## ## clamd - automatically generated by clamconf 0.97.2 ## # Save all reports to a log file. # Default: disabled LogFile /var/clamav/clamd.log # By default the log file is locked for writing and only a single # daemon process can write to it. This option disables the lock. # Default: yes #LogFileUnlock no # Maximum size of the log file. Value of 0 disables the limit. # NOTE: If the application starts and the maximum size has already been reach, # logging gets disabled. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 0 LogFileMaxSize 0 # Log time with each message. # Default: yes LogTime yes # Log all clean files. For debugging (drastically increases log size). # Default: disabled #LogClean yes # Use the system logger (can work together with LogFile). # Default: disabled #LogSyslog yes # Type of syslog messages. Please refer to 'man syslog' for the facility names. # Default: LOG_LOCAL6 #LogFacility # Enable verbose logging. # Default: disabled #LogVerbose yes # Log additional information about the infected file, such as its # size and hash, together with the virus name. # Default: disabled #ExtendedDetectionInfo yes # Save the process ID to a file. # Default: disabled #PidFile /var/clamav/clamd.pid # This option allows you to change the default temporary directory. # Default: disabled #TemporaryDirectory /tmp # This option allows you to change the default database directory. # If you enable it, please make sure it points to the same directory in # both clamd and freshclam. # Default: /var/clamav DatabaseDirectory /var/clamav # Only load the official signatures published by the ClamAV project. # Default: no #OfficialDatabaseOnly yes # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /var/clamav/clamd.sock # Sets the permissions on the unix socket to the specified mode. # Default: 666 LocalSocketMode 666 # Remove a stale socket after unclean shutdown # Default: yes FixStaleSocket yes # A TCP port number the daemon will listen on. # Default: disabled #TCPSocket 3310 # By default clamd binds to INADDR_ANY. This option allows you to restrict the # TCP address and provide some degree of protection from the outside world. # Default: disabled #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 200 #MaxConnectionQueueLength 30 # Close the STREAM session when the data size limit is exceeded. # The value should match your MTA's limit for the maximum attachment size. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 26214400 StreamMaxLength 10M # The STREAM command uses an FTP-like protocol. This option sets the # lower boundary for the port range. # Default: 1024 #StreamMinPort 1024 # This option sets the upper boundary for the port range. # Default: 2048 #StreamMaxPort 2048 # Maximum number of threads running at the same time. # Default: 10 MaxThreads 20 # This option specifies the time (in seconds) after which clamd should # timeout if a client doesn't provide any data. # Default: 120 #ReadTimeout 120 # This option specifies the time (in seconds) after which clamd should # timeout if a client doesn't provide any initial command after connecting. # Default: 5 #CommandReadTimeout 5 # This option specifies how long to wait (in miliseconds) if the send buffer # is full. Keep this value low to prevent clamd hanging. # Default: 500 #SendBufTimeout 200 # Maximum number of queued items (including those being processed by MaxThreads # threads). It is recommended to have this value at least twice MaxThreads # if possible. # WARNING: you shouldn't increase this too much to avoid running out of file # descriptors, the following condition should hold: # MaxThreads * MaxRecursion + MaxQueue - MaxThreads + 6 < RLIMIT_NOFILE # (usual max for RLIMIT_NOFILE is 1024) # Default: 100 #MaxQueue 200 # This option specifies how long (in seconds) the process should wait # for a new job. # Default: 30 #IdleTimeout 60 # Don't scan files/directories whose names match the provided # regular expression. This option can be specified multiple times. # Default: disabled ExcludePath ^/proc/ #ExcludePath ^/sys/ # Maximum depth the directories are scanned at. # Default: 15 #MaxDirectoryRecursion 15 # Follow directory symlinks. # Default: no #FollowDirectorySymlinks yes # Follow symlinks to regular files. # Default: no #FollowFileSymlinks yes # Scan files and directories on other filesystems. # Default: yes #CrossFilesystems no # This option specifies the time intervals (in seconds) in which clamd # should perform a database check. # Default: 600 #SelfCheck 600 # Execute a command when a virus is found. In the command string %v will be # replaced with the virus name. Additionally, two environment variables will # be defined: $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME. # Default: disabled #VirusEvent /usr/bin/mailx -s "ClamAV VIRUS ALERT: %v" alert < /dev/null # Stop the daemon when libclamav reports an out of memory condition. # Default: no ExitOnOOM yes # Don't fork into background. # Default: no #Foreground yes # Enable debug messages in libclamav. # Default: disabled #Debug yes # Don't remove temporary files (for debugging purposes). # Default: no #LeaveTemporaryFiles yes # With this option enabled ClamAV will load bytecode from the database. It is # highly recommended you keep this option on, otherwise you'll miss detections # for many new viruses. # Default: yes #Bytecode no # Set bytecode security level. Possible values: # TrustSigned - trust bytecode loaded from signed .c[lv]d files, # insert runtime safety checks for bytecode loaded from other # sources. This is recommended, because bytecode in .cvd files # already has these checks. # Paranoid - don't trust any bytecode, insert runtime checks for all. # Default: TrustSigned #BytecodeSecurity Paranoid # Set bytecode timeout in miliseconds. # # Default: 5000 #BytecodeTimeout 5000 # Allow loading bytecode from outside digitally signed .c[lv]d files. # Default: no #BytecodeUnsigned yes # Set bytecode execution mode. Possible values: # Auto - automatically choose JIT if possible, fallback to interpreter. # ForceJIT - always choose JIT, fail if not possible. # ForceIntepreter - always choose interpreter. # Test - run with both JIT and interpreter and compare results. Make all # failures fatal. # Default: Auto #BytecodeMode # Detect Potentially Unwanted Applications. # Default: no #DetectPUA yes # Exclude a specific PUA category. This directive can be used multiple times. # See http://www.clamav.net/support/pua for the complete list of PUA # categories. # Default: disabled #ExcludePUA NetTool #ExcludePUA PWTool # Only include a specific PUA category. This directive can be used multiple # times. # Default: disabled #IncludePUA Spy #IncludePUA Scanner #IncludePUA RAT # In some cases (eg. complex malware, exploits in graphic files, and others), # ClamAV uses special algorithms to provide accurate detection. This option # controls the algorithmic detection. # Default: yes #AlgorithmicDetection no # PE stands for Portable Executable - it's an executable file format used # in all 32- and 64-bit versions of Windows operating systems. This option # allows ClamAV to perform a deeper analysis of executable files and it's also # required for decompression of popular executable packers such as UPX or FSG. # Default: yes #ScanPE no # Executable and Linking Format is a standard format for UN*X executables. # This option allows you to control the scanning of ELF files. # Default: disabled #ScanELF yes # With this option enabled clamav will try to detect broken executables # (both PE and ELF) and mark them as Broken.Executable. # Default: no #DetectBrokenExecutables yes # Enable the built in email scanner. # Default: yes ScanMail yes # Scan RFC1341 messages split over many emails. You will need to # periodically clean up $TemporaryDirectory/clamav-partial directory. # WARNING: This option may open your system to a DoS attack. Please don't use # this feature on highly loaded servers. # Default: no #ScanPartialMessages yes # With this option enabled ClamAV will try to detect phishing attempts by using # signatures. # Default: yes #PhishingSignatures no # Scan URLs found in mails for phishing attempts using heuristics. # Default: yes #PhishingScanURLs no # Always block cloaked URLs, even if they're not in the database. # This feature can lead to false positives. # Default: no #PhishingAlwaysBlockCloak yes # Always block SSL mismatches in URLs, even if they're not in the database. # This feature can lead to false positives. # Default: no #PhishingAlwaysBlockSSLMismatch yes # Allow heuristic match to take precedence. # When enabled, if a heuristic scan (such as phishingScan) detects # a possible virus/phish it will stop scan immediately. Recommended, saves CPU # scan-time. # When disabled, virus/phish detected by heuristic scans will be reported only # at the end of a scan. If an archive contains both a heuristically detected # virus/phish, and a real malware, the real malware will be reported. # Keep this disabled if you intend to handle "*.Heuristics.*" viruses # differently from "real" malware. # If a non-heuristically-detected virus (signature-based) is found first, # the scan is interrupted immediately, regardless of this config option. # Default: yes HeuristicScanPrecedence yes # Enable the Data Loss Prevention module to detect SSN and Credit Card numbers # inside documents/text files. # Default: no #StructuredDataDetection yes # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. # Default: 3 #StructuredMinCreditCardCount 5 # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 #StructuredMinSSNCount 5 # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz. # Default: no #StructuredSSNFormatNormal yes # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz # Default: no #StructuredSSNFormatStripped yes # Perform HTML/JavaScript/ScriptEncoder normalisation and decryption. # Default: yes #ScanHTML no # This option enables scanning of OLE2 files, such as Microsoft Office # documents and .msi files. # Default: yes #ScanOLE2 yes # With this option enabled OLE2 files with VBA macros, which were not # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". # Default: no #OLE2BlockMacros no # This option enables scanning within PDF files. # Default: yes #ScanPDF yes # Scan within archives and compressed files. # Default: yes #ScanArchive yes # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: no #ArchiveBlockEncrypted yes # This option sets the maximum amount of data to be scanned for each input file. # Archives and other containers are recursively extracted and scanned up to this # value. The value of 0 disables the limit. # WARNING: disabling this limit or setting it too high may result in severe # damage. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 104857600 #MaxScanSize 100M # Files/messages larger than this limit won't be scanned. Affects the input file # itself as well as files contained inside (when the input file is an archive, # document or some other kind of container). The value of 0 disables the limit. # WARNING: disabling this limit or setting it too high may result in severe # damage to the system. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 26214400 #MaxFileSize 25M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This option specifies how # deeply the process should be continued. The value of 0 disables the limit. # WARNING: disabling this limit or setting it too high may result in severe # damage to the system. # Default: 16 #MaxRecursion 16 # Number of files to be scanned within an archive, a document, or any other # container file. The value of 0 disables the limit. # WARNING: disabling this limit or setting it too high may result in severe # damage to the system. # Default: 10000 #MaxFiles 10000