1.1.1
by Stephen Gran
Import upstream version 0.87 |
1 |
##
|
2 |
## Example config file for the Clam AV daemon
|
|
3 |
## Please read the clamd.conf(5) manual before editing this file.
|
|
4 |
##
|
|
5 |
||
6 |
||
7 |
# Comment or remove the line below.
|
|
8 |
Example
|
|
9 |
||
10 |
# Uncomment this option to enable logging.
|
|
11 |
# LogFile must be writable for the user running daemon.
|
|
12 |
# A full path is required.
|
|
13 |
# Default: disabled
|
|
4
by Stephen Gran
* New upstream release |
14 |
#LogFile /tmp/clamd.log
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
15 |
|
16 |
# By default the log file is locked for writing - the lock protects against
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
17 |
# running clamd multiple times (if want to run another clamd, please
|
18 |
# copy the configuration file, change the LogFile variable, and run
|
|
19 |
# the daemon with --config-file option).
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
20 |
# This option disables log file locking.
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
21 |
# Default: no
|
22 |
#LogFileUnlock yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
23 |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
24 |
# Maximum size of the log file.
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
25 |
# Value of 0 disables the limit.
|
26 |
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
|
|
27 |
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
|
|
28 |
# in bytes just don't use modifiers.
|
|
29 |
# Default: 1M
|
|
30 |
#LogFileMaxSize 2M
|
|
31 |
||
32 |
# Log time with each message.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
33 |
# Default: no
|
34 |
#LogTime yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
35 |
|
36 |
# Also log clean files. Useful in debugging but drastically increases the
|
|
37 |
# log size.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
38 |
# Default: no
|
39 |
#LogClean yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
40 |
|
41 |
# Use system logger (can work together with LogFile).
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
42 |
# Default: no
|
43 |
#LogSyslog yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
44 |
|
45 |
# Specify the type of syslog messages - please refer to 'man syslog'
|
|
46 |
# for facility names.
|
|
47 |
# Default: LOG_LOCAL6
|
|
48 |
#LogFacility LOG_MAIL
|
|
49 |
||
50 |
# Enable verbose logging.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
51 |
# Default: no
|
52 |
#LogVerbose yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
53 |
|
54 |
# This option allows you to save a process identifier of the listening
|
|
55 |
# daemon (main thread).
|
|
56 |
# Default: disabled
|
|
4
by Stephen Gran
* New upstream release |
57 |
#PidFile /var/run/clamd.pid
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
58 |
|
59 |
# Optional path to the global temporary directory.
|
|
60 |
# Default: system specific (usually /tmp or /var/tmp).
|
|
61 |
#TemporaryDirectory /var/tmp
|
|
62 |
||
63 |
# Path to the database directory.
|
|
64 |
# Default: hardcoded (depends on installation options)
|
|
65 |
#DatabaseDirectory /var/lib/clamav
|
|
66 |
||
67 |
# The daemon works in a local OR a network mode. Due to security reasons we
|
|
68 |
# recommend the local mode.
|
|
69 |
||
70 |
# Path to a local socket file the daemon will listen on.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
71 |
# Default: disabled (must be specified by a user)
|
4
by Stephen Gran
* New upstream release |
72 |
LocalSocket /tmp/clamd |
1.1.1
by Stephen Gran
Import upstream version 0.87 |
73 |
|
74 |
# Remove stale socket after unclean shutdown.
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
75 |
# Default: no
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
76 |
#FixStaleSocket yes
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
77 |
|
78 |
# TCP port address.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
79 |
# Default: no
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
80 |
#TCPSocket 3310
|
81 |
||
82 |
# TCP address.
|
|
83 |
# By default we bind to INADDR_ANY, probably not wise.
|
|
84 |
# Enable the following to provide some degree of protection
|
|
85 |
# from the outside world.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
86 |
# Default: no
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
87 |
#TCPAddr 127.0.0.1
|
88 |
||
89 |
# Maximum length the queue of pending connections may grow to.
|
|
90 |
# Default: 15
|
|
91 |
#MaxConnectionQueueLength 30
|
|
92 |
||
93 |
# Clamd uses FTP-like protocol to receive data from remote clients.
|
|
94 |
# If you are using clamav-milter to balance load between remote clamd daemons
|
|
95 |
# on firewall servers you may need to tune the options below.
|
|
96 |
||
97 |
# Close the connection when the data size limit is exceeded.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
98 |
# The value should match your MTA's limit for a maximum attachment size.
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
99 |
# Default: 10M
|
100 |
#StreamMaxLength 20M
|
|
101 |
||
102 |
# Limit port range.
|
|
103 |
# Default: 1024
|
|
104 |
#StreamMinPort 30000
|
|
105 |
# Default: 2048
|
|
106 |
#StreamMaxPort 32000
|
|
107 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
108 |
# Maximum number of threads running at the same time.
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
109 |
# Default: 10
|
110 |
#MaxThreads 20
|
|
111 |
||
112 |
# Waiting for data from a client socket will timeout after this time (seconds).
|
|
113 |
# Value of 0 disables the timeout.
|
|
114 |
# Default: 120
|
|
115 |
#ReadTimeout 300
|
|
116 |
||
117 |
# Waiting for a new job will timeout after this time (seconds).
|
|
118 |
# Default: 30
|
|
119 |
#IdleTimeout 60
|
|
120 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
121 |
# Maximum depth directories are scanned at.
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
122 |
# Default: 15
|
123 |
#MaxDirectoryRecursion 20
|
|
124 |
||
125 |
# Follow directory symlinks.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
126 |
# Default: no
|
127 |
#FollowDirectorySymlinks yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
128 |
|
129 |
# Follow regular file symlinks.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
130 |
# Default: no
|
131 |
#FollowFileSymlinks yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
132 |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
133 |
# Perform a database check.
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
134 |
# Default: 1800 (30 min)
|
135 |
#SelfCheck 600
|
|
136 |
||
137 |
# Execute a command when virus is found. In the command string %v will
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
138 |
# be replaced with the virus name.
|
139 |
# Default: no
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
140 |
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
|
141 |
||
0.7.1
by Kees Cook
Import upstream version 0.90 |
142 |
# Run as another user (clamd must be started by root to make this option
|
143 |
# working).
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
144 |
# Default: don't drop privileges
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
145 |
#User clamav
|
146 |
||
147 |
# Initialize supplementary group access (clamd must be started by root).
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
148 |
# Default: no
|
149 |
#AllowSupplementaryGroups no
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
150 |
|
151 |
# Stop daemon when libclamav reports out of memory condition.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
152 |
#ExitOnOOM yes
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
153 |
|
154 |
# Don't fork into background.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
155 |
# Default: no
|
156 |
#Foreground yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
157 |
|
158 |
# Enable debug messages in libclamav.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
159 |
# Default: no
|
160 |
#Debug yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
161 |
|
162 |
# Do not remove temporary files (for debug purposes).
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
163 |
# Default: no
|
164 |
#LeaveTemporaryFiles yes
|
|
165 |
||
166 |
# In some cases (eg. complex malware, exploits in graphic files, and others),
|
|
167 |
# ClamAV uses special algorithms to provide accurate detection. This option
|
|
168 |
# controls the algorithmic detection.
|
|
169 |
# Default: yes
|
|
170 |
#AlgorithmicDetection yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
171 |
|
172 |
##
|
|
173 |
## Executable files
|
|
174 |
##
|
|
175 |
||
176 |
# PE stands for Portable Executable - it's an executable file format used
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
177 |
# in all 32 and 64-bit versions of Windows operating systems. This option allows
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
178 |
# ClamAV to perform a deeper analysis of executable files and it's also
|
179 |
# required for decompression of popular executable packers such as UPX, FSG,
|
|
180 |
# and Petite.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
181 |
# Default: yes
|
182 |
#ScanPE yes
|
|
183 |
||
184 |
# Executable and Linking Format is a standard format for UN*X executables.
|
|
185 |
# This option allows you to control the scanning of ELF files.
|
|
186 |
# Default: yes
|
|
187 |
#ScanELF yes
|
|
188 |
||
189 |
# With this option clamav will try to detect broken executables (both PE and
|
|
190 |
# ELF) and mark them as Broken.Executable.
|
|
191 |
# Default: no
|
|
192 |
#DetectBrokenExecutables yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
193 |
|
194 |
||
195 |
##
|
|
196 |
## Documents
|
|
197 |
##
|
|
198 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
199 |
# This option enables scanning of OLE2 files, such as Microsoft Office
|
200 |
# documents and .msi files.
|
|
201 |
# Default: yes
|
|
202 |
#ScanOLE2 yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
203 |
|
204 |
##
|
|
205 |
## Mail files
|
|
206 |
##
|
|
207 |
||
208 |
# Enable internal e-mail scanner.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
209 |
# Default: yes
|
210 |
#ScanMail yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
211 |
|
212 |
# If an email contains URLs ClamAV can download and scan them.
|
|
213 |
# WARNING: This option may open your system to a DoS attack.
|
|
214 |
# Never use it on loaded servers.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
215 |
# Default: no
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
216 |
#MailFollowURLs no
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
217 |
|
0.5.1
by Kees Cook
Import upstream version 0.88.7 |
218 |
# Recursion level limit for the mail scanner.
|
219 |
# Default: 64
|
|
220 |
#MailMaxRecursion 128
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
221 |
|
222 |
# With this option enabled ClamAV will try to detect phishing attempts by using
|
|
223 |
# signatures.
|
|
224 |
# Default: yes
|
|
225 |
#PhishingSignatures yes
|
|
226 |
||
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
227 |
|
228 |
# Scan urls found in mails for phishing attempts.
|
|
229 |
# (available in experimental builds only)
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
230 |
# Default: yes
|
231 |
#PhishingScanURLs yes
|
|
232 |
||
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
233 |
# Use phishing detection only for domains listed in the .pdb database. It is
|
234 |
# not recommended to have this option turned off, because scanning of all
|
|
235 |
# domains may lead to many false positives!
|
|
236 |
# (available in experimental builds only)
|
|
237 |
# Default: yes
|
|
238 |
#PhishingRestrictedScan yes
|
|
239 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
240 |
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
|
241 |
# This can lead to false positives.
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
242 |
# (available in experimental builds only)
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
243 |
#
|
244 |
# Default: no
|
|
245 |
#PhishingAlwaysBlockSSLMismatch no
|
|
246 |
||
247 |
# Always block cloaked URLs, even if URL isn't in database.
|
|
248 |
# This can lead to false positives.
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
249 |
# (available in experimental builds only)
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
250 |
#
|
251 |
# Default: no
|
|
252 |
#PhishingAlwaysBlockCloak no
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
253 |
|
254 |
##
|
|
255 |
## HTML
|
|
256 |
##
|
|
257 |
||
258 |
# Perform HTML normalisation and decryption of MS Script Encoder code.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
259 |
# Default: yes
|
260 |
#ScanHTML yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
261 |
|
262 |
||
263 |
##
|
|
264 |
## Archives
|
|
265 |
##
|
|
266 |
||
267 |
# ClamAV can scan within archives and compressed files.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
268 |
# Default: yes
|
269 |
#ScanArchive yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
270 |
|
271 |
# The options below protect your system against Denial of Service attacks
|
|
272 |
# using archive bombs.
|
|
273 |
||
274 |
# Files in archives larger than this limit won't be scanned.
|
|
275 |
# Value of 0 disables the limit.
|
|
276 |
# Default: 10M
|
|
277 |
#ArchiveMaxFileSize 15M
|
|
278 |
||
279 |
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
|
|
280 |
# file, all files within it will also be scanned. This options specifies how
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
281 |
# deeply the process should be continued.
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
282 |
# Value of 0 disables the limit.
|
283 |
# Default: 8
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
284 |
#ArchiveMaxRecursion 10
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
285 |
|
286 |
# Number of files to be scanned within an archive.
|
|
287 |
# Value of 0 disables the limit.
|
|
288 |
# Default: 1000
|
|
289 |
#ArchiveMaxFiles 1500
|
|
290 |
||
291 |
# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
|
|
292 |
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
|
|
293 |
# Value of 0 disables the limit.
|
|
294 |
# Default: 250
|
|
295 |
#ArchiveMaxCompressionRatio 300
|
|
296 |
||
297 |
# Use slower but memory efficient decompression algorithm.
|
|
298 |
# only affects the bzip2 decompressor.
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
299 |
# Default: no
|
300 |
#ArchiveLimitMemoryUsage yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
301 |
|
302 |
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
303 |
# Default: no
|
304 |
#ArchiveBlockEncrypted no
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
305 |
|
306 |
# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
|
|
307 |
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
|
|
308 |
# reached.
|
|
0.6.1
by Kees Cook
Import upstream version 0.90~rc3 |
309 |
# Default: no
|
310 |
#ArchiveBlockMax no
|
|
311 |
||
312 |
# Enable support for Sensory Networks' NodalCore hardware accelerator.
|
|
313 |
# Default: no
|
|
314 |
#NodalCoreAcceleration yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
315 |
|
316 |
||
317 |
##
|
|
318 |
## Clamuko settings
|
|
319 |
## WARNING: This is experimental software. It is very likely it will hang
|
|
320 |
## up your system!!!
|
|
321 |
##
|
|
322 |
||
323 |
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
324 |
# Default: no
|
325 |
#ClamukoScanOnAccess yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
326 |
|
327 |
# Set access mask for Clamuko.
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
328 |
# Default: no
|
329 |
#ClamukoScanOnOpen yes
|
|
330 |
#ClamukoScanOnClose yes
|
|
331 |
#ClamukoScanOnExec yes
|
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
332 |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
333 |
# Set the include paths (all files inside them will be scanned). You can have
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
334 |
# multiple ClamukoIncludePath directives but each directory must be added
|
335 |
# in a seperate line.
|
|
336 |
# Default: disabled
|
|
337 |
#ClamukoIncludePath /home
|
|
338 |
#ClamukoIncludePath /students
|
|
339 |
||
340 |
# Set the exclude paths. All subdirectories are also excluded.
|
|
341 |
# Default: disabled
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
342 |
#ClamukoExcludePath /home/bofh
|
1.1.1
by Stephen Gran
Import upstream version 0.87 |
343 |
|
344 |
# Don't scan files larger than ClamukoMaxFileSize
|
|
345 |
# Value of 0 disables the limit.
|
|
346 |
# Default: 5M
|
|
347 |
#ClamukoMaxFileSize 10M
|