a0faaedf |
.\" Manual page created by Tomasz Kojm, 20021001. |
5aad82e2 |
.TH "clamav.conf" "5" "March 14, 2004" "Tomasz Kojm" "Clam AntiVirus" |
468b9e48 |
.SH "NAME"
.LP |
a0faaedf |
\fBclamav.conf\fR \- a configuration file for Clam AntiVirus Daemon |
468b9e48 |
.SH "DESCRIPTION"
.LP |
a0faaedf |
clamav.conf configures the Clam AntiVirus daemon, clamd(8). |
468b9e48 |
.SH "FILE FORMAT" |
a0faaedf |
The file consists of comments and options with optional arguments. Each line that starts with a hash (\fB#\fR) symbol is ignored. Option names are case sensitive and of the form \fBOption Argument\fR. There are a few types of arguments: |
468b9e48 |
.TP
\fBSTRING\fR |
a0faaedf |
String without blank characters. |
468b9e48 |
.TP
\fBSIZE\fR |
a0faaedf |
Size in bytes. You can use the 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes. |
468b9e48 |
.TP
\fBNUMBER\fR
Unsigned integer. |
c72178a4 |
.SH "DIRECTIVES" |
468b9e48 |
.LP |
a0faaedf |
If some option is not used (hashed or doesn't exist in the configuration file), clamd takes a default action. |
468b9e48 |
.TP
\fBExample\fR |
a0faaedf |
If this option is set clamd will not run. |
468b9e48 |
.TP
\fBLogFile STRING\fR |
a0faaedf |
Enable logging to selected file. |
468b9e48 |
.br
Default: disabled.
.TP
\fBLogFileUnlock\fR |
a0faaedf |
Disable a system lock that protects against running clamd with a same configuration multiple times. |
468b9e48 |
.br
Default: disabled.
.TP
\fBLogFileMaxSize SIZE\fR |
a0faaedf |
Limit a size of a log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit. |
468b9e48 |
.br
Default: 1M
.TP
\fBLogTime\fR |
a0faaedf |
Log time with each message. |
468b9e48 |
.br |
1f301ecc |
Default: disabled. |
468b9e48 |
.TP |
5aad82e2 |
\fBLogClean\fR
Log clean files.
.br
Default: disabled.
.TP |
468b9e48 |
\fBLogSyslog\fR
Use system logger (can work together with LogFile).
.br
Default: disabled.
.TP |
5aad82e2 |
\fBLogVerbose\fR
Enable verbose logging.
.br
Default: disabled.
.TP |
468b9e48 |
\fBPidFile STRING\fR |
a0faaedf |
Save a process identifier of a listening daemon (main thread) to a specified file. |
468b9e48 |
.br
Default: disabled.
.TP |
5aad82e2 |
\fBDatabaseDirectory STRING\fR |
a0faaedf |
Path to a directory containing database files. |
468b9e48 |
.br
Default: hardcoded directory.
.TP
\fBLocalSocket STRING\fR |
a0faaedf |
Path to a local (Unix) socket the daemon will listen on.
.br
Default: disabled.
.TP
\fBFixStaleSocket\fR
Remove stale socket after unclean shutdown. |
468b9e48 |
.br
Default: disabled.
.TP
\fBTCPSocket NUMBER\fR
TCP port number the daemon will listen on.
.br
Default: disabled.
.TP |
a0faaedf |
\fBTCPAddr STRING\fR
TCP address to bind to. By default clamd binds to INADDR_ANY.
.br
Default: disabled.
.TP |
468b9e48 |
\fBMaxConnectionQueueLength NUMBER\fR
Maximum length the queue of pending connections may grow to.
.br
Default: 15
.TP
\fBMaxThreads NUMBER\fR |
a0faaedf |
Maximal number of threads running at the same time. |
468b9e48 |
.br
Default: 5.
.TP
\fBThreadTimeout NUMBER\fR
Stop thread\-scanner after specified time (in seconds). Value of 0 disables the timeout.
.br
Default: 180
.TP
\fBMaxDirectoryRecursion NUMBER\fR |
a0faaedf |
Maximal depth a directories are scanned at. |
468b9e48 |
.br
Default: disabled.
.TP
\fBFollowDirectorySymlinks\fR
Follow a directory symlinks. You should have enabled directory recursion limit to avoid a potential problems.
.br
Default: disabled.
.TP
\fBFollowFileSymlinks\fR |
a0faaedf |
Follow regular file symlinks. |
468b9e48 |
.br
Default: disabled.
.TP
\fBSelfCheck NUMBER\fR |
a0faaedf |
Do internal checks every NUMBER seconds. |
468b9e48 |
.br
Default: 3600
.TP |
c72178a4 |
\fBVirusEvent COMMAND\fR |
a0faaedf |
Execute the COMMAND when virus is found. In the command string %v and %f will be replaced by a virus name and an infected file name respectively.
\fBSECURITY WARNING: Make sure the virus event command cannot be exploited eg. by using some special file name when %f is in use. Always use a full path to the command. Never delete/move files with this directive ! |
c72178a4 |
\fR
.br
Default: disabled.
.TP |
468b9e48 |
\fBUser STRING\fR |
a0faaedf |
Drop priviledges to a selected user. |
468b9e48 |
.br
Default: disabled.
.TP
\fBAllowSupplementaryGroups\fR
When started by root and the User option is activated, it will initialize all the groups from /etc/group for which user is a member.
.br
Default: disabled.
.TP
\fBForeground\fR
Don't fork into background. Useful in debugging.
.br
Default: disabled.
.TP |
a0faaedf |
\fBDebug\fR
Enable debug messages from libclamav. You need to enable the \fBForeground\fR option to see them.
.TP |
468b9e48 |
\fBStreamSaveToDisk\fR |
a0faaedf |
When activated the input stream (see STREAM command) will be saved to disk before scanning \- this allows scanning within archives. |
468b9e48 |
.br
Default: disabled.
.TP
\fBStreamMaxLength SIZE\fR |
a0faaedf |
Close the connection when this limit is exceeded. |
468b9e48 |
.br
Default: disabled. |
a0faaedf |
.TP |
5aad82e2 |
\fBScanOLE2\fR
Enables scanning of Microsoft Office document macros.
.br
Default: enabled.
.TP |
468b9e48 |
\fBScanMail\fR |
a0faaedf |
Enable scanning of Mbox, Maildir and raw mail files. |
468b9e48 |
.br
Default: disabled.
.TP
\fBScanArchive\fR
Enable archive scanning.
.br
Default: disabled.
.TP |
a0faaedf |
\fBScanRAR\fR
The built\-in RAR unpacker is disabled by default because the code leaks.
.br
Default: disabled.
.TP |
468b9e48 |
\fBArchiveMaxFileSize SIZE\fR
Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.
.br
Default: 10M
.TP
\fBArchiveMaxRecursion NUMBER\fR
Limit archive recursion level. Value of 0 disables the limit.
.br
Default: 5
.TP
\fBArchiveMaxFiles NUMBER\fR
Number of files to be scanned within archive. Value of 0 disables the limit.
.br
Default: 1000
.TP |
5aad82e2 |
\fBArchiveMaxCompressionRatio NUMBER\fR
Analyze compression ratio and mark potential archive bombs as viruses (0 disables the limit).
.br
Default: 200
.TP |
468b9e48 |
\fBArchiveLimitMemoryUsage\fR
Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
.br
Default: disabled
.TP |
8373a9b0 |
\fBArchiveBlockEncrypted\fR |
5aad82e2 |
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
.br
Default: disabled
.TP |
468b9e48 |
\fBClamukoScanOnLine\fR
Enable Clamuko \- on\-access scanner for Linux. Dazuko must be already running.
.br
Default: disabled.
.TP
\fBClamukoScanOnOpen\fR
Scan a file on open.
.br
Default: disabled.
.TP
\fBClamukoScanOnClose\fR
Scan a file on close.
.br
Default: disabled.
.TP
\fBClamukoScanOnExec\fR
Scan a file on execute.
.br
Default: disabled.
.TP
\fBClamukoIncludePath STRING\fR |
a0faaedf |
Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath options but each directory must be added with a seperate option. |
468b9e48 |
.br
Default: disabled. Required.
.TP
\fBClamukoExcludePath\fR
Set the exclude paths. All subdirectories are also excluded.
.br
Default: disabled.
.TP
\fBClamukoMaxFileSize SIZE\fR
Don't scan files larger than SIZE.
.br
Default: 5M
.TP
\fBClamukoScanArchive\fR
Enable archive scanning. It uses ArchiveMax* limits.
.br
Default: disabled.
.SH "FILES"
.LP
/etc/clamav.conf
.br
/usr/local/etc/clamav.conf
.SH "AUTHOR"
.LP |
a0faaedf |
Tomasz Kojm <tkojm@clamav.net> |
468b9e48 |
.SH "SEE ALSO"
.LP |
a0faaedf |
clamd(8), clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamav\-milter(8) |