clamd.conf(5) Clam AntiVirus clamd.conf(5)
NAME
clamd.conf - Configuration file for Clam AntiVirus Daemon
DESCRIPTION
clamd.conf configures the Clam AntiVirus daemon, clamd(8).
FILE FORMAT
The file consists of comments and options with arguments. Each line
which starts with a hash (#) symbol is ignored by the parser. Options
and arguments are case sensitive and of the form Option Argument. The
arguments are of the following types:
BOOL Boolean value (yes/no or true/false or 1/0).
STRING String without blank characters.
SIZE Size in bytes. You can use M or m modifiers for megabytes
and K or k for kilobytes.
NUMBER Unsigned integer.
DIRECTIVES
When some option is not used (commented out or not included in the con
figuration file at all) clamd takes a default action.
Example
If this option is set clamd will not run.
LogFile STRING
Enable logging to selected file.
Default: no
LogFileUnlock BOOL
Disable a system lock that protects against running clamd with
the same configuration file multiple times.
Default: no
LogFileMaxSize SIZE
Limit the size of the log file. The logger will be automatically
disabled if the file is greater than SIZE. Value of 0 disables
the limit.
Default: 1M
LogTime BOOL
Log time for each message.
Default: no
LogClean BOOL
Log clean files.
Default: no
LogSyslog BOOL
Use system logger (can work together with LogFile).
Default: no
LogFacility STRING
Specify the type of syslog messages - please refer to man sys
log for facility names.
Default: LOG_LOCAL6
LogVerbose BOOL
Enable verbose logging.
Default: no
PidFile STRING
Save the process identifier of a listening daemon (main thread)
to a specified file.
Default: no
TemporaryDirectory STRING
Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp).
DatabaseDirectory STRING
Path to a directory containing database files.
Default: /var/lib/clamav/
LocalSocket STRING
Path to a local (Unix) socket the daemon will listen on.
Default: no
FixStaleSocket BOOL
Remove stale socket after unclean shutdown.
Default: yes
TCPSocket NUMBER
TCP port number the daemon will listen on.
Default: no
TCPAddr STRING
TCP socket address to bind to. By default clamd binds to
INADDR_ANY.
Default: no
MaxConnectionQueueLength NUMBER
Maximum length the queue of pending connections may grow to.
Default: 15
MaxThreads NUMBER
Maximum number of threads running at the same time.
Default: 10
ReadTimeout NUMBER
Waiting for data from a client socket will timeout after this
time (seconds).
Default: 120
IdleTimeout NUMBER
Waiting for a new job will timeout after this time (seconds).
Default: 30
ExcludePath REGEX
Dont scan files and directories matching REGEX. This directive
can be used multiple times.
Default: scan all
MaxDirectoryRecursion NUMBER
Maximum depth directories are scanned at.
Default: 15
FollowDirectorySymlinks BOOL
Follow directory symlinks.
Default: no
FollowFileSymlinks BOOL
Follow regular file symlinks.
Default: no
SelfCheck NUMBER
Perform a database check.
Default: 1800
VirusEvent COMMAND
Execute COMMAND when a virus is found. In the command string %v
will be replaced with the virus name.
Default: no
ExitOnOOM BOOL
Stop daemon when libclamav reports out of memory condition.
Default: no
User STRING
Run as another user (clamd must be started by root to make this
option working).
Default: no
AllowSupplementaryGroups BOOL
Initialize supplementary group access (clamd must be started by
root).
Default: no
Foreground BOOL
Dont fork into background.
Default: no
Debug BOOL
Enable debug messages from libclamav.
LeaveTemporaryFiles BOOL
Do not remove temporary files (for debug purpose).
Default: no
StreamMaxLength SIZE
Clamd uses FTP-like protocol to receive data from remote
clients. If you are using clamav-milter to balance load between
remote clamd daemons on firewall servers you may need to tune
the Stream* options. This option allows you to specify the upper
limit for data size that will be transfered to remote daemon
when scanning a single file. It should match your MTAs limit
for a maximum attachment size.
Default: 10M
StreamMinPort NUMBER
Limit data port range.
Default: 1024
StreamMaxPort NUMBER
Limit data port range.
Default: 2048
DetectPUA
Detect Possibly Unwanted Applications.
Default: No
ExcludePUA CATEGORY
Exclude a specific PUA category. This directive can be used mul
tiple times. See http://www.clamav.net/support/pua for the com
plete list of PUA categories.
Default: Load all categories (if DetectPUA is activated)
IncludePUA CATEGORY
Only include a specific PUA category. This directive can be used
multiple times. See http://www.clamav.net/support/pua for the
complete list of PUA categories.
Default: Load all categories (if DetectPUA is activated)
AlgorithmicDetection BOOL
In some cases (eg. complex malware, exploits in graphic files,
and others), ClamAV uses special algorithms to provide accurate
detection. This option controls the algorithmic detection.
Default: yes
ScanPE BOOL
PE stands for Portable Executable - its an executable file for
mat used in all 32 and 64-bit versions of Windows operating sys
tems. This option allows ClamAV to perform a deeper analysis of
executable files and its also required for decompression of
popular executable packers such as UPX.
Default: yes
ScanELF BOOL
Executable and Linking Format is a standard format for UN*X exe
cutables. This option allows you to control the scanning of ELF
files.
Default: yes
DetectBrokenExecutables BOOL
With this option clamd will try to detect broken executables
(both PE and ELF) and mark them as Broken.Executable.
Default: no
ScanOLE2 BOOL
This option enables scanning of OLE2 files, such as Microsoft
Office documents and .msi files.
Default: yes
ScanPDF BOOL
This option enables scanning within PDF files.
Default: yes
ScanHTML BOOL
Enables HTML detection and normalisation.
Default: yes
ScanMail BOOL
Enable scanning of mail files.
Default: yes
MailFollowURLs BOOL
If an email contains URLs ClamAV can download and scan them.
WARNING: This option may open your system to a DoS attack. Never
use it on loaded servers.
Default: no
ScanPartialMessages BOOL
Scan RFC1341 messages split over many emails. You will need to
periodically clean up $TemporaryDirectory/clamav-partial direc
tory. WARNING: This option may open your system to a DoS attack.
Never use it on loaded servers.
Default: no
MailMaxRecursion NUMBER (OBSOLETE)
WARNING: This option is no longer accepted. See MaxRecursion.
PhishingSignatures BOOL
With this option enabled ClamAV will try to detect phishing
attempts by using signatures.
Default: yes
PhishingScanURLs BOOL
Scan URLs found in mails for phishing attempts using heuristics.
This will classify "Possibly Unwanted" phishing emails as Phish
ing.Heuristics.Email.*
Default: yes
PhishingAlwaysBlockSSLMismatch BOOL
Always block SSL mismatches in URLs, even if the URL isnt in
the database. This can lead to false positives.
Default: no
PhishingAlwaysBlockCloak BOOL
Always block cloaked URLs, even if URL isnt in database. This
can lead to false positives.
Default: no
HeuristicScanPrecedence BOOL
Allow heuristic match to take precedence. When enabled, if a
heuristic scan (such as phishingScan) detects a possible
virus/phishing it will stop scanning immediately. Recommended,
saves CPU scan-time. When disabled, virus/phishing detected by
heuristic scans will be reported only at the end of a scan. If
an archive contains both a heuristically detected virus/phish
ing, and a real malware, the real malware will be reported. Keep
this disabled if you intend to handle "*.Heuristics.*" viruses
differently from "real" malware. If a non-heuristically-detected
virus (signature-based) is found first, the scan is interrupted
immediately, regardless of this config option.
Default: no
StructuredDataDetection BOOL
Enable the DLP module.
Default: no
StructuredMinCreditCardCount NUMBER
This option sets the lowest number of Credit Card numbers found
in a file to generate a detect.
Default: 3
StructuredMinSSNCount NUMBER
This option sets the lowest number of Social Security Numbers
found in a file to generate a detect.
Default: 3
StructuredSSNFormatNormal BOOL
With this option enabled the DLP module will search for valid
SSNs formatted as xxx-yy-zzzz.
Default: Yes
StructuredSSNFormatStripped BOOL
With this option enabled the DLP module will search for valid
SSNs formatted as xxxyyzzzz.
Default: No
ScanArchive BOOL
Enable archive scanning.
Default: yes
ArchiveMaxFileSize (OBSOLETE)
WARNING: This option is no longer accepted. See MaxFileSize and
MaxScanSize.
ArchiveMaxRecursion (OBSOLETE)
WARNING: This option is no longer accepted. See MaxRecursion.
ArchiveMaxFiles (OBSOLETE)
WARNING: This option is no longer accepted. See MaxFiles.
ArchiveMaxCompressionRatio (OBSOLETE)
WARNING: This option is no longer accepted.
ArchiveBlockMax (OBSOLETE)
WARNING: This option is no longer accepted.
ArchiveLimitMemoryUsage BOOL
Use slower decompression algorithm which uses less memory. This
option only affects the bzip2 decompressor.
Default: no
ArchiveBlockEncrypted BOOL
Mark encrypted archives as viruses (Encrypted.Zip,
Encrypted.RAR).
Default: no
MaxScanSize SIZE
Sets the maximum amount of data to be scanned for each input
file. Archives and other containers are recursively extracted
and scanned up to this value. Warning: disabling this limit or
setting it too high may result in severe damage to the system.
Default: 100M
MaxFileSize SIZE
Files larger than this limit wont be scanned. Affects the input
file itself as well as files contained inside it (when the input
file is an archive, a document or some other kind of container).
Warning: disabling this limit or setting it too high may result
in severe damage to the system.
Default: 25M
MaxRecursion NUMBER
Nested archives are scanned recursively, e.g. if a Zip archive
contains a RAR file, all files within it will also be scanned.
This options specifies how deeply the process should be contin
ued. Warning: disabling this limit or setting it too high may
result in severe damage to the system.
Default: 16
MaxFiles NUMBER
Number of files to be scanned within an archive, a document, or
any other kind of container. Warning: disabling this limit or
setting it too high may result in severe damage to the system.
Default: 10000
ClamukoScanOnAccess BOOL
Enable Clamuko. Dazuko (/dev/dazuko) must be configured and run
ning.
Default: no
ClamukoScanOnOpen BOOL
Scan files on open.
Default: no
ClamukoScanOnClose BOOL
Scan files on close.
Default: no.
ClamukoScanOnExec BOOL
Scan files on execute.
Default: no
ClamukoIncludePath STRING
Set the include paths (all files and directories inside them
will be scanned). You can have multiple ClamukoIncludePath
directives but each directory must be added in a separate line).
Default: no
ClamukoExcludePath STRING
Set the exclude paths. All subdirectories will also be excluded.
Default: no
ClamukoMaxFileSize SIZE
Ignore files larger than SIZE.
Default: 5M
FILES
/etc/clamav/clamd.conf
AUTHOR
Tomasz Kojm
SEE ALSO
clamd(8), clamdscan(1), clamav-milter(8), clamscan(1), freshclam(1),
sigtool(1)
ClamAV 0.94.2 February 12, 2007 clamd.conf(5)
|
