You can view the documentation below, or browse our GitHub Repository, where you can contribute to user manual and FAQ.
General | Installing ClamAV | How to Report A Bug | Miscellaneous FAQ | ClamAV Virus Database FAQ | End of Life Policy (EOL) | Potentially Unwanted Applications (PUA) | Mailing Lists FAQ | Troubleshooting FAQ | Safebrowsing | Upgrading ClamAV | ClamAV on Microsoft Windows FAQ | How do I ignore/whitelist a ClamAV signature? | Which Version of ClamAV should I use? | Uninstalling ClamAV | ClamAV Overview | Interpreting Scan Alerts FAQ | Freshclam FAQ
Manual | Clam AntiVirus 0.101.0 User Manual
Manual | UserManual | Installing ClamAV on Unix / Linux / macOS from Source | Installing ClamAV on Windows | Introduction | LibClamAV | On-Access Scanning | Creating signatures for ClamAV | Usage | ClamAV Development
Manual | UserManual | Installation-Unix | Installation on Debian and Ubuntu Linux Distributions | Installation on macOS (Mac OS X) | Installation on Redhat and CentOS Linux Distributions
Manual | UserManual | Signatures | Trusted and Revoked Certificates | Body-based Signature Content Format | Bytecode Signatures | Signatures based on container metadata | Database Info | Dynamic Configuration (DCONF) | Passwords for archive files \[experimental\] | Extended signature format | File Type Magic | ClamAV File Types | Functionality Levels (FLEVELs) | File hash signatures | Logical signatures | PhishSigs | Whitelist databases | Using YARA rules in ClamAV
Manual | UserManual | Usage | Configuration | Scanning | Signature Testing and Management
Additional | Microsoft Authenticode Signature Verification | Private Local Mirrors
ClamAV 0.95 introduced support for Google Safe Browsing database.
The Safebrowsing database is packed inside a CVD file and distributed through our mirror network. This feature is disabled by default on all installations and should be enabled with extreme care.
All signatures provided by Google Safe Browsing Database will be prefixed with the Safebrowsing tag. If ClamAV reports Safebrowsing.<something> FOUND
, it means that the advisory was provided by Google and not by ClamAV Virus database.
Please note that such reports DO NOT necessarily mean that the data scanned contains some malware. You should treat such data as a potential risk, that is a suspicious source of malware.
If you want to know more about the potentially dangerous data matched by the signature, you should visit http://www.antiphishing.org (for phishing warnings) or http://www.stopbadware.org (for malware warnings).
In order to enable this feature, you must add SafeBrowsing Yes
to freshclam.conf
.
There is no option in clamd.conf
. If the engine finds Google Safe Browsing files in the database directory, ClamAV will enable safe browsing. To turn it off you need to update freshclam.conf and remove the safebrowsing files from the database directory before restarting clamd.