| 28e73e95 |
##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
## |
| 96b02502 |
|
| 28e73e95 |
# Comment or remove the line below.
Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
#LogFile /tmp/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock
# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
#LogFileMaxSize 2M
# Log time with an each message.
#LogTime
|
| ee039e40 |
# Log also clean files. May be useful in debugging but will drastically
# increase the log size.
#LogClean
|
| 28e73e95 |
# Use system logger (can work together with LogFile).
#LogSyslog
|
| c695dab4 |
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names. Default is LOG_LOCAL6.
#LogFacility LOG_MAIL
|
| 28e73e95 |
# Enable verbose logging.
#LogVerbose
# This option allows you to save the process identifier of the listening
# daemon (main thread).
#PidFile /var/run/clamd.pid
|
| ee039e40 |
# Optional path to the global temporary directory.
# Default is system specific - usually /var/tmp or /tmp.
#TemporaryDirectory /var/tmp
|
| 95d401c4 |
# Path to the database directory. |
| 28e73e95 |
# Default is the hardcoded directory (mostly /usr/local/share/clamav, |
| 95d401c4 |
# but it depends on installation options).
#DatabaseDirectory /var/lib/clamav |
| 96b02502 |
|
| 28e73e95 |
# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.
# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /tmp/clamd
|
| 049a18b9 |
# Remove stale socket after unclean shutdown. |
| eff5a283 |
#FixStaleSocket |
| 8139fd99 |
|
| 5def21ff |
# TCP port address.
#TCPSocket 3310
|
| 8139fd99 |
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
#TCPAddr 127.0.0.1 |
| 049a18b9 |
|
| 28e73e95 |
# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30
# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
#StreamSaveToDisk
# Close the connection if this limit is exceeded.
#StreamMaxLength 10M
# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10
|
| 7390dfcd |
# Waiting for data from a client socket will timeout after this time (seconds).
# Default is 120. Value of 0 disables the timeout.
#ReadTimeout 300 |
| 28e73e95 |
# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15
# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
#FollowDirectorySymlinks
# Follow regular file symlinks.
#FollowFileSymlinks
# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
#SelfCheck 600
|
| 9cb8aa62 |
# Execute a command when a virus is found. In the command string %v will
# be replaced by the virus name. |
| 0249f9d2 |
# |
| 9cb8aa62 |
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" |
| 0249f9d2 |
|
| 28e73e95 |
# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
#User clamav
# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups
# Don't fork into background. Useful in debugging.
#Foreground
|
| 0249f9d2 |
# Enable debug messages in libclamav.
#Debug
|
| 590135f9 |
# Do not remove temporary files (for debug purposes).
#LeaveTemporaryFiles
|
| a9082ea2 |
##
## Executable files
##
# PE stands for Portable Executable - it's an executable file format used
# in all 32-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX.
ScanPE
|
| 28e73e95 |
## |
| a9082ea2 |
## Documents |
| 47bbbc56 |
##
# This option enables scanning of Microsoft Office document macros. |
| fb787a06 |
ScanOLE2 |
| 47bbbc56 |
## |
| a9082ea2 |
## Mail files |
| 28e73e95 |
##
|
| 888f5794 |
# Uncomment this option if you are going to scan mail files. |
| 28e73e95 |
#ScanMail
## |
| a9082ea2 |
## HTML |
| 888f5794 |
##
# This option enables HTML detection and normalisation. It's highly
# recommended and required to detect popular exploits.
ScanHTML
## |
| a9082ea2 |
## Archives |
| 28e73e95 |
##
# Comment this line to disable scanning of the archives.
ScanArchive
|
| 8139fd99 |
|
| 5def21ff |
# By default the built-in RAR unpacker is disabled by default because the code |
| 8139fd99 |
# terribly leaks, however it's probably a good idea to enable it.
#ScanRAR
|
| 28e73e95 |
# Options below protect your system against Denial of Service attacks
# with archive bombs.
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
# archives are decompressed to the memory. That's why never disable
# this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M
# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.
ArchiveMaxRecursion 5
# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000
|
| a6945b5d |
# Mark potential archive bombs as viruses (0 disables the limit)
ArchiveMaxCompressionRatio 200
|
| 28e73e95 |
# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage
|
| fb787a06 |
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). |
| 5484e03c |
#ArchiveBlockEncrypted |
| 0f34221a |
|
| 28e73e95 |
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system !!!
##
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. |
| 2b278a02 |
#ClamukoScanOnAccess |
| 28e73e95 |
# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded.
#ClamukoExcludePath /home/guru
# Limit the file size to be scanned (probably you don't want to scan your movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M
# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
ClamukoScanArchive |