## ## Example config file for the clamav-milter ## /* FIXME : NOT DONE YET */ Please read the clamav-milter.conf(5) manual before editing this file. ## # Comment or remove the line below. Example ## ## Main options ## # Define the interface through which we communicate with sendmail # This option is mandatory! Possible formats are: # [[unix|local]:]/path/to/file - to specify a unix domain socket # inet:port@[hostname|ip-address] - to specify an ipv4 socket # inet6:port@[hostname|ip-address] - to specify an ipv6 socket # # Default: no default ##MilterSocket /tmp/clamav-milter.socket ##MilterSocket inet:7357 # Remove stale socket after unclean shutdown. # # Default: yes ##FixStaleSocket yes # Maximum number of threads running at the same time. # # Default: 10 ##MaxThreads 20 # Run as another user (clamav-milter must be started by root for this option to work) # # Default: unset (don't drop privileges) ##User clamav # Initialize supplementary group access (clamd must be started by root). # # Default: no ##AllowSupplementaryGroups no # Waiting for data from clamd will timeout after this time (seconds). # Value of 0 disables the timeout. # # Default: 120 ##ReadTimeout 300 # Don't fork into background. # # Default: no ##Foreground yes # Chroot to the specified directory. # Chrooting is performed just after reading the config file and before dropping privileges. # # Default: unset (don't chroot) ##Chroot /newroot # This option allows you to save a process identifier of the listening # daemon (main thread). # # Default: disabled ##PidFile /var/run/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). # #TemporaryDirectory /var/tmp ## ## Clamd options ## # Define the clamd socket to connect to for scanning. # If not set (the default), clamav-milter uses internal mode. # This option is mandatory! Syntax: # ClamdSocket unix:path # ClamdSocket tcp:host:port # The first syntax specifies a local unix socket (needs an bsolute path) e.g.: # ClamdSocket unix:/var/run/clamd/clamd.socket # The second syntax specifies a tcp local or remote tcp socket: the # host can be a hostname or an ip address; the ":port" field is only required # for IPv6 addresses, otherwise it defaults to 3310 # ClamdSocket tcp:192.168.0.1 # # This option can be repeated several times with different sockets or even # with the same socket: clamd servers will be selected in a round-robin fashion. # # Default: no default ##ClamdSocket tcp:scanner.mydomain:7357 # WARNING: The following options are deprecated and may go away soon. # Please use ClamdSocket instead! # Default: disabled #LocalSocket #TCPSocket #TCPAddr ## ## Exclusions ## # Messages originating from these hosts/networks will not be scanned # This option takes a host(name)/mask pair in CIRD notation and can be # repeated several times. If "/mask" is omitted, a host is assumed. # To specify a locally orignated, non-smtp, email use the keyword "local" # # Default: unset (scan everything regardless of the origin) #LocalNet local #LocalNet 192.168.0.0/24 #LocalNet 1111:2222:3333::/48 # This option specifies a file which contains a list of POSIX regular # expressions. Addresses (sent to or from - see below) matching these regexes # will not be scanned. Optionally each line can start with the string "From:" # or "To:" (note: no whitespace after the colon) indicating if it is, # respectively, the sender or recipient that is to be whitelisted. # If the field is missing, "To:" is assumed. # Lines starting with #, : or ! are ignored. # # Default unset (no exclusion applied) #Whitelist /etc/whitelisted_addresses ## ## Actions ## # The following group of options controls the delievery process under # different circumstances. # The following actions are available: # - Accept # The message is accepted for delievery # - Reject # Immediately refuse delievery (a 5xx error is returned to the peer) # - Defer # Return a temporary failure message (4xx) to the peer # - Blackhole (not available for OnFail) # Like accept but the message is sent to oblivion # - Quarantine (not available for OnFail) # Like accept but message is quarantined instead of being deilievered # In sendmail the quarantine queue can be examined via mailq -qQ # For Postfix this causes the message to be accepted but placed on hold # # Action to be performed on clean messages (mostly useful for testing) # Default Accept #OnClean Accept # Action to be performed on infected messages # Default: Quarantine #OnInfected Quarantine # Action to be performed on error conditions (this includes failure to # allocate data structures, no scanners available, network timeouts, # unknown scanner replies and the like) # Default Defer #OnFail Defer # If this option is set to Yes, an "X-Virus-Scanned" and an "X-Virus-Status" # headers will be attached to each processed message, possibly replacing # existing headers. # Default: No #AddHeader Yes ## ## Logging options ## # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # # Default: disabled ##LogFile /tmp/clamav-milter.log # By default the log file is locked for writing - the lock protects against # running clamav-milter multiple times. # This option disables log file locking. # # Default: no ##LogFileUnlock yes # Maximum size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. # # Default: 1M ##LogFileMaxSize 2M # Log time with each message. # # Default: no ##LogTime yes # Use system logger (can work together with LogFile). # # Default: no ##LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # # Default: LOG_LOCAL6 ##LogFacility LOG_MAIL # Enable verbose logging. # # Default: no ##LogVerbose yes ## ## Limits ## # Messages larger than this value won't be scanned. # Default: 25M ##MaxFileSize 150M # WARNING: The following two options are deprecated and may go away soon. # Please use MaxFile size instead! # For compatibility reasons the minimum value among MaxFileSize, # MaxScanSize and StreamMaxLength will be used. #MaxScanSize #StreamMaxLength ## ## Deprecated options ## # The following deprecated options are only kept for compatibility # reaosns and may go away soon. These do not affect clamav-milter # in any way, except for a small warning emitted on startup. #ArchiveBlockEncrypted #DatabaseDirectory #Debug #DetectBrokenExecutables #LeaveTemporaryFiles #MailFollowURLs #MaxRecursion #MaxFiles #PhishingSignatures #ScanArchive #ScanHTML #ScanMail #ScanOLE2 #ScanPE #Todo ##-C --chroot #-D --debug ##-i --pidfile ##-I --ignore ##-W --whitelist-file #Deprecated switches #-a --from #-H --headers #-x --debug-level #-b --bounce #-B --broadcast #-f --force-scan #-e --external #-k --blacklist-time #-K --dont-blacklist #-l --local #-M --freshclam-monitor #-o --outgoing #-p --postmaster #-P --postmaster-only #-q --quiet #-r --report-phish #-R --report-phish-false-positives #-s --sign #-F --signature-file #-m --max-children #--dont-wait #--dont-sanitise #-t --template-file #--template-headers #-T --timeout #-L --detect-forged-local-address #--sendmail-cf #--black-hole-mode #--server #Reworked ##-A --advisory ##-d --dont-scan-on-error ##-n --noxheader ##-N --noreject ##-Q --quarantine ##-U, --quarantine-dir