2
freshclam.conf – Configuration file for Clam AntiVirus Database Updater
· Posted by nguyen in Linux Docs
DESCRIPTION
The file freshclam.conf configures the Clam AntiVirus Database Updater,
freshclam(1).
The file consists of comments and options with arguments. Each line
that starts with a hash (#) symbol is a comment. Options and arguments
are case sensitive and of the form Option Argument. The (possibly
optional) arguments are of the following types:
STRING String without blank characters.
SIZE Size in bytes. You can use ’M’ or ’m’ modifiers for megabytes
and ’K’ or ’k’ for kilobytes.
NUMBER Unsigned integer.
DIRECTIVES
When an option is not used (hashed or doesn’t exist in the configuraâ€
tion file) freshclam takes a default action.
Example
If this option is set freshclam will not run.
DatabaseOwner STRING
When started by root, drop privileges to a specified user.
Default:
AllowSupplementaryGroups
Initialize supplementary group access (freshclam must be started
by root).
Default: disabled
DatabaseDirectory STRING
Path to a directory containing database files.
Default: /var/lib/clamav/
Checks NUM
Number of database checks per day.
Default: 12
UpdateLogFile STRING
Enable logging to a specified file. Highly recommended.
Default: disabled.
LogSyslog
Enable logging to Syslog. May be used in combination with
UpdateLogFile.
Default: disabled.
LogFacility
Specify the type of syslog messages – please refer to ’man sysâ€
log’ for facility names.
Default: LOG_LOCAL6
PidFile
This option allows you to save the process identifier of the
daemon.
Default: disabled
LogVerbose
Enable verbose logging.
Default: disabled
DNSDatabaseInfo STRING
This directive enables database and software version verificaâ€
tion through DNS TXT records.
Default: enabled, pointing to current.cvd.clamav.net
DatabaseMirror STRING
Server name where database updates are downloaded from. In order
to download the database from the closest mirror you should conâ€
figure freshclam to use db.xy.clamav.net where xy represents
your country code. If this option is given multiple times,
freshclam(1) tries them in the order given. It’s strongly recomâ€
mended that you use db.xy.clamav.net as the first mirror and
database.clamav.net as the second.
Default: database.clamav.net
MaxAttempts NUM
Freshclam(1) tries every mirror this number of times before
switching to the next mirror.
Default: 3 (per mirror)
HTTPProxyServer STR, HTTPProxyPort NUM
Use given proxy server and TCP port for database downloads.
HTTPProxyUsername STR,HTTPProxyPassword STR
Proxy usage is authenticated through given username and passâ€
word.
Default: no proxy authentication
LocalIPAddress IP
Use IP as client address for downloading databases. Useful for
multi homed systems.
Default: Use OS´es default outgoing IP address.
NotifyClamd [STRING]
Notify a running clamd(8) to reload its database after a downâ€
load has occurred. Optionally a clamd.conf(5) file location may
be given to tell freshclam(1) how to communicate with clamd(8).
Default: The default is to not notify clamd. See clamd.conf(5)´s
option SelfCheck for how clamd(8) handles database updates in
this case.
OnUpdateExecute STRING
Execute this command after the database has been successfully
updated.
Default: disabled
OnErrorExecute STRING
Execute this command after a database update has failed.
Default: disabled
NOTE
While not reasonable, any configuration option from clamd.conf(5) may
be given.
FILES
/etc/clamav/freshclam.conf
AUTHOR
Lamy,T,. freshclam.conf – Configuration file for Clam AntiVirus Database Updater, Available from:
< http://manpages.ubuntu.com/manpages/dapper/man5/freshclam.conf.html> [02/11/2008/]
Clam AV nuts and bolts
To install Clam Antivirus:
sudo apt-get install clamav
(Providing that your /etc/apt/sources.list file is up to date, you will get a good recent version of Clam antivirus installed on your machine.)
To update your virus definitions:
freshclam
To check files in your home directory:
clamscan
To check files in the entire home directory:
clamscan -r /home
To check files on the entire drive (displaying everything):
clamscan -r /
To check files on the entire drive but only display infected files and ring a bell when found:
clamscan -r –bell –mbox -i /
Run Clam AV from a terminal window!
Why would you run an antivirus scan on an Ubuntu Linux Hoary computer. At this time, the only reason is if you transfer files back and forth to a Windows machine or transfer/serve email. There are yet no known virus/worm/trojan/root-violation problems with properly set-up Ubuntu computers. However, if you use a Hoary distribution as a computer to transfer files from one location to another, they originate/end up on Windows machines, or if you want to scan a network.. this can be useful.
Here is a sample readout from: clamscan -r –bell –mbox -i /home
Quote:
clamscan -r –bell –mbox -i /home
(infected file would be listed here)
———– SCAN SUMMARY ———–
Known viruses: 33840
Scanned directories: 145
Scanned files: 226
Infected files: 1
Data scanned: 54.22 MB
I/O buffer size: 131072 bytes
Time: 20.831 sec (0 m 20 s)
Here is a sample readout from freshclam :
Quote:
root@ubuntu4:/etc/clamav # freshclam
ClamAV update process started at Wed Apr 27 00:06:47 2005
main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
daily.cvd is up to date (version: 855, sigs: 714, f-level: 4, builder: ccordes)
To find out what version you have:
Quote:
root@ubuntu4:/etc/clamav # clamscan -V
ClamAV 0.83/855/Tue Apr 26 06:40:32 2005
You can use the –remove flag (clamscan –remove) too automatically remove virus-infected files, but it is not recommended it. Sometimes, clam AV will figure a file is a virus when it is not. Thus, I look at the results and make a decision whether a file should be removed.
For learning about more flags for clamscan, try man clamscan or info clamscan
You can use the at command to schedule clamscan and/or freshclam.
For example:
at 3:30 tomorrow
at>freshclam
at>
job 3 at 2005-04-28 03:30
(You have scheduled and confirmed that the Clam AV update will occur at 3:30 AM tomorrow.
crazybill; April 27th, 2005
http://ubuntuforums.org/showthread.php?t=30060
No tags
