Additionally Linux Malware Detect can be configured to use ClamAV® when scanning and file monitoring. ClamAV is an open source anti-virus engine used in a variety of situations including web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.


  • Command-line scanner
  • Milter interface for postfix
  • Advanced database updater with support for scripted updates and digital signatures
  • Virus database updated multiple times per day
  • Built-in support for all standard mail file formats
  • Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
  • Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
  • Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF

Updating signatures

Centos / RHEL users can manually run the freshclam command to update any ClamAV database signatures. On Centos/RHEL the freshcam command is run by a cron and on Debian/Ubuntu freshclam has its own running service.:


Signatures are stored in the directory /var/lib/clamav.

PHP Malware Signatures

We supplement the ClamAV signtures with Malware Expert PHP signatures. You can remove these signatures by going to Settings -> Signature Settings -> Database custom URLs. - A generic Hex pattern PHP malware, which can cause false positive alarms, because there are generic eval, base64 and other hex pattern signatures (very low false positive rate). - Static MD5 pattern for files, and there are no false positive. - LDB signatures which use multi-words search for malware in files. - False positives.

Reporting Malware

If you have a virus that is not detected by ClamAV, please fill out and the ClamAV Detection Content Team will review your submission and update the virus database.

Related Files

File Description
/etc/clamd.d/scan.conf Configuration file for ClamAV on Centos 7 / RHEL 7
/etc/clamd.conf Configuration file for ClamAV on Centos 6 / RHEL 6
/etc/clamav/clamd.conf Configuration file for ClamAV on Debian / Ubuntu
/etc/freshclam.conf Configuration file for ClamAV signature updates on Centos / RHEL
/etc/clamav/freshclam.conf Configuration file for ClamAV signature updates on Debian / Ubuntu