The following questions and answers may help you troubleshoot issues you may encounter when using ClamAV.
If you're unable to find an answer to your question in our FAQ, you can seek help in our clamav-users mailing list, on our Discord server, or by submitting an issue on GitHub. The mailing list archives and existing Github issues (open or closed) may also have an answer to your question.
Please consider contributing answered questions back to this FAQ, and improving the quality of these answers, by submitting pull requests to our documentation source repository.
You will need to edit the
freshclam.conf.example file located in
/usr/local/etc. Once that is done, you will need to run a
sudo freshclam to download the signatures. You will need to run the command to update signatures often so that ClamAV has the most up to date signatures.
You can check for database update as often as 4 times per hour provided that you have the following options in
DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror database.clamav.net
I get this error when running FreshClam: Invalid DNS reply. Falling back to HTTP mode or ERROR: Can't query current.cvd.clamav.net . What does it mean?
There is a problem with your DNS server. Please check the entries in /etc/resolv.conf and verify that you can resolve the TXT record manually:
host -t txt current.cvd.clamav.net
If you can't, it means your network is broken. You'll be still able to download the updates, but you'll waste a lot of bandwidth checking for updates.
FreshClam attempts to detect potential problems with DNS caches and switches to use HTTPS if something looks suspicious. If this message appears seldomly, you can safely ignore it. If you get the error every time you run FreshClam, check your system clock. If it is set correctly, check your dns settings. If those didn't help, try putting this at the top of your cronjob:
host -t txt current.cvd.clamav.net; perl -e 'printf "%d\n", time;'
The 4th field of the first line should be less than 3 ∗ 3600 behind the output of the second line. If not, you have a caching DNS server somewhere misbehaving.
Either your dns servers are not working or you are blocking port 53/tcp. You should manually check that you can resolve host names with:
If it doesn't work, check your dns settings in
/etc/resolv.conf. If it works, check that you can receive dns answers longer than 512 bytes, e.g. check that your firewall is not blocking packets which originate from
An easy way to find it out is:
dig @ns1.clamav.net db.us.big.clamav.net
Run FreshClam in verbose-mode (
-v) to view the HTTP requests and responses. If you're seeing an HTTP 403 response, then you may have been blocked. If think you've been blocked, feel free to contact us for help getting un-blocked. For more information about HTTP error codes, see the FreshClam FAQ
current.cvd.clamav.net has got only a TXT record, not a type A record! Try this command:
$ host -t txt current.cvd.clamav.net
Please note that some not RFC compliant DNS servers (namely the one shipped with the Alcatel (now Thomson) SpeedTouch 510 modem) can't resolve
TXT record. If that's the case, please recompile ClamAV with the flag
--enable-dns-fix if using
-D ENABLE_FRESHCLAM_DNS_FIX=ON if using CMake.
For other questions regarding issues with the signature databases, see our Virus Database FAQ.