## ## milter - automatically generated by clamconf 0.103.3 ## # Save all reports to a log file. # Default: disabled LogFile /var/share/milter/clamav.log # By default the log file is locked for writing and only a single # daemon process can write to it. This option disables the lock. # Default: yes #LogFileUnlock no # Maximum size of the log file. # Value of 0 disables the limit. # NOTE: If the application starts and the maximum size has already been reach, # logging gets disabled. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 1048576 LogFileMaxSize 0 # Log time with each message. # Default: yes LogTime yes # Use the system logger (can work together with LogFile). # Default: disabled #LogSyslog yes # Type of syslog messages. # Please refer to 'man syslog' for the facility names. # Default: LOG_LOCAL4 #LogFacility # Enable verbose logging. # Default: disabled #LogVerbose yes # Rotate log file. Requires LogFileMaxSize option set prior to this option. # Default: no #LogRotate yes # Save the process ID to a file. # Default: disabled #PidFile /var/share/milter/clamav.pid # This option allows you to change the default temporary directory. # Default: disabled #TemporaryDirectory /tmp # Remove a stale socket after unclean shutdown # Default: yes FixStaleSocket yes # Maximum number of threads running at the same time. # Default: 10 MaxThreads 20 # Waiting for data from clamd will timeout after this time (seconds). # Default: 120 #ReadTimeout 300 # Don't fork into background. # Default: no #Foreground yes # Files/messages larger than this limit won't be scanned. Affects the input # file itself as well as files contained inside it (when the input file is # an archive, a document or some other kind of container). # The value of 0 disables the limit. # WARNING: disabling this limit or setting it too high may result in severe # damage to the system. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # Default: 26214400 #MaxFileSize 25M # Define the clamd socket to connect to for scanning. # This option is mandatory! Syntax: # ClamdSocket unix:path # ClamdSocket tcp:host:port # The first syntax specifies a local unix socket (needs an absolute path) e.g.: # ClamdSocket unix:/var/share/clamav/clamd.socket # The second syntax specifies a tcp local or remote tcp socket: the # host can be a hostname or an ip address; the ":port" field is only required # for IPv6 addresses, otherwise it defaults to 3310 # ClamdSocket tcp:192.168.0.1 # This option can be repeated several times with different sockets or even # with the same socket: clamd servers will be selected in a round-robin fashion. # Default: disabled ClamdSocket unix:/var/share/clamav/clamd.sock # Define the interface through which we communicate with sendmail. # This option is mandatory! Possible formats are: # [[unix|local]:]/path/to/file - to specify a unix domain socket; # inet:port@[hostname|ip-address] - to specify an ipv4 socket; # inet6:port@[hostname|ip-address] - to specify an ipv6 socket. # Default: disabled MilterSocket /var/share/milter/clamav.sock #MilterSocket inet:7357 # Sets the permissions on the (unix) milter socket to the specified mode. # Default: 600 #MilterSocketMode # Messages originating from these hosts/networks will not be scanned # This option takes a host(name)/mask pair in CIRD notation and can be # repeated several times. If "/mask" is omitted, a host is assumed. # To specify a locally originated, non-smtp, email use the keyword "local". # Default: disabled #LocalNet local #LocalNet 192.168.0.0/24 #LocalNet 1111:2222:3333::/48 # Action to be performed on clean messages (mostly useful for testing). # The following actions are available: # Accept: Tells the MTA, that this filter thinks it is OK to accept the # message for delivery # Reject: immediately reject the message (return a 5xx error to the peer) # Defer: message should not be accepted for delivery and a temporary failure # message (4xx) should be sent to the peer (try again later) # Blackhole: Tells the MTA that it should discard the message but let the # peer think, that it has been accepted for delivery # Quarantine: Tells the MTA, that it should quarantine the message. # What this actually means for the MTA is implementation dependend. E.g. # sendmail will inform the peer, that the message has been accepted for # delivery and adds a 'quarantined' tag to the message. So the message will # be kept in the MTA's mail queue until the mail administrator actually # tells sendmail, whether it is [not] OK to deliver the message to its # final recipient (use 'mailq -qQClamAV' to list ClamAV quanrantined # messages or 'sendmail -qQClamAV -Q' to mark them as OK for delivery). # Default: Accept #OnClean Accept # Action to be performed on clean messages (mostly useful for testing). # The following actions are available: # Accept, Reject, Defer, Blackhole, Quarantine (see OnClean) # Default: Reject #OnInfected Reject # Action to be performed on error conditions (this includes failure to # allocate data structures, no scanners available, network timeouts, unknown # scanner replies and the like. # The following actions are available: # Accept, Reject and Defer (see OnClean) # Default: Defer #OnFail Defer # This option allows you to set a specific rejection reason for infected messages # and it's therefore only useful together with "OnInfected Reject" # The string "%v", if present, will be replaced with the virus name. # Default: disabled RejectMsg Virus found (%v) # If not disabled, an "X-Milter" header will be append to each processed # message, which contains the milter name and version, the hostname and the # result of the scan. # Default: disabled AddHeader Yes # When AddHeader is in use, this option allows you to set the reported # hostname. This may be desirable in order to avoid leaking internal names. # If unset the real machine name is used. # Default: disabled #ReportHostname my.mail.server.name # Execute a command when an infected message is processed. # The following parameters are passed to the invoked program in this order: # virus name, queue id, sender, destination, subject, message id, message date. # Note #1: this requires MTA macros to be available (see LogInfected below) # Note #2: the process is invoked in the context of clamav-milter # Note #3: clamav-milter will wait for the process to exit. Be quick or fork to # avoid unnecessary delays in email delivery # Default: disabled #VirusAction /usr/local/bin/my_infected_message_handler # Chroot to the specified directory. # Chrooting is performed just after reading the config file and before # dropping privileges. # Default: disabled #Chroot /newroot # This option specifies a file which contains a list of basic POSIX regular # expressions. Addresses (sent to or from - see below) matching these regexes # will not be scanned. Optionally each line can start with the string "From:" # or "To:" (note: no whitespace after the colon) indicating if it is, # respectively, the sender or recipient that is to be allowed. # If the field is missing, "To:" is assumed. # Lines starting with #, : or ! are ignored. # Default: disabled #Whitelist /etc/clamav/allowed_addresses # Messages from authenticated SMTP users matching this extended POSIX # regular expression (egrep-like) will not be scanned. # As an alternative, a file containing a plain (not regex) list of names (one # per line) can be specified using the prefix "file:". # e.g. SkipAuthenticated file:/etc/clamav/good_guys # # Note: this is the AUTH login name! # Default: disabled #SkipAuthenticated SkipAuthenticated ^(tom|dick|henry)$ # This option allows you to tune what is logged when a message is infected. # Possible values are # Off - nothing is logged (the default). # Basic - minimal, better parsable info is logged. # Full - verbose info is logged. It is usually not very helpful and may just # bloats your logs with possible faked information (in this version the # values of the email headers 'Subject:', 'Message-ID:', 'From:'). # Note: # For this to work properly in sendmail, make sure the msg_id, mail_addr, # rcpt_addr and i macroes are available in eom. In other words add a line like: # Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i # to your .cf file. # Alternatively use the macro: # define(`confMILTER_MACROS_EOM', `{msg_id}, # {mail_addr}, {rcpt_addr}, i') # Postfix should be working fine with the default settings. # Default: Basic LogInfected Basic # This option allows you to tune what is logged when no threat is found in a scanned message. # See LogInfected for possible values and caveats. # Useful in debugging but drastically increases the log size. # Default: disabled #LogClean Basic # This option affects the behaviour of LogInfected, LogClean and VirusAction # when a message with multiple recipients is scanned: # If SupportMultipleRecipients is off (the default): the log entry generated for # the message contains the last reported recipient, only. In case the message # is determined to be malicious, the command indicated by VirusAction is # executed for the last reported recipient, only. # If SupportMultipleRecipients is on: the contains all reported recipients of # the message in the 'to=' field and the command indicated by VirusAction is # also executed once but gets passed a comma separated list of all recipients # in the 4th arg. # # Note: although it's probably a good idea to enable this option, the default # value is currently set to off for legacy reasons. # Default: no SupportMultipleRecipients yes # If this option is enabled AND LogInfected is set to 'Basic', the argument of # the [E]HELO command sent will be logged as well. # Default: yes LogInfoHelo yes # If this option is enabled AND LogInfected is set to 'Basic', the email # sending hostname and its IP will be logged as well (sendmail macro '_'). # This info is in the sendmail log available as well, however, correlating # the milter log against sendmail log may take much more time and ressources # than just logging it here directly. # Default: yes LogInfoRemoteHost yes