| 4c237bcf |
## |
| aaee2d66 |
## Example config file for clamav-milter |
| 4c237bcf |
##
# Comment or remove the line below.
Example
##
## Main options
##
# Define the interface through which we communicate with sendmail
# This option is mandatory! Possible formats are:
# [[unix|local]:]/path/to/file - to specify a unix domain socket
# inet:port@[hostname|ip-address] - to specify an ipv4 socket
# inet6:port@[hostname|ip-address] - to specify an ipv6 socket |
| 3eb16511 |
#
# Default: no default |
| aaee2d66 |
#MilterSocket /tmp/clamav-milter.socket
#MilterSocket inet:7357 |
| 4c237bcf |
|
| e8f6878c |
# Define the group ownership for the (unix) milter socket.
# Default: disabled (the primary group of the user running clamd)
#MilterSocketGroup virusgroup
# Sets the permissions on the (unix) milter socket to the specified mode.
# Default: disabled (obey umask)
#MilterSocketMode 660
|
| 4c237bcf |
# Remove stale socket after unclean shutdown. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: yes |
| aaee2d66 |
#FixStaleSocket yes |
| 4c237bcf |
# Run as another user (clamav-milter must be started by root for this option to work) |
| 3eb16511 |
#
# Default: unset (don't drop privileges) |
| aaee2d66 |
#User clamav |
| 4c237bcf |
|
| b89efa06 |
# Initialize supplementary group access (clamav-milter must be started by root). |
| 3eb16511 |
# |
| 4c237bcf |
# Default: no |
| aaee2d66 |
#AllowSupplementaryGroups no |
| 4c237bcf |
# Waiting for data from clamd will timeout after this time (seconds).
# Value of 0 disables the timeout. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: 120 |
| aaee2d66 |
#ReadTimeout 300 |
| 4c237bcf |
# Don't fork into background. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: no |
| aaee2d66 |
#Foreground yes |
| 4c237bcf |
|
| f7203529 |
# Chroot to the specified directory.
# Chrooting is performed just after reading the config file and before dropping privileges. |
| 3eb16511 |
# |
| f7203529 |
# Default: unset (don't chroot) |
| aaee2d66 |
#Chroot /newroot |
| 3eb16511 |
|
| 87620def |
# This option allows you to save a process identifier of the listening
# daemon (main thread).
#
# Default: disabled |
| c38a2184 |
#PidFile /var/run/clamav-milter.pid |
| 87620def |
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#
#TemporaryDirectory /var/tmp |
| 4c237bcf |
##
## Clamd options
##
# Define the clamd socket to connect to for scanning.
# This option is mandatory! Syntax:
# ClamdSocket unix:path
# ClamdSocket tcp:host:port |
| a5c15138 |
# The first syntax specifies a local unix socket (needs an absolute path) e.g.: |
| 4c237bcf |
# ClamdSocket unix:/var/run/clamd/clamd.socket
# The second syntax specifies a tcp local or remote tcp socket: the
# host can be a hostname or an ip address; the ":port" field is only required |
| 3ba20396 |
# for IPv6 addresses, otherwise it defaults to 3310, e.g.: |
| 4c237bcf |
# ClamdSocket tcp:192.168.0.1
#
# This option can be repeated several times with different sockets or even
# with the same socket: clamd servers will be selected in a round-robin fashion.
#
# Default: no default |
| aaee2d66 |
#ClamdSocket tcp:scanner.mydomain:7357 |
| 4c237bcf |
## |
| 6840d862 |
## Exclusions
##
# Messages originating from these hosts/networks will not be scanned
# This option takes a host(name)/mask pair in CIRD notation and can be
# repeated several times. If "/mask" is omitted, a host is assumed.
# To specify a locally orignated, non-smtp, email use the keyword "local" |
| 3eb16511 |
# |
| f7203529 |
# Default: unset (scan everything regardless of the origin) |
| 6840d862 |
#LocalNet local
#LocalNet 192.168.0.0/24
#LocalNet 1111:2222:3333::/48
|
| 57aa0269 |
# This option specifies a file which contains a list of basic POSIX regular |
| 66ded5b8 |
# expressions. Addresses (sent to or from - see below) matching these regexes
# will not be scanned. Optionally each line can start with the string "From:"
# or "To:" (note: no whitespace after the colon) indicating if it is,
# respectively, the sender or recipient that is to be whitelisted.
# If the field is missing, "To:" is assumed.
# Lines starting with #, : or ! are ignored. |
| 3eb16511 |
#
# Default unset (no exclusion applied)
#Whitelist /etc/whitelisted_addresses
|
| 57aa0269 |
# Messages from authenticated SMTP users matching this extended POSIX
# regular expression (egrep-like) will not be scanned. |
| adf27b93 |
# As an alternative, a file containing a plain (not regex) list of names (one
# per line) can be specified using the prefix "file:".
# e.g. SkipAuthenticated file:/etc/good_guys
# |
| 57aa0269 |
# Note: this is the AUTH login name!
#
# Default: unset (no whitelisting based on SMTP auth)
#SkipAuthenticated ^(tom|dick|henry)$
|
| 3ba20396 |
# Messages larger than this value won't be scanned.
# Make sure this value is lower or equal than StreamMaxLength in clamd.conf
#
# Default: 25M
#MaxFileSize 10M
|
| 6840d862 |
## |
| e9747a42 |
## Actions
##
# The following group of options controls the delievery process under
# different circumstances.
# The following actions are available:
# - Accept
# The message is accepted for delievery
# - Reject
# Immediately refuse delievery (a 5xx error is returned to the peer)
# - Defer
# Return a temporary failure message (4xx) to the peer
# - Blackhole (not available for OnFail) |
| 3521624b |
# Like Accept but the message is sent to oblivion |
| e9747a42 |
# - Quarantine (not available for OnFail) |
| 3521624b |
# Like Accept but message is quarantined instead of being delivered
#
# NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ
# For Postfix this causes the message to be placed on hold |
| e9747a42 |
#
# Action to be performed on clean messages (mostly useful for testing) |
| 3ba20396 |
# Default: Accept |
| e9747a42 |
#OnClean Accept
# Action to be performed on infected messages
# Default: Quarantine
#OnInfected Quarantine
# Action to be performed on error conditions (this includes failure to
# allocate data structures, no scanners available, network timeouts,
# unknown scanner replies and the like) |
| 3ba20396 |
# Default: Defer |
| e9747a42 |
#OnFail Defer
|
| 943b2bf0 |
# This option allows to set a specific rejection reason for infected messages
# and it's therefore only useful together with "OnInfected Reject"
# The string "%v", if present, will be replaced with the virus name.
# Default: MTA specific
#RejectMsg
|
| 3521624b |
# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an
# "X-Virus-Status" headers will be attached to each processed message, possibly
# replacing existing headers.
# If it is set to Add, the X-Virus headers are added possibly on top of the
# existing ones.
# Note that while "Replace" can potentially break DKIM signatures, "Add" may
# confuse procmail and similar filters.
# Default: no
#AddHeader Replace |
| ce34c246 |
|
| b955dae4 |
# When AddHeader is in use, this option allows to arbitrary set the reported
# hostname. This may be desirable in order to avoid leaking internal names.
# If unset the real machine name is used.
# Default: disabled
#ReportHostname my.mail.server.name |
| ce34c246 |
|
| 33a62ad1 |
# Execute a command (possibly searching PATH) when an infected message is found. |
| cc957a9a |
# The following parameters are passed to the invoked program in this order:
# virus name, queue id, sender, destination, subject, message id, message date. |
| 33a62ad1 |
# Note #1: this requires MTA macroes to be available (see LogInfected below)
# Note #2: the process is invoked in the context of clamav-milter
# Note #3: clamav-milter will wait for the process to exit. Be quick or fork to
# avoid unnecessary delays in email delievery |
| cc957a9a |
# Default: disabled
#VirusAction /usr/local/bin/my_infected_message_handler
|
| e9747a42 |
## |
| 4c237bcf |
## Logging options
##
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: disabled |
| aaee2d66 |
#LogFile /tmp/clamav-milter.log |
| 4c237bcf |
# By default the log file is locked for writing - the lock protects against
# running clamav-milter multiple times.
# This option disables log file locking. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: no |
| aaee2d66 |
#LogFileUnlock yes |
| 4c237bcf |
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: 1M |
| aaee2d66 |
#LogFileMaxSize 2M |
| 4c237bcf |
# Log time with each message. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: no |
| aaee2d66 |
#LogTime yes |
| 4c237bcf |
# Use system logger (can work together with LogFile). |
| 3eb16511 |
# |
| 4c237bcf |
# Default: no |
| aaee2d66 |
#LogSyslog yes |
| 4c237bcf |
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: LOG_LOCAL6 |
| aaee2d66 |
#LogFacility LOG_MAIL |
| 4c237bcf |
# Enable verbose logging. |
| 3eb16511 |
# |
| 4c237bcf |
# Default: no |
| aaee2d66 |
#LogVerbose yes |
| 4c237bcf |
|
| 2a49102b |
# This option allows to tune what is logged when a message is infected.
# Possible values are Off (the default - nothing is logged),
# Basic (minimal info logged), Full (verbose info logged) |
| 4fa55e70 |
# Note:
# For this to work properly in sendmail, make sure the msg_id, mail_addr,
# rcpt_addr and i macroes are available in eom. In other words add a line like:
# Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i
# to your .cf file. Alternatively use the macro:
# define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
# Postfix should be working fine with the default settings. |
| 2a49102b |
#
# Default: disabled
#LogInfected Basic
|