Clam Antivirus

Virus scanner for mail and files.

A handy script for adding more goodies

#extra signatures to catch spam and phishing
#or look at
#and now the script itself
cd $LOCATION || exit -1
$WGET --timestamping && ${GUNZIP} -f phish.ndb.gz
$WGET --timestamping && ${GUNZIP} -f scam.ndb.gz
$WGET --timestamping
$WGET --timestamping
$WGET -O - > mbl.db
/usr/sbin/chown clamav:clamav *
killall -HUP clamd



Can't open file or directory ERROR

Could be apparmor, then

apt-get install apparmor-utils
aa-complain /usr/sbin/clamd

This would make it complain instead of deny

ERROR: Can't send to clamd: Broken pipe

grep -r LocalSocket /etc/clam*


Amavis not finding socket clamd.ctl

Means clamd is busy handling the queue after a powre failure or such, the socket won't be created before it's done.



That's from

Milter (clmilter): local socket name /var/run/clamav/clmilter.sock unsafe

Usually means something like clamd not running.


LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set

Try --bytecode-timeout=120000

LibClamAV Warning: Bytecode run timed out in interpreter after 5000 opcodes



Ignoring mirror x.x.x.x (due to previous errors)

try removing mirrors.dat and daily.cvd


LibClamAV Error: CRITICAL: fmap() failed

haha yeah, good luck


Can't allocate memory ERROR

Some file too big?


Exclude dir

clamscan --exclude-dir='/foo/b.*r'



scan.conf: ExcludePath /foo/*/bar ? REGEX suggests using ^/foo/.*/bar/

WARNING: Directory recursion limit reached

Change MaxDirectoryRecursion in clamd configuration, default is 15

Whitelisting file

sigtool --sha1 somefile >> /var/lib/clamav/whitelist.sfp

and restart clamd if that's used


Freshclam: ERROR: getpatch: Can't download daily-26337.cdiff from

Probably an outdated freshclam

ERROR: downloadFile: Unexpected response (403) from

If you are receiving a 403, 503, or 1020 error codes when downloading from Cloudflare, then you are either explicitly blocked, using an EOL'ed version of ClamAV or you are downloading incorrectly.