table of contents
freshclam(1) | Clam AntiVirus | freshclam(1) |
NAME¶
freshclam - update virus databases
SYNOPSIS¶
freshclam [options]
DESCRIPTION¶
freshclam is a virus database update tool for ClamAV.
OPTIONS¶
FreshClam reads its configuration from freshclam.conf. The settings can be overwritten with command line options.
- -h, --help
- Output help information and exit.
- -V, --version
- Print version number and exit.
- -v, --verbose
- Be verbose. This option causes freshclam to print much additional information.
- --debug
- Enable debug messages from LibClamAV.
- --quiet
- Be quiet - output only error messages.
- --no-warnings
- Don't print and log warnings.
- --stdout
- Write all messages to stdout.
- --show-progress
- Show download progress percentage.
- --config-file=FILE
- Read configuration from FILE.
- -l FILE, --log=FILE
- Log report to FILE.
- -d, --daemon
- Run in a daemon mode. Defaults to 12 checks per day unless otherwise specified by --checks or freshclam.conf.
- -p FILE, --pid=FILE
- Write the daemon's pid to FILE.
- -F, --foreground
- Don't fork into background (for use in daemon mode).
- -u USER, --user USER
- Run as USER. By default (when started by root) freshclam drops privileges and operates as the 'clamav' user.
- --no-dns
- This option forces old non-DNS verification method (without a TTL delay).
- -c #n, --checks=#n
- Check #n times per day for a new database. #n must be between 1 and 50.
- --datadir=DIRECTORY
- Install new database in DIRECTORY. The directory must be writable for the 'clamav' user or unprivileged user running freshclam, already exist, and be an absolute path.
- --daemon-notify=/path/to/clamd.conf
- Notify the daemon about the new database. By default it reads a hardcoded config file but you can use a different one. Both local and TCP sockets are supported.
- -a IP, --local-address=IP
- Use (local) IP for HTTP downloads. Useful for multi-homed systems. If binding fails for whatever reason, a warning is issued and freshclam behaves like without this flag.
- --on-update-execute=COMMAND
- Execute COMMAND after successful update.
- --on-error-execute=COMMAND
- Execute COMMAND if error occurred. Remember, that virus database freshness is the most important thing in anti-virus system. With this option freshclam can alert you (eg. send SMS) when something is going wrong.
- --on-outdated-execute=COMMAND
- Execute COMMAND when freshclam reports outdated version. In the command string %v will be replaced by the new version number.
- --update-db=DBNAME
- With this option you can limit updates to a subset of database files. The DBNAME should be "main", "daily", "bytecode", "safebrowsing" or one of the 3rd party database names. This option can be used multiple times and only works with the official and 3rd party databases distributed through the ClamAV mirrors, your custom databases (specified with DatabaseCustomURL in freshclam.conf) will not be ignored.
ENVIRONMENT VARIABLES¶
freshclam uses the following environment variables:
- CURL_CA_BUNDLE
- (Linux/Unix only, excluding macOS) May be set to the path of a file (bundle) containing one or more CA certificates. This will override the default openssl certificate path.
- FRESHCLAM_CLIENT_CERT
- May be set to the path of a file (PEM) containing the client certificate. This may be used for client authentication.
- FRESHCLAM_CLIENT_KEY
- May be set to the path of a file (PEM) containing the client private key. This is required if FRESHCLAM_CLIENT_CERT is set.
- FRESHCLAM_CLIENT_KEY_PASSWD
- May be set to a password for the client key PEM file. This is required if FRESHCLAM_CLIENT_KEY is set and the PEM file is password protected.
- Note that the CURL_CA_BUNDLE environment variable is also used by the curl command line tool for the same purpose.
EXAMPLES¶
- (0) Download database to default directory:
-
freshclam
- (1) Download database to current directory:
-
freshclam --datadir=.
- (2) Run as a daemon and check 2 times per day for new database:
-
freshclam -d -c 2
RETURN CODES¶
Some return codes of freshclam can be overwritten with a built-in command EXIT_n which can be passed to --on-*-execute, eg. --on-update-execute=EXIT_1 will force freshclam to always return 1 after successful database update.
- 0 : Database is up-to-date or successfully updated.
- 40: Unknown option passed.
- 50: Can't change directory.
- 51: Can't check MD5 sum.
- 52: Connection (network) problem.
- 53: Can't unlink file.
- 54: MD5 or digital signature verification error.
- 55: Error reading file.
- 56: Config file error.
- 57: Can't create new file.
- 58: Can't read database from remote server.
- 59: Mirrors are not fully synchronized (try again later).
- 60: Can't get information about 'clamav' user from /etc/passwd.
- 61: Can't drop privileges.
- 62: Can't initialize logger.
FILES¶
/etc/clamav/freshclam.conf
CREDITS¶
Please check the full documentation for credits.
AUTHOR¶
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
SEE ALSO¶
December 4, 2013 | ClamAV 1.4.1 |