The following FAQ should help you understand why
freshclam may have failed to fetch the latest updates.
If you're unable to find an answer to your question in the FAQ, you can seek help in our clamav-users mailing list, on our Discord server, or by submitting an issue on GitHub. The mailing list archives and existing Github issues (open or closed) may also have an answer to your question.
Please consider contributing answered questions back to this FAQ, and improving the quality of these answers, by submitting pull requests to our documentation source repository.
If you've installed ClamAV and are running Freshclam as root or with
sudo but don't have a
clamav user account for Freshclam to run as, you may encounter this error:
ERROR: Failed to get information about user "clamav". Create the "clamav" user account for freshclam to use, or set the DatabaseOwner config option in freshclam.conf to a different user. For more information, see https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html ERROR: Initialization error!
You can resolve this issue by following these steps to create a
clamav service account.
If the database directory exists but is not owned by the user account that Freshclam is being run as, you may encounter this error:
ERROR: Can't create freshclam.dat in /usr/local/share/clamav Hint: The database directory must be writable for UID 1000 or GID 1000 ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error!
To resolve this issue, change ownership of the directory to the appropriate user account.
For example if you're running Freshclam under your user account "bob", something like this may resolve the issue:
sudo chown -R bob /usr/local/share/clamav
If running Freshclam as root (or with
sudo), then Freshclam will try to automatically switch to run as the
clamav user, or whichever user is specified as the
freshclam.conf. Run this to resolve the issue:
sudo chown -R clamav /usr/local/share/clamav
On Linux/Unix systems, Freshclam uses openssl to validate certificates for TLS connections. It relies on finding the openssl CA bundle in the default path. You may encounter the following error if you're missing the
ca-certificates package, or on some distributions where the path to the CA bundle has been customized:
WARNING: Download failed (77) WARNING: Message: Problem with the SSL CA cert (path? access rights? WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
First you may try installing the
ca-certificates package. If that is already installed, or the issue persists, then you may need to set the
CURL_CA_BUNDLE environment variable to direct Freshclam to the path of the CA bundle on your system.
For example, on openSUSE you may need to set
CURL_CA_BUNDLE=/var/lib/ca-certificates/ca-bundle.pem. You can test this by running:
If this resolves the issue, you may wish to export the
CURL_CA_BUNDLE variable in your
.bashrc file or the equivalent for your shell.
CURL_CA_BUNDLEvariable is also used by ClamSubmit.
There is a problem with your DNS server. Please check the entries in
/etc/resolv.conf and verify that you can resolve the
TXT record manually:
$ host -t txt current.cvd.clamav.net
If you can't, it means your network is broken. You'll be still able to download the updates, but you'll waste a lot of bandwidth checking for updates. Please note that some not RFC compliant DNS servers (namely the one shipped with the Alcatel (now Thomson) SpeedTouch 510 modem) can't resolve
TXT record. If that's the case, please recompile ClamAV with the flag
Either your dns servers are not working or you are blocking
port 53/tcp. You should manually check that you can resolve hostnames with:
$ host database.clamav.net
If it doesn't work, check your dns settings in
/etc/resolv.conf. If it works, check that you can receive dns answers longer than 512 bytes, e.g. check that your firewall is not blocking packets which originate from
port 53/tcp. An easy way to find it out is:
$ dig @ns1.clamav.net db.us.big.clamav.net
For some reason, incremental update failed. FreshClam can recover from this situation by downloading the whole daily.cvd.
For some reason, the content delivery network is not serving the latest updates yet. If you experience this problem, please report the issue on GitHub Issues.
Update failed. Your network may be down or the ClamAV database content delivery network is experiencing an outage
It's not your lucky day. Your network may be down or the ClamAV database content delivery network is experiencing an outage. Please wait a few minutes and try again. Remember to pass the
-v option to freshclam.
Starting from ClamAV 0.9x, whenever your ClamAV engine becomes outdated and the difference between the functionality level required by the CVD and the functionality level supported by your ClamAV engine is more than 3, freshclam will refuse to check for updates more often than 6 times per day.
The reason for this is that bandwidth can be expensive. It is not helpful to generate extra traffic on our content delivery network if you cannot take advantage of all the signatures anyway. If you really care about catching as much malware as possible and you want to check for updates more often than 6 times per day, then you should also not run such an old version of ClamAV.
This message does NOT indicate that you are unable to download the latest CVD update! You'll get this message whenever a new version of ClamAV is released. In order to detect all the latest viruses, it's not enough to keep your database up to date. You also need to run the latest version of the scanner.
The functionality level of the database determines which scanner engine version is required to use all of its signatures. If you don't upgrade immediately you will still be able to download the latest CVD updates but the engine won't be able to use ALL of them.
If you are experiencing this problem, please do the following: Stop the
freshclam daemon if it's running, delete both
daily.cvd, then restart the
freshclam daemon. FreshClam will then download a new
daily.cvd and will be up-to-date.
If you are receiving a 403, 503, or 1020 error codes when downloading from Cloudflare, then you are either explicitly blocked, using an EOL'ed version of ClamAV or you are downloading incorrectly.
If FreshClam is failing and you're not sure why, you may run
freshclam -v for "Verbose Mode" to see the HTTP request & response details (ClamAV 0.102+).
After checking that you are using a current version of ClamAV, please discontinue whatever method of download you are using and immediately move to using either FreshClam or cvdupdate. These are the two supported methods for downloading AV updates from ClamAV. All other methods may be rate limited, or blocked at our discretion. Use of Wget, Curl, or other command line tools that are scripted are explicitly denied.
If you are receiving a 429, that means you are rate limited. You're downloading too fast or too much. Please use Freshclam or cvdupdate. If you are using a shared hosting provider, like Amazon AWS, Google Cloud Computing, Oracle, Azure, etc, you will most likely be rate limited, however cvdupdate should handle this gracefully. If you continue to receive these, we recommend you try from a different external IP address.
If you are receiving a 403 specifically on the safebrowsing.cvd file, please read this blog post immediately!
Are you running a version of FreshClam/ClamAV lower than
0.103.2? If so, you should immediately upgrade to at least 0.103.2.
If you have checked all of the above and you are still seeing errors, please open a ticket using the below link.
Please report freshclam update failures or issues on GitHub Issues.