~ubuntu-branches/ubuntu/feisty/clamav/feisty

##

## Example config file for the Clam AV daemon

## Please read the clamd.conf(5) manual before editing this file.

##

# Comment or remove the line below.

Example

# Uncomment this option to enable logging.

# LogFile must be writable for the user running daemon.

# A full path is required.

# Default: disabled

#LogFile /tmp/clamd.log

# By default the log file is locked for writing - the lock protects against

# running clamd multiple times (if want to run another clamd, please

# copy the configuration file, change the LogFile variable, and run

# the daemon with --config-file option).

# This option disables log file locking.

# Default: no

#LogFileUnlock yes

# Maximum size of the log file.

# Value of 0 disables the limit.

# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)

# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size

# in bytes just don't use modifiers.

# Default: 1M

#LogFileMaxSize 2M

# Log time with each message.

# Default: no

#LogTime yes

# Also log clean files. Useful in debugging but drastically increases the

# log size.

# Default: no

#LogClean yes

# Use system logger (can work together with LogFile).

# Default: no

#LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'

# for facility names.

# Default: LOG_LOCAL6

#LogFacility LOG_MAIL

# Enable verbose logging.

# Default: no

#LogVerbose yes

# This option allows you to save a process identifier of the listening

# daemon (main thread).

# Default: disabled

#PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.

# Default: system specific (usually /tmp or /var/tmp).

#TemporaryDirectory /var/tmp

# Path to the database directory.

# Default: hardcoded (depends on installation options)

#DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we

# recommend the local mode.

# Path to a local socket file the daemon will listen on.

# Default: disabled (must be specified by a user)

LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.

# Default: no

#FixStaleSocket yes

# TCP port address.

# Default: no

#TCPSocket 3310

# TCP address.

# By default we bind to INADDR_ANY, probably not wise.

# Enable the following to provide some degree of protection

# from the outside world.

# Default: no

#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.

# Default: 15

#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.

# If you are using clamav-milter to balance load between remote clamd daemons

# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.

# The value should match your MTA's limit for a maximum attachment size.

# Default: 10M

#StreamMaxLength 20M

# Limit port range.

# Default: 1024

#StreamMinPort 30000

# Default: 2048

#StreamMaxPort 32000

# Maximum number of threads running at the same time.

# Default: 10

#MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).

# Value of 0 disables the timeout.

# Default: 120

#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).

# Default: 30

#IdleTimeout 60

# Maximum depth directories are scanned at.

# Default: 15

#MaxDirectoryRecursion 20

# Follow directory symlinks.

# Default: no

#FollowDirectorySymlinks yes

# Follow regular file symlinks.

# Default: no

#FollowFileSymlinks yes

# Perform a database check.

# Default: 1800 (30 min)

#SelfCheck 600

# Execute a command when virus is found. In the command string %v will

# be replaced with the virus name.

# Default: no

#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as another user (clamd must be started by root to make this option

# working).

# Default: don't drop privileges

#User clamav

# Initialize supplementary group access (clamd must be started by root).

# Default: no

#AllowSupplementaryGroups no

# Stop daemon when libclamav reports out of memory condition.

#ExitOnOOM yes

# Don't fork into background.

# Default: no

#Foreground yes

# Enable debug messages in libclamav.

# Default: no

#Debug yes

# Do not remove temporary files (for debug purposes).

# Default: no

#LeaveTemporaryFiles yes

# In some cases (eg. complex malware, exploits in graphic files, and others),

# ClamAV uses special algorithms to provide accurate detection. This option

# controls the algorithmic detection.

# Default: yes

#AlgorithmicDetection yes

##

## Executable files

##

# PE stands for Portable Executable - it's an executable file format used

# in all 32 and 64-bit versions of Windows operating systems. This option allows

# ClamAV to perform a deeper analysis of executable files and it's also

# required for decompression of popular executable packers such as UPX, FSG,

# and Petite.

# Default: yes

#ScanPE yes

# Executable and Linking Format is a standard format for UN*X executables.

# This option allows you to control the scanning of ELF files.

# Default: yes

#ScanELF yes

# With this option clamav will try to detect broken executables (both PE and

# ELF) and mark them as Broken.Executable.

# Default: no

#DetectBrokenExecutables yes

##

## Documents

##

# This option enables scanning of OLE2 files, such as Microsoft Office

# documents and .msi files.

# Default: yes

#ScanOLE2 yes

##

## Mail files

##

# Enable internal e-mail scanner.

# Default: yes

#ScanMail yes

# If an email contains URLs ClamAV can download and scan them.

# WARNING: This option may open your system to a DoS attack.

#	   Never use it on loaded servers.

# Default: no

#MailFollowURLs no

# Recursion level limit for the mail scanner.

# Default: 64

#MailMaxRecursion 128

# With this option enabled ClamAV will try to detect phishing attempts by using

# signatures.

# Default: yes

#PhishingSignatures yes

# Scan urls found in mails for phishing attempts.

# (available in experimental builds only) 

# Default: yes

#PhishingScanURLs yes

# Use phishing detection only for domains listed in the .pdb database. It is

# not recommended to have this option turned off, because scanning of all

# domains may lead to many false positives!

# (available in experimental builds only)

# Default: yes

#PhishingRestrictedScan yes

# Always block SSL mismatches in URLs, even if the URL isn't in the database.

# This can lead to false positives.

# (available in experimental builds only)

#

# Default: no

#PhishingAlwaysBlockSSLMismatch no

# Always block cloaked URLs, even if URL isn't in database.

# This can lead to false positives.

# (available in experimental builds only)

#

# Default: no

#PhishingAlwaysBlockCloak no

##

## HTML

##

# Perform HTML normalisation and decryption of MS Script Encoder code.

# Default: yes

#ScanHTML yes

##

## Archives

##

# ClamAV can scan within archives and compressed files.

# Default: yes

#ScanArchive yes

# The options below protect your system against Denial of Service attacks

# using archive bombs.

# Files in archives larger than this limit won't be scanned.

# Value of 0 disables the limit.

# Default: 10M

#ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR

# file, all files within it will also be scanned. This options specifies how

# deeply the process should be continued.

# Value of 0 disables the limit.

# Default: 8

#ArchiveMaxRecursion 10

# Number of files to be scanned within an archive.

# Value of 0 disables the limit.

# Default: 1000

#ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio

# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)

# Value of 0 disables the limit.

# Default: 250

#ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.

# only affects the bzip2 decompressor.

# Default: no

#ArchiveLimitMemoryUsage yes

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

# Default: no

#ArchiveBlockEncrypted no

# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)

# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is

# reached.

# Default: no

#ArchiveBlockMax no

# Enable support for Sensory Networks' NodalCore hardware accelerator.

# Default: no

#NodalCoreAcceleration yes

##

## Clamuko settings

## WARNING: This is experimental software. It is very likely it will hang

##	    up your system!!!

##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.

# Default: no

#ClamukoScanOnAccess yes

# Set access mask for Clamuko.

# Default: no

#ClamukoScanOnOpen yes

#ClamukoScanOnClose yes

#ClamukoScanOnExec yes

# Set the include paths (all files inside them will be scanned). You can have

# multiple ClamukoIncludePath directives but each directory must be added

# in a seperate line.

# Default: disabled

#ClamukoIncludePath /home

#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.

# Default: disabled

#ClamukoExcludePath /home/bofh

# Don't scan files larger than ClamukoMaxFileSize

# Value of 0 disables the limit.

# Default: 5M

#ClamukoMaxFileSize 10M