etc/clamd.conf
468b9e48
 ##
63a3322d
 ## Example config file for the Clam AV daemon
09b431f0
 ## Please read the clamd.conf(5) manual before editing this file.
468b9e48
 ##
e89a361a
 
468b9e48
 
 # Comment or remove the line below.
 Example
 
 # Uncomment this option to enable logging.
511eef51
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
468b9e48
 #LogFile /tmp/clamd.log
 
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
511eef51
 # the daemon with --config-file option).
 # This option disables log file locking.
5c4d94a9
 # Default: no
 #LogFileUnlock yes
468b9e48
 
511eef51
 # Maximal size of the log file.
468b9e48
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers.
511eef51
 # Default: 1M
468b9e48
 #LogFileMaxSize 2M
 
511eef51
 # Log time with each message.
5c4d94a9
 # Default: no
 #LogTime yes
468b9e48
 
511eef51
 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
5c4d94a9
 # Default: no
 #LogClean yes
50099661
 
468b9e48
 # Use system logger (can work together with LogFile).
5c4d94a9
 # Default: no
 #LogSyslog yes
468b9e48
 
096e5bbd
 # Specify the type of syslog messages - please refer to 'man syslog'
511eef51
 # for facility names.
 # Default: LOG_LOCAL6
096e5bbd
 #LogFacility LOG_MAIL
 
468b9e48
 # Enable verbose logging.
5c4d94a9
 # Default: no
 #LogVerbose yes
468b9e48
 
511eef51
 # This option allows you to save a process identifier of the listening
468b9e48
 # daemon (main thread).
511eef51
 # Default: disabled
468b9e48
 #PidFile /var/run/clamd.pid
 
50099661
 # Optional path to the global temporary directory.
511eef51
 # Default: system specific (usually /tmp or /var/tmp).
50099661
 #TemporaryDirectory /var/tmp
 
0d98d74c
 # Path to the database directory.
511eef51
 # Default: hardcoded (depends on installation options)
0d98d74c
 #DatabaseDirectory /var/lib/clamav
e89a361a
 
511eef51
 # The daemon works in a local OR a network mode. Due to security reasons we
 # recommend the local mode.
468b9e48
 
511eef51
 # Path to a local socket file the daemon will listen on.
5c4d94a9
 # Default: disabled (must be specified by a user)
468b9e48
 LocalSocket /tmp/clamd
 
c6259ac5
 # Remove stale socket after unclean shutdown.
5c4d94a9
 # Default: no
 #FixStaleSocket yes
4cd4319e
 
a0faaedf
 # TCP port address.
5c4d94a9
 # Default: no
a0faaedf
 #TCPSocket 3310
 
4cd4319e
 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
32a2b908
 # Enable the following to provide some degree of protection
4cd4319e
 # from the outside world.
5c4d94a9
 # Default: no
4cd4319e
 #TCPAddr 127.0.0.1
c6259ac5
 
468b9e48
 # Maximum length the queue of pending connections may grow to.
511eef51
 # Default: 15
468b9e48
 #MaxConnectionQueueLength 30
 
166069c2
 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.
 
 # Close the connection when the data size limit is exceeded.
1a2b50f4
 # The value should match your MTA's limit for a maximal attachment size.
511eef51
 # Default: 10M
 #StreamMaxLength 20M
468b9e48
 
166069c2
 # Limit port range.
 # Default: 1024
 #StreamMinPort 30000
bf22198b
 # Default: 2048
166069c2
 #StreamMaxPort 32000
 
511eef51
 # Maximal number of threads running at the same time.
 # Default: 10
 #MaxThreads 20
468b9e48
 
3520af97
 # Waiting for data from a client socket will timeout after this time (seconds).
511eef51
 # Value of 0 disables the timeout.
 # Default: 120
3520af97
 #ReadTimeout 300
468b9e48
 
a0231a19
 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
 #IdleTimeout 60
 
511eef51
 # Maximal depth directories are scanned at.
 # Default: 15
 #MaxDirectoryRecursion 20
468b9e48
 
511eef51
 # Follow directory symlinks.
5c4d94a9
 # Default: no
 #FollowDirectorySymlinks yes
468b9e48
 
 # Follow regular file symlinks.
5c4d94a9
 # Default: no
 #FollowFileSymlinks yes
468b9e48
 
511eef51
 # Perform internal sanity check (database integrity and freshness).
 # Default: 1800 (30 min)
468b9e48
 #SelfCheck 600
 
511eef51
 # Execute a command when virus is found. In the command string %v will
 # be replaced by a virus name.
5c4d94a9
 # Default: no
9b9ea0ba
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
c72178a4
 
511eef51
 # Run as a selected user (clamd must be started by root).
5c4d94a9
 # Default: don't drop privileges
468b9e48
 #User clamav
 
511eef51
 # Initialize supplementary group access (clamd must be started by root).
5c4d94a9
 # Default: no
 #AllowSupplementaryGroups no
468b9e48
 
82c6c5ed
 # Stop daemon when libclamav reports out of memory condition.
5c4d94a9
 #ExitOnOOM yes
df4a42fe
 
511eef51
 # Don't fork into background.
5c4d94a9
 # Default: no
 #Foreground yes
468b9e48
 
c72178a4
 # Enable debug messages in libclamav.
5c4d94a9
 # Default: no
 #Debug yes
c72178a4
 
3506c157
 # Do not remove temporary files (for debug purposes).
5c4d94a9
 # Default: no
 #LeaveTemporaryFiles yes
511eef51
 
95345f70
 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to provide accurate detection. This option
 # controls the algorithmic detection.
 # Default: yes
f32c9757
 #AlgorithmicDetection yes
95345f70
 
c2484690
 ##
 ## Executable files
 ##
 
 # PE stands for Portable Executable - it's an executable file format used
 # in all 32-bit versions of Windows operating systems. This option allows
 # ClamAV to perform a deeper analysis of executable files and it's also
511eef51
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite.
5c4d94a9
 # Default: yes
 #ScanPE yes
c2484690
 
f8355d13
 # With this option clamav will try to detect broken executables and mark
 # them as Broken.Executable
5c4d94a9
 # Default: no
 #DetectBrokenExecutables yes
f8355d13
 
 
468b9e48
 ##
c2484690
 ## Documents
c561d2a3
 ##
 
 # This option enables scanning of Microsoft Office document macros.
5c4d94a9
 # Default: yes
 #ScanOLE2 yes
c561d2a3
 
 ##
c2484690
 ## Mail files
468b9e48
 ##
 
94da957a
 # Enable internal e-mail scanner.
5c4d94a9
 # Default: yes
 #ScanMail yes
94da957a
 
 # If an email contains URLs ClamAV can download and scan them.
 # WARNING: This option may open your system to a DoS attack.
 #	   Never use it on loaded servers.
5c4d94a9
 # Default: no
 #MailFollowURLs no
94da957a
 
a099da26
 # With this option enabled ClamAV will try to detect phishing attempts (using signatures).
8eec8ae5
 # Default: yes
 #DetectPhishing yes
468b9e48
 
1ddad067
 # Use phishing detection for all domains (not just those listed in the .pdb database).
a099da26
 # It is not recommended to turn this option on, it is mean for internal use.
 # (available in experimental builds only)
 # Default: no
1ddad067
 #PhishingStrictURLCheck no
a099da26
 
 # Scan urls found in mails for phishing attempts.
 # (available in experimental builds only) 
 # Default: yes
8a9f02f4
 #PhishingScanURLs yes
a099da26
 
468b9e48
 ##
c2484690
 ## HTML
2fe19b26
 ##
 
511eef51
 # Perform HTML normalisation and decryption of MS Script Encoder code.
5c4d94a9
 # Default: yes
 #ScanHTML yes
2fe19b26
 
94da957a
 
2fe19b26
 ##
c2484690
 ## Archives
468b9e48
 ##
 
511eef51
 # ClamAV can scan within archives and compressed files.
5c4d94a9
 # Default: yes
 #ScanArchive yes
89e1684e
 
511eef51
 # The options below protect your system against Denial of Service attacks
 # using archive bombs.
468b9e48
 
 # Files in archives larger than this limit won't be scanned.
 # Value of 0 disables the limit.
511eef51
 # Default: 10M
 #ArchiveMaxFileSize 15M
 
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deep the process should be continued.
468b9e48
 # Value of 0 disables the limit.
6761e1ee
 # Default: 8
5c4d94a9
 #ArchiveMaxRecursion 10
468b9e48
 
511eef51
 # Number of files to be scanned within an archive.
468b9e48
 # Value of 0 disables the limit.
511eef51
 # Default: 1000
 #ArchiveMaxFiles 1500
468b9e48
 
511eef51
 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
 # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
 # Value of 0 disables the limit.
 # Default: 250
 #ArchiveMaxCompressionRatio 300
cf899a29
 
511eef51
 # Use slower but memory efficient decompression algorithm.
 # only affects the bzip2 decompressor.
5c4d94a9
 # Default: no
 #ArchiveLimitMemoryUsage yes
468b9e48
 
5aad82e2
 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
5c4d94a9
 # Default: no
 #ArchiveBlockEncrypted no
510c466b
 
a43d2099
 # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
 # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
 # reached.
5c4d94a9
 # Default: no
 #ArchiveBlockMax no
728f8802
 
a94c6905
 # Enable support for Sensory Networks' NodalCore hardware accelerator.
 # Default: no
7def75f3
 #NodalCoreAcceleration yes
a94c6905
 
510c466b
 
468b9e48
 ##
 ## Clamuko settings
 ## WARNING: This is experimental software. It is very likely it will hang
728f8802
 ##	    up your system!!!
468b9e48
 ##
 
 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
5c4d94a9
 # Default: no
 #ClamukoScanOnAccess yes
468b9e48
 
 # Set access mask for Clamuko.
5c4d94a9
 # Default: no
 #ClamukoScanOnOpen yes
 #ClamukoScanOnClose yes
 #ClamukoScanOnExec yes
468b9e48
 
 # Set the include paths (all files in them will be scanned). You can have
511eef51
 # multiple ClamukoIncludePath directives but each directory must be added
 # in a seperate line.
 # Default: disabled
 #ClamukoIncludePath /home
468b9e48
 #ClamukoIncludePath /students
 
 # Set the exclude paths. All subdirectories are also excluded.
511eef51
 # Default: disabled
5c4d94a9
 #ClamukoExcludePath /home/bofh
468b9e48
 
511eef51
 # Don't scan files larger than ClamukoMaxFileSize
 # Value of 0 disables the limit.
 # Default: 5M
 #ClamukoMaxFileSize 10M