The following FAQ should help you understand how ClamAV CVD signature databases work and any issues you may experience working with them.
If you're unable to find an answer to your question in the FAQ, you can seek help in our clamav-users mailing list, on our Discord server, or by submitting an issue on GitHub. The mailing list archives and existing Github issues (open or closed) may also have an answer to your question.
Please consider contributing answered questions back to this FAQ, and improving the quality of these answers, by submitting pull requests to our documentation source repository.
ClamAV comes with FreshClam, a tool which periodically checks for new database releases and keeps your database up to date. It is encouraged that you update to at least version 0.103.2, which respects our bandwidth limitations.
The virus database is usually updated once or twice per day. Sign up for our VirusDB mailing list to see our response times to new threats. The virusdb team tries to keep up with the latest threats in the wild. You can contribute to make the virusdb updating process more efficient by submitting samples of viruses via our "Contact" page on ClamAV.net.
Before publishing a CVD update, we verify that it can be correctly loaded by the last two stable release series of ClamAV.
Before publishing a CVD update, we test it for false positives using the latest stable release of ClamAV. If you want to avoid problems with false positives, you must run the latest stable version of ClamAV. Please stay tuned to our EOL policy for what versions are actively supported.
I tried to submit a sample through the web interface, but it said the sample is already recognized by ClamAV. My ClamScan tells me it's not. I have already updated my database and ClamAV engine, what's wrong with my setup?
Please run ClamScan with the
--alert-broken option. Also check that FreshClam and ClamScan are using the same path for storing/reading the database.
I found an infected file in my HD/USB/mailbox, but ClamAV doesn't recognize it yet. Can you help me?
Our virus database is kept up to date with the help of the community. Whenever you find a new virus which is not detected by ClamAV you should complete this form. The virusdb team will review your submission and update the database if necessary. Before submitting a new sample: - check that the value of
DatabaseDirectory, in both
freshclam.conf, is the same - and update your database by running FreshClam to ensure you've scanned it with the latest virus database.
I'm running ClamAV on a lot of clients on my local network. Can I serve the cvd files from a local server so that each client doesn't have to download them from your servers?
Sure, you can find more details on our Private Local Mirror page.
If you want to take advantage of incremental updates, install a proxy server and then configure your FreshClam clients to use it (watch for the HTTPProxyServer parameter in
The second possible solution is to:
Configure a local webserver on one of your machines (say
Let FreshClam download the
*.cvdfiles from http://database.clamav.net to the webserver's DocumentRoot.
freshclam.confon your clients so that it includes:
DatabaseMirror machine1.mylan ScriptedUpdates off
First the database will be downloaded to the local webserver and then the other clients on the network will update their copy of the database from it.
Important: For this to work, you have to add
ScriptedUpdates offon all of your machines!
No problem, save your own signatures in a text file with the appropriate extension (see our signature writing documentation for more information). Put the signature files in the same directory where the
.cvd files are located. This is typically
/var/lib/clamav. ClamAV will load it after the official
.cvd files. You do not need to sign your custom database files.
This practice is discouraged, please use either FreshClam or CVDUpdate to update your definitions. Please check out our FreshClam FAQ and our Private Mirror Documentation for further information and links to CVDUpdate.
I am getting error codes such as 403, 429, etc when FreshClam (or other update system) attempts to download updates
For other questions regarding issues with FreshClam, see our FreshClam Troubleshooting FAQ.