33
31
_Description: User to run clamav-milter as:
34
32
It is recommended to run the ClamAV programs as a non-privileged user.
35
This will work with most MTAs with a little tweaking, but if you want to
36
use clamd for filesystem scans, running as root is probably unavoidable.
33
This will work with most MTAs with a little tweaking.
37
35
Please see README.Debian in the clamav-base package for details.
39
37
Template: clamav-milter/AddGroups
41
39
_Description: Groups for clamav-milter (space-separated):
42
40
By default, clamav-milter runs as a non-privileged user. If you need
43
clamav-milter to be able to access files owned by another user (e.g., in
44
combination with an MTA), then you will need to add clamav to the group for
45
that piece of software. Please see README.Debian in the clamav-base package for
41
clamav-milter to be able to access files owned by another user (for
42
instance when it is used in combination with an MTA), the user
43
running clamav-milter need to be added to the relevant group(s).
45
Please see README.Debian in the clamav-base package for
48
48
Template: clamav-milter/ReadTimeout
51
_Description: Waiting for data from clamd will timeout after this time (seconds):
52
Set to a value of '0' to disable the timeout.
51
_Description: Wait timeout for data coming from clamd:
52
Please enter the delay (in seconds) before clamav-milter times out when it is
53
waiting for incoming data from clamd.
55
Choosing "0" will disable this timeout.
54
57
Template: clamav-milter/Foreground
57
_Description: Stay in foreground (don't fork)?
60
_Description: Should clamav-milter stay in foreground (not forking)?
59
62
Template: clamav-milter/Chroot
61
64
_Description: Chroot to directory:
62
Chrooting is performed just after reading the config file and before dropping
63
privileges. An empty value means don't chroot.
65
Clamav-milter can run in a chroot jail. It will enter it after reading
66
the configuration file and before dropping root privileges.
68
If this field is left empty, no chrooting will occur.
65
70
Template: clamav-milter/PidFile
67
72
Default: /var/run/clamav/clamav-milter.pid
68
73
_Description: PID file:
69
This option allows you to save a process identifier of the listening daemon
74
Please specify the process identifier file location for clamav-milter's
75
listening daemon (main thread).
72
77
Template: clamav-milter/TemporaryDirectory
75
_Description: Optional path to the global temporary directory:
76
If unset, $TMPDIR and $TEMP will be honored.
80
_Description: Temporary directory path:
81
Please specify the directory for clamav-milter's temporary files.
82
If unset, $TMPDIR and $TEMP will be honored.
78
84
Template: clamav-milter/ClamdSocket
80
86
Default: unix:/var/run/clamav/clamd.ctl
81
_Description: Define the clamd socket to connect to for scanning:
82
To refer to a local unix socket using a absolute path, use unix:path (e.g.,
83
unix:/var/run/clamd/clamd.socket). A local or remote TCP socket is specified
84
using the tcp:host:port syntax. The host can be a hostname or an ip address;
85
the ":port" field is only required for IPv6 addresses, otherwise it defaults to
86
3310 (e.g., tcp:192.168.0.1).
87
_Description: Clamd socket to connect to for scanning:
88
Please specify the socket to use to connect to the ClamAV daemon for
89
scanning purposes. Possible choices are:
90
- a local unix socket using an absolute path, in "unix:path" format
91
(for example: unix:/var/run/clamd/clamd.socket);
92
- a local or remote TCP socket in "tcp:host:port" format (for example:
93
tcp:192.168.0.1). The "host" value can be either a hostname or an IP
94
address, and the "port" is only required for IPv6 addresses,
95
defaulting to 3310 otherwise.
88
This option can be repeated several times (separated by whitespace) with
89
different sockets or even with the same socket: clamd servers will be selected
90
in a round-robin fashion.
97
You may specify multiple choices, separated by spaces. In such case, the
98
clamd servers will be selected in a round-robin fashion.
92
100
Template: clamav-milter/LocalNet
94
_Description: Exclusions - IP ranges:
95
Messages originating from these hosts/networks will not be scanned. This
96
option takes a host(name)/mask pair in CIRD notation and can be repeated
97
several times (separated by whitespace). If "/mask" is omitted, a host is
98
assumed. To specify a locally originated, non-smtp, email use the keyword
102
_Description: Hosts excluded from scanning:
103
Please specify, in CIDR notation (host(name)/mask), the hosts for
104
which no scanning should be performed on incoming mail. Multiple entries
105
should be separated by spaces. The "local" shortcut can be used to
106
specify locally-originated (non-SMTP) email.
101
If unset, everything regardless of the origin is scanned.
108
If this field is left empty, all incoming mail will be scanned.
103
110
Template: clamav-milter/Whitelist
105
_Description: Exclusions - Regular expressions:
106
This option specifies a file which contains a list of POSIX regular
107
expressions. Addresses (sent to or from) matching these regexes will not be
108
scanned. Optionally each line can start with the string "From:" or "To:"
109
(note: no whitespace after the colon) indicating if it is, respectively, the
110
sender or recipient that is to be whitelisted. If the field is missing, "To:"
113
Lines in this file starting with #, : or ! are ignored.
115
Template: clamav-milter/OnClean
117
Choices: Accept, Reject, Defer, Blackhole, Quarantine
119
_Description: Action to be performed on clean messages (mostly useful for testing):
120
The following actions are available:
122
- Accept: The message is accepted for delievery
124
- Reject: Immediately refuse delievery (a 5xx error is returned to the peer)
126
- Defer: Return a temporary failure message (4xx) to the peer
128
- Blackhole (not available for OnFail): Like accept but the message is sent to
131
- Quarantine (not available for OnFail): Like accept but message is quarantined
132
instead of being delivered In sendmail the quarantine queue can be examined
133
via mailq -qQ For Postfix this causes the message to be accepted but placed
112
_Description: Mail addresses whitelist:
113
Please specify the path to a whitelist file, listing email addresses
114
that should cause scanning to be bypassed.
116
Each line in this file should be a POSIX regular expression; lines
117
starting with "#", ":" or "!" will be ignored as comments.
119
Lines may start with "From:" (with no space after the colon) to make
120
the whitelisting apply to matching sender addresses; otherwise, or
121
with a "To:" prefix, it affects recipient addresses.
136
123
Template: clamav-milter/OnInfected
138
Choices: Accept, Reject, Defer, Blackhole, Quarantine
125
__Choices: Accept, Reject, Defer, Blackhole, Quarantine
139
126
Default: Quarantine
140
_Description: Action to be performed on infected messages:
127
_Description: Action to perform on infected messages:
128
Please choose the action to perform on "infected" messages:
130
- Accept : accept the message for delivery;
131
- Reject : immediately refuse delivery (with a 5xx error);
132
- Defer : return a temporary failure message (4xx);
133
- Blackhole : accept the message then drop it;
134
- Quarantine: accept the message then quarantine it. With
135
Sendmail, the quarantine queue can be examined
136
with "mailq -qQ". With Postfix, such mails are placed
142
139
Template: clamav-milter/OnFail
144
Choices: Accept, Reject, Defer, Blackhole, Quarantine
141
__Choices: Accept, Reject, Defer
146
_Description: Action to be performed on error conditions:
147
This includes failure to allocate data structures, no scanners available,
148
network timeouts, unknown scanner replies and the like)
143
_Description: Action to perform on error conditions:
144
Please choose the action to perform on errors such as failure to
145
allocate data structures, no scanners available,
146
network timeouts, unknown scanner replies...:
148
- Accept: accept the message for delivery;
149
- Reject: immediately refuse delivery (with a 5xx error);
150
- Defer : return a temporary failure message (4xx).
150
152
Template: clamav-milter/RejectMsg
152
154
_Description: Specific rejection reason for infected messages:
153
It is only useful together with "OnInfected Reject". The string "%v", if
154
present, will be replaced with the virus name.
155
Please specify the rejection reason that will be included in reject mails.
157
This option is only useful together with "OnInfected Reject".
159
The "%v" string may be used to include the virus name.
156
161
Template: clamav-milter/AddHeader
163
__Choices: Replace, Yes, No, Add
159
165
_Description: Add headers to processed messages?
160
If adding headers is enabled, "X-Virus-Scanned" and "X-Virus-Status" headers
166
If you choose this option, "X-Virus-Scanned" and "X-Virus-Status" headers
161
167
will be attached to each processed message, possibly replacing existing
164
170
Template: clamav-milter/LogFile
167
_Description: Log to file:
168
LogFile must be writable for the user running daemon. A full path is required.
173
_Description: Log file for clamav-milter:
174
Specify the full path to the clamav-milter log file, which must be
175
writable for the clamav daemon.
170
Logging via syslog is configured independently of this entry.
177
Logging via syslog is configured independently of this setting.
172
179
Template: clamav-milter/LogFileUnlock
added
removed
debian/clamav-milter.templates
