This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Configuring Antivirus Scans for Linux

This Article Applies to:

  • Avast Business Antivirus for Linux

For full Linux-related documentation, see Avast Business Antivirus for Linux Technical Guide.


Avast Manual Page

The Avast package contains the standard Antivirus scanner and a command line scan utility. Avast is the antivirus scan service for Linux where clients (shields, etc) connect to the service's UNIX socket to perform scan requests, and receive scan results.

The manual page format is: avast [OPTIONS]


  • -h: Print short usage info and exit
  • -V: Print the program version and exit
  • -d DIR: Verify that DIR is a valid data directory and contains a valid VPS. If the exit code is nonzero, than the VPS is missing or invalid. The check may generate some data files in the VPS directory if they are missing but can be generated from the corresponding "source" files
  • -c FILE: Set configuration file path to FILE. The default configuration file is /etc/avast/avast.conf
  • -q: Quiet mode; do not log to stderr
  • -v: Verbose mode; increase log level (-v = INFO, -vv = DEBUG)

Configuration File

The configuration file format is a .ini consisting of KEYWORD = VALUE entries, each on a separate line. Lines beginning with a semicolon are treated as comments and ignored. Keys may be grouped into arbitrarily named sections, where the section name appears on a line by itself in square brackets.

The configuration file is re-read on HUP signal by the program, but only the entries in the Options section are reloaded. Changes to the global parameters are ignored.

Global Parameters

  • RUN_DIR: Run directory. The PID file is stored here
  • TEMP_DIR: Temporary directory. The program temporary files are stored here
  • DATA_DIR: Data directory. Contains the virus definitions database and various other data files used by Avast.
  • SOCKET: Path to the UNIX socket used by the clients to connect to the scan service. The socket is created by Avast at service start
  • LICENSE: Path to the license file
  • WHITELIST: Path to a whitelist file. The whitelist file contains sha256 hashes of files that shall not be reported as infections even though detected by the scan engine. The file format is one sha256 hash in text mode per line. Hash mark (#) prefixed comments can be used in the file
  • SUBMIT: Path to the submit utility. If enabled (see Options ▸ Statistics below), the submit utility creates and sends reports about infected and suspicious files to the Avast virus lab


  • CREDENTIALS: If enabled, Avast performs a UNIX socket credentials check, whenever a new client is connecting. If the client's effective UID does not match the effective UID of the Avast process, or the client's effective GID does not match the avast effective GID or any avast supplementary group GID, the connection is refused
  • STATISTICS: If enabled, Avast creates statistics submits about detected malicious files
  • HEURISTICS: If enabled, Avast creates heuristics submits about suspicious files detected during the scan
  • STREAMING_UPDATES: If enabled, the scan service establishes a permanent network connection to the Avast cloud and retrieves virus definitions updates instantly as they are released. Streaming updates are an addition to the regular virus database updates; they do not replace them.
    • You always get all the streamed updates in the next regular virus definitions database update