Table Of Contents


This user guide presents an overview of the various ways that libclamav can be used through the tools provided by ClamAV. To learn more about how to better use each facet of ClamAV that interests you, please follow the links provided.


The ClamAV Daemon, or clamd, is a multi-threaded daemon that uses libclamav to scan files for viruses. ClamAV provides a number of tools which interface with this daemon. They are, as follows:


ClamAV also provides a command-line tool for simple scanning tasks with libclamav called clamscan. Unlike the daemon, clamscan is not a persistent process and is best suited for use cases where one-time scanning with minimal setup is needed.

Signature Testing and Management

A number of tools allow for testing and management of signatures. Of note are the following:

  • clambc - specifically for testing bytecode
  • sigtool - for general signature testing and analysis
  • freshclam - used to update signature database sets to the latest version


The more complex tools ClamAV provides each require some degree of configuration. ClamAV supplies two example configuration files:

  • clamd.conf - for configuring the behavior of the ClamAV Daemon clamd and associated tools
  • freschclam.conf - for configuring the behavior of the signature database update tool, freshclam

ClamAV also provides a mail filtering tool called clamav-milter which can be attached to a clamd instance for mail scanning purposes.

Additionally, a tool called clamconf allows users to check the configurations used by each other tool, pulling information from the configuration files listed above, alongside other relevant information.