4c237bcf |
##
## Example config file for the clamav-milter
## /* FIXME : NOT DONE YET */ Please read the clamav-milter.conf(5) manual before editing this file.
##
# Comment or remove the line below.
Example
##
## Main options
##
# Define the interface through which we communicate with sendmail
# This option is mandatory! Possible formats are:
# [[unix|local]:]/path/to/file - to specify a unix domain socket
# inet:port@[hostname|ip-address] - to specify an ipv4 socket
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket |
3eb16511 |
#
# Default: no default |
4c237bcf |
##MilterSocket /tmp/clamav-milter.socket
##MilterSocket inet:7357
# Remove stale socket after unclean shutdown. |
3eb16511 |
# |
4c237bcf |
# Default: yes |
d5a65a34 |
##FixStaleSocket yes |
4c237bcf |
# Maximum number of threads running at the same time. |
3eb16511 |
# |
4c237bcf |
# Default: 10
##MaxThreads 20
# Run as another user (clamav-milter must be started by root for this option to work) |
3eb16511 |
#
# Default: unset (don't drop privileges) |
4c237bcf |
##User clamav
# Initialize supplementary group access (clamd must be started by root). |
3eb16511 |
# |
4c237bcf |
# Default: no
##AllowSupplementaryGroups no
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout. |
3eb16511 |
# |
4c237bcf |
# Default: 120
##ReadTimeout 300
# Don't fork into background. |
3eb16511 |
# |
4c237bcf |
# Default: no
##Foreground yes
|
f7203529 |
# Chroot to the specified directory.
# Chrooting is performed just after reading the config file and before dropping privileges. |
3eb16511 |
# |
f7203529 |
# Default: unset (don't chroot) |
3eb16511 |
##Chroot /newroot
|
87620def |
# This option allows you to save a process identifier of the listening
# daemon (main thread).
#
# Default: disabled
##PidFile /var/run/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#
#TemporaryDirectory /var/tmp |
4c237bcf |
##
## Clamd options
##
# Define the clamd socket to connect to for scanning.
# If not set (the default), clamav-milter uses internal mode.
# This option is mandatory! Syntax:
# ClamdSocket unix:path
# ClamdSocket tcp:host:port
# The first syntax specifies a local unix socket (needs an bsolute path) e.g.:
# ClamdSocket unix:/var/run/clamd/clamd.socket
# The second syntax specifies a tcp local or remote tcp socket: the
# host can be a hostname or an ip address; the ":port" field is only required
# for IPv6 addresses, otherwise it defaults to 3310
# ClamdSocket tcp:192.168.0.1
#
# This option can be repeated several times with different sockets or even
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default
##ClamdSocket tcp:scanner.mydomain:7357
# WARNING: The following options are deprecated and may go away soon.
# Please use ClamdSocket instead!
# Default: disabled
#LocalSocket
#TCPSocket
#TCPAddr
## |
6840d862 |
## Exclusions
##
# Messages originating from these hosts/networks will not be scanned
# This option takes a host(name)/mask pair in CIRD notation and can be
# repeated several times. If "/mask" is omitted, a host is assumed.
# To specify a locally orignated, non-smtp, email use the keyword "local" |
3eb16511 |
# |
f7203529 |
# Default: unset (scan everything regardless of the origin) |
6840d862 |
#LocalNet local
#LocalNet 192.168.0.0/24
#LocalNet 1111:2222:3333::/48
|
66ded5b8 |
# This option specifies a file which contains a list of POSIX regular
# expressions. Addresses (sent to or from - see below) matching these regexes
# will not be scanned. Optionally each line can start with the string "From:"
# or "To:" (note: no whitespace after the colon) indicating if it is,
# respectively, the sender or recipient that is to be whitelisted.
# If the field is missing, "To:" is assumed.
# Lines starting with #, : or ! are ignored. |
3eb16511 |
#
# Default unset (no exclusion applied)
#Whitelist /etc/whitelisted_addresses
|
6840d862 |
## |
e9747a42 |
## Actions
##
# The following group of options controls the delievery process under
# different circumstances.
# The following actions are available:
# - Accept
# The message is accepted for delievery
# - Reject
# Immediately refuse delievery (a 5xx error is returned to the peer)
# - Defer
# Return a temporary failure message (4xx) to the peer
# - Blackhole (not available for OnFail)
# Like accept but the message is sent to oblivion
# - Quarantine (not available for OnFail)
# Like accept but message is quarantined instead of being deilievered |
ce34c246 |
# In sendmail the quarantine queue can be examined via mailq -qQ
# For Postfix this causes the message to be accepted but placed on hold |
e9747a42 |
#
# Action to be performed on clean messages (mostly useful for testing)
# Default Accept
#OnClean Accept
# Action to be performed on infected messages
# Default: Quarantine
#OnInfected Quarantine
# Action to be performed on error conditions (this includes failure to
# allocate data structures, no scanners available, network timeouts,
# unknown scanner replies and the like)
# Default Defer
#OnFail Defer
|
ce34c246 |
# If this option is set to Yes, an "X-Virus-Scanned" and an "X-Virus-Status"
# headers will be attached to each processed message, possibly replacing
# existing headers.
# Default: No
#AddHeader Yes
|
e9747a42 |
## |
4c237bcf |
## Logging options
##
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required. |
3eb16511 |
# |
4c237bcf |
# Default: disabled
##LogFile /tmp/clamav-milter.log
# By default the log file is locked for writing - the lock protects against
# running clamav-milter multiple times.
# This option disables log file locking. |
3eb16511 |
# |
4c237bcf |
# Default: no
##LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers. |
3eb16511 |
# |
4c237bcf |
# Default: 1M
##LogFileMaxSize 2M
# Log time with each message. |
3eb16511 |
# |
4c237bcf |
# Default: no
##LogTime yes
# Use system logger (can work together with LogFile). |
3eb16511 |
# |
4c237bcf |
# Default: no
##LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names. |
3eb16511 |
# |
4c237bcf |
# Default: LOG_LOCAL6
##LogFacility LOG_MAIL
# Enable verbose logging. |
3eb16511 |
# |
4c237bcf |
# Default: no
##LogVerbose yes
##
## Limits
##
|
87620def |
# Messages larger than this value won't be scanned. |
4c237bcf |
# Default: 25M
##MaxFileSize 150M
# WARNING: The following two options are deprecated and may go away soon.
# Please use MaxFile size instead!
# For compatibility reasons the minimum value among MaxFileSize,
# MaxScanSize and StreamMaxLength will be used.
#MaxScanSize
#StreamMaxLength
##
## Deprecated options
##
# The following deprecated options are only kept for compatibility
# reaosns and may go away soon. These do not affect clamav-milter
# in any way, except for a small warning emitted on startup.
#ArchiveBlockEncrypted
#DatabaseDirectory
#Debug
#DetectBrokenExecutables
#LeaveTemporaryFiles
#MailFollowURLs
#MaxRecursion
#MaxFiles
#PhishingSignatures
#ScanArchive
#ScanHTML
#ScanMail
#ScanOLE2
#ScanPE
|
d5a65a34 |
#Todo |
3eb16511 |
##-C --chroot |
d5a65a34 |
#-D --debug |
87620def |
##-i --pidfile |
e9747a42 |
##-I --ignore |
66ded5b8 |
##-W --whitelist-file |
d5a65a34 |
#Deprecated switches
#-a --from
#-H --headers
#-x --debug-level
#-b --bounce
#-B --broadcast
#-f --force-scan
#-e --external
#-k --blacklist-time
#-K --dont-blacklist
#-l --local
#-M --freshclam-monitor
#-o --outgoing
#-p --postmaster
#-P --postmaster-only
#-q --quiet
#-r --report-phish
#-R --report-phish-false-positives
#-s --sign
#-F --signature-file
#-m --max-children
#--dont-wait
#--dont-sanitise
#-t --template-file
#--template-headers
#-T --timeout
#-L --detect-forged-local-address
#--sendmail-cf
#--black-hole-mode
#--server
#Reworked |
ce34c246 |
##-A --advisory
##-d --dont-scan-on-error
##-n --noxheader
##-N --noreject
##-Q --quarantine
##-U, --quarantine-dir |