freshclam

Update virus definitions

$ freshclam

freshclam [options]

--help
    Display help and exit

--version
-V
    Print version information

-v
--verbose
    Increase verbosity level

--debug
    Enable debug messages

--quiet
    Be quiet, output only error messages

--stdout
    Write to stdout instead of log

--no-warnings
    Disable warnings

-c N
--checks=N
    Number of database checks (default 12)

-d
--daemon
    Run in daemon mode

-D
--foreground-daemon
    Run in foreground daemon mode

-p FILE
--pidfile=FILE
    Save PID to file

--user=USER
    Run as specific user

--config-file=FILE
    Use alternate config file

--datadir=DIRECTORY
    Use alternate datadir

--database-directory=DIRECTORY
    Use alternate database directory

--log=FILE
    Log to specific file

--local-directory=DIRECTORY
    Store updates locally

--http-timeout=N
    HTTP request timeout in seconds

--max-attempts=N
    Max download attempts per mirror

--connect-timeout=N
    Connect timeout in seconds

--proxy=HOST[:PORT]
    Use HTTP proxy

--proxy-username=USER
    Proxy username

--proxy-password=PASS
    Proxy password

--no-dns
    Disable DNS lookups

--disable-CDN
    Disable CDN mirrors

--on-error=action
    Error action: Continue, Exit, Quit

--list-mirrors
    List available mirrors

--force
    Force update check

--download=/path
    Download to specific path

Freshclam is the dedicated update tool for the ClamAV open-source antivirus engine on Unix-like systems. It fetches the latest virus signature databases, daily.cvd, bytecode.cvd, and standard.cld from official mirrors, ensuring the scanner has current threat definitions.

Designed for automated use, freshclam supports one-time updates or daemon mode for periodic checks (default every 2 hours after initial delay). It handles HTTP/HTTPS downloads, proxy support, and multiple mirrors for reliability. Logs are written to freshclam.log by default, with options for verbosity or quiet operation.

Commonly scheduled via cron (e.g., /etc/cron.d/clamav-freshclam), it runs as the clamav user/group for security. Configuration via freshclam.conf allows customizing mirrors, intervals, timeouts, and directories. On errors like network issues, it retries based on settings.

Essential for maintaining ClamAV effectiveness against evolving malware, freshclam verifies signatures with checksums and supports safe mode for locked databases during scans.

Requires internet access and write permissions to database directory (usually /var/lib/clamav). Daemon mode locks databases, preventing concurrent scans unless SafeBrowsing. Configurable via freshclam.conf; test with --no-warnings to suppress non-critical issues.

Primary config: /etc/clamav/freshclam.conf.
Key settings: DatabaseMirror urls, Checks interval, UpdateLogFile, DNSDatabaseInfo current.cvd.

Default cron: 0 */2 * * * /usr/bin/freshclam --quiet.
Adjust for custom intervals; ensure clamav user permissions.

Developed as part of ClamAV project (2002 by Tomasz Kojm), freshclam introduced in early versions for automated updates. Acquired by Sourcefire (2007), now Cisco Talos-maintained. Evolved with CDN support, better proxy handling in ClamAV 0.100+.

clamscan(1), clamdscan(1), clamd(8), freshclam.conf(5), clamav(8)