To my reading that page gives you all the answers to your questions.
cvdupdate grabs the cdiffs (and apparently daily.cvd etc) from the
public CDN.
You then expose those downloaded files to your internal network however
you find convenient, and configure freshclam on your internal clients to
use the URL you've configured the files to be served from.
There is no "dns.txt" file; there is a TXT record in DNS that declares
the current signature definition versions. cvdupdate and freshclam both
use this by default to determine if an update is needed.
About halfway down that page:
====
Tip: If the freshclam clients will not have access to the internet to
perform that DNS lookup, you may wish to set DNSDatabaseInfo no in your
freshclam.conf file. freshclam may complain that the DNS lookup to "no"
failed, which is fine. It will fall-back to checking the database
version using an HTTP Range-request to your server.
====
-kgd
Khedkar, Atish via clamav-users wrote:
Hello @Joel Esler <mailto:[email protected]>, I have gone through the
shared link before asking the question. I understood we can create
mirror repo using freshclam or cvdupdate. The freshclam sync only cvd
and cld files. However, I want use cvdupdate to sync cvd and cdiff
(patch) files. That’s why questions was around cvdupdate. As per the
documentation, I believe that cvdupdate does not allow to customize the
database URL and skip dns.txt file. Please let me know I had missed
anything.
Thanks,
Atish Khedkar
*From:*Joel Esler <[email protected]>
*Sent:* Thursday, July 24, 2025 9:59 PM
*To:* ClamAV users ML <[email protected]>
*Cc:* Brendan Bell (brebell) <[email protected]>; Khedkar, Atish
<[email protected]>
*Subject:* [EXTERNAL] Re: [clamav-users] Need help on clamav database
mirroring.
Atish —
Have you read Brendan’s link?
Hosting a Private Database Mirror - ClamAV Documentation
<https://urldefense.com/v3/__https:/docs.clamav.net/appendix/CvdPrivateMirror.html?highlight=setting*20DatabaseMirror*use-cvdupdate-to-serve-whole-databases-and-database-patch-files-from-a-private-mirror__;JSM!!PEZBYkTc!fv0qpaOkADJAc-XSube9I8s9-tS0ZsMzgoMDtLCgooRDg8qC2xpBeHWlV3RINMLaXW9244BlcWB_OAG0Jg$>
docs.clamav.net
<https://urldefense.com/v3/__https:/docs.clamav.net/appendix/CvdPrivateMirror.html?highlight=setting*20DatabaseMirror*use-cvdupdate-to-serve-whole-databases-and-database-patch-files-from-a-private-mirror__;JSM!!PEZBYkTc!fv0qpaOkADJAc-XSube9I8s9-tS0ZsMzgoMDtLCgooRDg8qC2xpBeHWlV3RINMLaXW9244BlcWB_OAG0Jg$>
<https://urldefense.com/v3/__https:/docs.clamav.net/appendix/CvdPrivateMirror.html?highlight=setting*20DatabaseMirror*use-cvdupdate-to-serve-whole-databases-and-database-patch-files-from-a-private-mirror__;JSM!!PEZBYkTc!fv0qpaOkADJAc-XSube9I8s9-tS0ZsMzgoMDtLCgooRDg8qC2xpBeHWlV3RINMLaXW9244BlcWB_OAG0Jg$>
How to set up a private mirror is all documented there.
On Jul 24, 2025, at 01:45, Khedkar, Atish via clamav-users
<[email protected]
<mailto:[email protected]>> wrote:
Thanks@Brendan Bell (brebell) <mailto:[email protected]>for your help.
I have understood the client side freshclam configuration. I had
questions regarding cvdupdate application.
1. How to set custom target database URL instead
ofhttps://database.clamav.net
<https://urldefense.com/v3/__https:/database.clamav.net__;!!PEZBYkTc!aCVJ9EUumSmnWXgWa3QcXdEIj__rMfsN7kcesIJJ_gDXRLhFODaxn6-TbaJOSxW8qCUBc4qycw9D_vxB$>?
2. How to skip dns.txt download? We don’t want to host a DNS
database info server. It will be private database mirror repo.
Thanks,
Atish Khedkar
*From:*Brendan Bell (brebell) <[email protected]
<mailto:[email protected]>>
*Sent:*Tuesday, July 22, 2025 10:37 PM
*To:*[email protected]
<mailto:[email protected]>
*Cc:*Khedkar, Atish <[email protected]
<mailto:[email protected]>>
*Subject:*[EXTERNAL] Re: Need help on clamav database mirroring.
Hello Atish,
Apologies for the delay.
If I have correctly understood you question I believe you may want
to look into the following solutions.
1. Try setting DatabaseMirror in freshclam.conf to point at their
primary node. A little more detail can be found
here:https://docs.clamav.net/appendix/CvdPrivateMirror.html?highlight=setting%20DatabaseMirror#use-cvdupdate-to-serve-whole-databases-and-database-patch-files-from-a-private-mirror
<https://urldefense.com/v3/__https:/docs.clamav.net/appendix/CvdPrivateMirror.html?highlight=setting*20DatabaseMirror*use-cvdupdate-to-serve-whole-databases-and-database-patch-files-from-a-private-mirror__;JSM!!PEZBYkTc!aCVJ9EUumSmnWXgWa3QcXdEIj__rMfsN7kcesIJJ_gDXRLhFODaxn6-TbaJOSxW8qCUBc4qyc6N8Kf_N$>
2. We always recommend updating to the newest available version to
get the latest security fixes. Currently 1.0.9 or 1.4.3 are the
recommended versions. You can ignore dns.txt unless you are looking
to host a DNS database info server. As long as you keep your private
mirror updating at least every 24 hours you don't need to host a DNS
database server.
There is nothing specific you need to do to support different
clamav client versions in your deployment. It is best to upgrade
older clients to ones supported versions in order to get the latest
security fixes. Right now these are 1.0.9 or 1.4.3. You can ignore
dns.txt unless you wish to host a DNS database info server. You
don't need to, so long as you keep your private mirror relatively up
to date (updating at least every 24 hours).
------------------------------------------------------------------------
*From:* clamav-users <[email protected]
<mailto:[email protected]>> on behalf of
Khedkar, Atish via clamav-users <[email protected]
<mailto:[email protected]>>
*Sent:* Wednesday, July 16, 2025 11:48 AM
*To:* [email protected]
<mailto:[email protected]><[email protected]
<mailto:[email protected]>>
*Cc:* Khedkar, Atish <[email protected]
<mailto:[email protected]>>
*Subject:* [clamav-users] Need help on clamav database mirroring.
Hello Team,
There are multiple clamav (along with freshclam) nodes are deployed
in our Cloud Data Center. These clamav nodes are directly connecting
to public clamav database. That causes the connect rate limit on
this CDN as expected. The deployed clamav nodes can be on various
version (ranging from 0.104 to 1.4.0)
As mentioned in clamav FAQ, we are setting up private mirror
repository as shown below in attached image. Following is our thought:
1. Set up a*multi-pod ClamAV mirror repository* architecture with
a*primary/secondary model.*
1. The primary node which runs cvd update every 6 hours and
stores .cvd, .cdiff, .cld, dns.txt etc.
2. The secondary node using cvd update should sync data from
primary node.
2. Primary and Secondary nodes should maintain patches cdiff files
also.
Based on above requirement, I have following question:
1. How to set custom target database URL instead
ofhttps://database.clamav.net
<https://urldefense.com/v3/__https:/database.clamav.net__;!!PEZBYkTc!aCVJ9EUumSmnWXgWa3QcXdEIj__rMfsN7kcesIJJ_gDXRLhFODaxn6-TbaJOSxW8qCUBc4qycw9D_vxB$>?
In my case, how can I pass my primary repo URL?
2. If my client clamav version is ranging from 0.104 to 1.4.0 then
what thing I need to take care in mirror repository? Any thing
related to dns.txt?
Thanks,
Atish Khedkar
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
<https://urldefense.com/v3/__https:/lists.clamav.net/mailman/listinfo/clamav-users__;!!PEZBYkTc!fv0qpaOkADJAc-XSube9I8s9-tS0ZsMzgoMDtLCgooRDg8qC2xpBeHWlV3RINMLaXW9244BlcWD9eGB2bA$>
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
<https://urldefense.com/v3/__https:/github.com/Cisco-Talos/clamav-documentation__;!!PEZBYkTc!fv0qpaOkADJAc-XSube9I8s9-tS0ZsMzgoMDtLCgooRDg8qC2xpBeHWlV3RINMLaXW9244BlcWCwxhHI8Q$>
https://docs.clamav.net/#mailing-lists-and-chat
<https://urldefense.com/v3/__https:/docs.clamav.net/*mailing-lists-and-chat__;Iw!!PEZBYkTc!fv0qpaOkADJAc-XSube9I8s9-tS0ZsMzgoMDtLCgooRDg8qC2xpBeHWlV3RINMLaXW9244BlcWA2v9hXtA$>
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
