112
125
\fBTCPSocket NUMBER\fR
113
126
TCP port number the daemon will listen on.
117
130
\fBTCPAddr STRING\fR
118
TCP socket address to bind to. By default clamd binds to INADDR_ANY.
131
By default clamd binds to INADDR_ANY.
133
This option allows you to restrict the TCP address and provide some degree of protection from the outside world. This option can be specified multiple times in order to listen on multiple IPs. IPv6 is now supported.
122
137
\fBMaxConnectionQueueLength NUMBER\fR
123
138
Maximum length the queue of pending connections may grow to.
142
\fBStreamMaxLength SIZE\fR
143
Close the STREAM session when the data size limit is exceeded.
145
The value should match your MTA's limit for the maximum attachment size.
149
\fBStreamMinPort NUMBER\fR
150
The STREAM command uses an FTP-like protocol.
152
This option sets the lower boundary for the port range.
156
\fBStreamMaxPort NUMBER\fR
157
This option sets the upper boundary for the port range.
127
161
\fBMaxThreads NUMBER\fR
128
162
Maximum number of threads running at the same time.
193
229
\fBSelfCheck NUMBER\fR
194
Perform a database check.
230
This option specifies the time intervals (in seconds) in which clamd
231
should perform a database check.
198
235
\fBVirusEvent COMMAND\fR
199
Execute COMMAND when a virus is found. In the command string %v will be replaced with the virus name.
236
Execute a command when a virus is found. In the command string %v will be
237
replaced with the virus name. Additionally, two environment variables will
238
be defined: $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME.
204
243
\fBExitOnOOM BOOL\fR
205
244
Stop daemon when libclamav reports out of memory condition.
210
Run as another user (clamd must be started by root to make this option working).
214
\fBAllowSupplementaryGroups BOOL\fR
215
Initialize supplementary group access (clamd must be started by root).
248
\fBAllowAllMatchScan BOOL\fR
249
Permit use of the ALLMATCHSCAN command.
219
253
\fBForeground BOOL\fR
220
254
Don't fork into background.
225
259
Enable debug messages from libclamav.
227
263
\fBLeaveTemporaryFiles BOOL\fR
228
Do not remove temporary files (for debug purpose).
232
\fBStreamMaxLength SIZE\fR
233
Clamd uses FTP\-like protocol to receive data from remote clients. If you are using clamav\-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximum attachment size.
237
\fBStreamMinPort NUMBER\fR
238
Limit data port range.
242
\fBStreamMaxPort NUMBER\fR
243
Limit data port range.
264
Do not remove temporary files (for debugging purpose).
269
Run the daemon as a specified user (the process must be started by root).
273
\fBAllowSupplementaryGroups BOOL\fR
274
Initialize a supplementary group access (the process must be started by root).
247
278
\fBBytecode BOOL\fR
248
279
With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses.
252
283
\fBBytecodeSecurity STRING\fR
253
Set bytecode security level. Possible values: \fBTrustSigned\fR: trust bytecode loaded from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from other sources, \fBParanoid\fR: don't trust any bytecode, insert runtime checks for all. The recommended setting is \fBTrustSigned\fR, because bytecode in .cvd files already has safety checks inserted into it.
284
Set bytecode security level.
290
\fBTrustSigned\fR \- trust bytecode loaded from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from other sources,
292
\fBParanoid\fR \- don't trust any bytecode, insert runtime checks for all.
295
Recommended: \fBTrustSigned\fR, because bytecode in .cvd files already has these checks.
255
297
Default: TrustSigned
257
\fBBytecodeUnsigned BOOL\fR
258
Allow loading bytecode from outside digitally signed .c[lv]d files.
262
301
\fBBytecodeTimeout NUMBER\fR
263
302
Set bytecode timeout in milliseconds.
306
\fBBytecodeUnsigned BOOL\fR
307
Allow loading bytecode from outside digitally signed .c[lv]d files.
311
\fBBytecodeMode STRING\fR
312
Set bytecode execution mode.
318
\fBAuto\fR \- automatically choose JIT if possible, fallback to interpreter
320
\fBForceJIT\fR \- always choose JIT, fail if not possible
322
\fBForceIntepreter\fR \- always choose interpreter
324
\fBTest\fR \- run with both JIT and interpreter and compare results. Make all failures fatal.
267
331
\fBDetectPUA BOOL\fR
268
332
Detect Possibly Unwanted Applications.
441
Perform HTML/JavaScript/ScriptEncoder normalisation and decryption.
443
If you turn off this option, the original files will still be scanned, but without additional processing.
448
This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.
450
If you turn off this option, the original files will still be scanned, but without additional processing.
454
\fBOLE2BlockMacros BOOL\fR
455
With this option enabled OLE2 files with VBA macros, which were not detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
460
This option enables scanning within PDF files.
462
If you turn off this option, the original files will still be scanned, but without additional processing.
467
This option enables scanning within SWF files.
469
If you turn off this option, the original files will still be scanned, but without decoding and additional processing.
385
473
\fBScanArchive BOOL\fR
386
Enable archive scanning.
474
Scan within archives and compressed files.
476
If you turn off this option, the original files will still be scanned, but without unpacking and additional processing.
480
\fBArchiveBlockEncrypted BOOL\fR
481
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
486
This option causes memory or nested map scans to dump the content to disk.
488
If you turn on this option, more data is written to disk and is available when the leave-temps option is enabled at the cost of more disk writes.
390
492
\fBArchiveMaxFileSize (OBSOLETE)\fR
391
493
\fBWARNING:\fR This option is no longer accepted. See \fBMaxFileSize\fR and \fBMaxScanSize\fR.
431
528
Number of files to be scanned within an archive, a document, or any other kind of container. \fBWarning: disabling this limit or setting it too high may result in severe damage to the system.\fR
435
\fBClamukoScanOnAccess BOOL\fR
436
Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
440
\fBClamukoScannerCount NUMBER\fR
441
The number of scanner threads that will be started (DazukoFS only). Having multiple scanner threads allows Clamuko to serve multiple processes simultaneously. This is particularly beneficial on SMP machines.
445
\fBClamukoScanOnOpen BOOL\fR
450
\fBClamukoScanOnClose BOOL\fR
455
\fBClamukoScanOnExec BOOL\fR
456
Scan files on execute.
460
\fBClamukoIncludePath STRING\fR
461
Set the include paths (all files and directories inside them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
465
\fBClamukoExcludePath STRING\fR
466
Set the exclude paths. All subdirectories will also be excluded.
469
\fBClamukoExcludeUID NUMBER\fR
470
With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files. This option can be used multiple times (one per line).
474
\fBClamukoMaxFileSize SIZE\fR
475
Ignore files larger than SIZE.
532
\fBMaxEmbeddedPE SIZE\fR
533
This option sets the maximum size of a file to check for embedded PE.
535
Files larger than this value will skip the additional analysis step.
537
Negative values are not allowed.
541
\fBMaxHTMLNormalize SIZE\fR
542
This option sets the maximum size of a HTML file to normalize.
544
HTML files larger than this value will not be normalized or scanned.
546
Negative values are not allowed.
550
\fBMaxHTMLNoTags SIZE\fR
551
This option sets the maximum size of a normalized HTML file to scan.
553
HTML files larger than this value after normalization will not be scanned.
555
Negative values are not allowed.
559
\fBMaxScriptNormalize SIZE\fR
560
This option sets the maximum size of a script file to normalize.
562
Script content larger than this value will not be normalized or scanned.
564
Negative values are not allowed.
568
\fBMaxZipTypeRcg SIZE\fR
569
This option sets the maximum size of a ZIP file to reanalyze type recognition.
571
ZIP files larger than this value will skip the step to potentially reanalyze as PE.
573
Negative values are not allowed.
575
WARNING: setting this limit too high may result in severe damage or impact performance.
579
\fBMaxPartitions SIZE\fR
580
This option sets the maximum number of partitions of a raw disk image to be scanned.
582
Raw disk images with more partitions than this value will have up to the value partitions scanned.
584
Negative values are not allowed.
586
WARNING: setting this limit too high may result in severe damage or impact performance.
590
\fBMaxIconsPE SIZE\fR
591
This option sets the maximum number of icons within a PE to be scanned.
593
PE files with more icons than this value will have up to the value number icons scanned.
595
Negative values are not allowed.
597
WARNING: setting this limit too high may result in severe damage or impact performance.
601
\fBClamukoScanOnAccess (OBSOLETE)\fR
602
\fBWARNING:\fR This option is no longer accepted. See \fBScanOnAccess\fR.
604
\fBClamukoScannerCount (OBSOLETE)\fR
605
\fBWARNING:\fR This option is no longer accepted.
607
\fBClamukoScanOnOpen (OBSOLETE)\fR
608
\fBWARNING:\fR This option is no longer accepted.
610
\fBClamukoScanOnClose (OBSOLETE)\fR
611
\fBWARNING:\fR This option is no longer accepted.
613
\fBClamukoScanOnExec (OBSOLETE)\fR
614
\fBWARNING:\fR This option is no longer accepted.
616
\fBClamukoIncludePath (OBSOLETE)\fR
617
\fBWARNING:\fR This option is no longer accepted. See \fBOnAccessIncludePath\fR.
619
\fBClamukoExcludePath (OBSOLETE)\fR
620
\fBWARNING:\fR This option is no longer accepted. See \fBOnAccessExcludePath\fR.
622
\fBClamukoExcludeUID (OBSOLETE)\fR
623
\fBWARNING:\fR This option is no longer accepted. See \fBOnAccessExcludeUID\fR.
625
\fBClamukoMaxFileSize (OBSOLETE)\fR
626
\fBWARNING:\fR This option is no longer accepted. See \fBOnAccessMaxFileSize\fR.
628
\fBScanOnAccess BOOL\fR
629
This option enables on-access scanning (Linux only)
633
\fBOnAccessIncludePath STRING\fR
634
This option specifies a directory (including all files and directories inside it), which should be scanned on access. This option can be used multiple times.
638
\fBOnAccessExcludePath STRING\fR
639
This option allows excluding directories from on-access scanning. It can be used multiple times.
643
\fBOnAccessExcludeUID NUMBER\fR
644
With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files.
646
This option can be used multiple times (one per line).
650
\fBOnAccessMaxFileSize SIZE\fR
651
Files larger than this value will not be scanned in on access.
655
\fBDisableCertCheck BOOL\fR
656
Disable authenticode certificate chain verification in PE files.
660
\fBStatsEnabled BOOL\fR
661
Enable submission of statistical data
665
\fBStatsHostID STRING\fR
666
HostID in the form of an UUID to use when submitting statistical information.
670
\fBStatsPEDisabled BOOL\fR
671
Disable submission of PE section statistical data.
675
\fBStatsTimeout NUMBER\fR
676
Timeout in seconds to timeout communication with the stats server.
480
681
All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum.
483
684
@CFGDIR@/clamd.conf
486
Tomasz Kojm <tkojm@clamav.net>
687
Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
489
690
clamd(8), clamdscan(1), clamav-milter(8), freshclam(1), freshclam.conf(5)