linux Distributions | Installation on macOS (Mac OS X) | Installation on Redhat and CentOS Linux Distributions
Manual | UserManual | Signatures | Trusted and Revoked Certificates | Body-based Signature Content Format | Bytecode Signatures | Signatures based on container metadata | Database Info | Dynamic Configuration (DCONF) | Passwords for archive files \[experimental\] | Extended signature format | File Type Magic | ClamAV File Types | Functionality Levels (FLEVELs) | File hash signatures | Logical signatures | PhishSigs | Using YARA rules in ClamAV | Allow list databases
Manual | UserManual | Usage | Configuration | Scanning | Signature Testing and Management
Additional | Microsoft Authenticode Signature Verification | Private Local Mirrors
There are some situations in which it may be desirable to set up a private mirror for distributing CVD updates.
If you run ClamAV on many clients on your network, each installation will download a copy of new .cdiff files. This is a waste of bandwidth and resources for your network and for our mirrors network.
Sometimes the servers which perform the scan are not directly connected to Internet and can only download updates from a server in the same network segment.
For people who face these problems, we recommend using one of the following 3 setups.
This solution is really easy to implement and is bandwidth efficient.
Install a proxy server (e.g. squid) and then tell your freshclam clients to use it. This can be done by setting the HTTPProxyServer parameter in freshclam.conf (see man 5 freshclam.conf for the details).
This solution is really simple to implement but it’s only effective if your clients are all on the same local network and bandwidth is not an issue for you.
Configure a local webserver on one of your machines (say machine1.mylan
) and let freshclam download the *.cvd
files from http://database.clamav.net to the webserver’s DocumentRoot.
Add the following line to freshclam.conf
on machine1.mylan
:
ScriptedUpdates no
First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it. For this to work you have to change freshclam.conf on each client so that it reads
PrivateMirror machine1.mylan
ScriptedUpdates no
This solution is bandwidth efficient but it’s a little bit trickier to set up and involves the use of custom scripts in place of freshclam.
Because of this, the scripts might need to be updated from time to time to cope with the corresponding changes in freshclam.
Configure a local webserver on one of your machines (say machine1.mylan
) and use this script developed by Frederic Vanden Poel to download the cvd
and cdiff
files into the DocumentRoot.
clamdownloader.pl
by Frederic Vanden Poel:
#!/usr/bin/env perl # # File name: clamdownloader.pl # Author: Frederic Vanden Poel # ############################################################################# # use strict; use warnings; use Net::DNS; my $clamdb="/tmp/clam"; # mirror where files such as daily-12133.cdiff exist my $mirror="http://database.clamav.net"; # get the TXT record for current.cvd.clamav.net my $txt = getTXT("current.cvd.clamav.net"); exit unless $txt; chdir($clamdb) || die ("Can't chdir to $clamdb : $!\n"); # dump the record in a file print "TXT from DNS: $txt\n"; open D, ">dns.txt"; print D "$txt"; close D; # temp dir for wget updates mkdir("$clamdb/temp"); # get what we need my ( $clamv, $mainv , $dailyv, $x, $y, $z, $safebrowsingv, $bytecodev ) = split /:/, $txt ; print "FIELDS main=$mainv daily=$dailyv bytecode=$bytecodev\n"; updateFile('main',$mainv); updateFile('daily',$dailyv); updateFile('bytecode',$bytecodev); sub getTXT { use Net::DNS; my $domain = shift @_; my $rr; my $res = Net::DNS::Resolver->new; my $txt_query = $res->query($domain,"TXT"); if ($txt_query) { return ($txt_query->answer)[0]->txtdata; } else { warn "Unable to get TXT Record : ", $res->errorstring, "\n"; return 0; } } sub getLocalVersion { my $file=shift @_; my $cmd="sigtool -i $clamdb/$file.cvd"; open P, "$cmd |" || die("Can't run $cmd : $!"); while (<P>) { next unless /Version: (\d+)/; return $1; } return -1; } sub updateFile { my $file=shift @_; my $currentversion=shift @_; my $old=0; if ( ! -e "$file.cvd" ) { warn "file $file.cvd does not exists, skipping\n"; } if ( ! -z "$file.cvd" ) { $old = getLocalVersion($file); if ( $old > 0 ) { print "$file old: $old current: $currentversion\n"; # mirror all the diffs for (my $count = $old + 1 ; $count <= $currentversion; $count++) { print `wget -nH -nd -N -nv $mirror/$file-$count.cdiff 2>&1`; } } else { warn "file $file.cvd version unknown, skipping cdiffs\n"; } } else { warn "file $file.cvd is zero, skipping cdiffs\n"; } return if ( $currentversion == $old ); # update the full file using a copy, then move back print `cp -v -a $file.cvd temp/$file.cvd 2>&1`; print `cd temp && wget -nH -nd -N -nv $mirror/$file.cvd 2>&1`; if ( -e "temp/$file.cvd" && ! -z "temp/$file.cvd" ) { if ( (stat("temp/$file.cvd"))[9] > (stat("$file.cvd"))[9] ) { print "file temp/$file.cvd is newer than $file.cvd\n"; print `mv -v temp/$file.cvd $file.cvd 2>&1`; } else { print "file temp/$file.cvd not touched by wget\n"; print `rm -v temp/$file.cvd`; } } else { warn "temp/$file.cvd is not valid, not copying back !\n"; unlink "temp/$file.cvd"; } } __END__
First the cvd
and cdiff
files will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it. For this to work you have to change freshclam.conf
on your clients so that it reads:
DatabaseMirror machine1.mylan
This solution isn’t necessarily bandwidth efficient, but very easy to deploy with pre-existing Cloud Foundry deployments. In a nutshell, it downloads the CVDs and stores them in-memory to serve them as an uber-fast mirror. While it is storing definitions in-memory, if the app is restarted/rebooted, it will reach out and re-download the CVDs. You can find the app here on Github, as well as instructions on how to push it to Cloud Foundry. The URL the app is configured with is where the ClamAV daemons can listen from.