1. clamav-devel
  2. clamav-devel
  3. docs
  4. man
  5. clamav.conf.5
Raw Blame History 
.\" Manual page created by Tomasz Kojm, 20021001.
.TH "clamav.conf" "5" "August 18, 2004" "Tomasz Kojm" "Clam AntiVirus"
.SH "NAME"
.LP 
\fBclamav.conf\fR \- a configuration file for Clam AntiVirus Daemon
.SH "DESCRIPTION"
.LP 
clamav.conf configures the Clam AntiVirus daemon, clamd(8).
.SH "FILE FORMAT"
The file consists of comments and options with optional arguments. Each line that starts with a hash (\fB#\fR) symbol is ignored. Option names are case sensitive and of the form \fBOption Argument\fR. There are a few types of arguments:
.TP 
\fBSTRING\fR
String without blank characters.
.TP 
\fBSIZE\fR
Size in bytes. You can use the 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.
.TP 
\fBNUMBER\fR
Unsigned integer.
.SH "DIRECTIVES"
.LP 
If some option is not used (hashed or doesn't exist in the configuration file), clamd takes a default action.
.TP 
\fBExample\fR
If this option is set clamd will not run.
.TP 
\fBLogFile STRING\fR
Enable logging to selected file.
.br 
Default: disabled.
.TP 
\fBLogFileUnlock\fR
Disable a system lock that protects against running clamd with a same configuration multiple times.
.br 
Default: disabled.
.TP 
\fBLogFileMaxSize SIZE\fR
Limit a size of a log file. The logger will be automatically disabled  if the file is greater than SIZE. Value of 0 disables the limit.
.br 
Default: 1M
.TP 
\fBLogTime\fR
Log time with each message.
.br 
Default: disabled.
.TP 
\fBLogClean\fR
Log clean files.
.br 
Default: disabled.
.TP 
\fBLogSyslog\fR
Use system logger (can work together with LogFile).
.br 
Default: disabled.
.TP 
\fBLogVerbose\fR
Enable verbose logging.
.br 
Default: disabled.
.TP 
\fBPidFile STRING\fR
Save a process identifier of a listening daemon (main thread) to a specified file.
.br 
Default: disabled.
.TP 
\fBDatabaseDirectory STRING\fR
Path to a directory containing database files.
.br 
Default: hardcoded directory.
.TP 
\fBLocalSocket STRING\fR
Path to a local (Unix) socket the daemon will listen on.
.br 
Default: disabled.
.TP 
\fBFixStaleSocket\fR
Remove stale socket after unclean shutdown.
.br 
Default: disabled.
.TP 
\fBTCPSocket NUMBER\fR
TCP port number the daemon will listen on.
.br 
Default: disabled.
.TP 
\fBTCPAddr STRING\fR
TCP address to bind to. By default clamd binds to INADDR_ANY.
.br 
Default: disabled.
.TP 
\fBMaxConnectionQueueLength NUMBER\fR
Maximum length the queue of pending connections may grow to.
.br 
Default: 15
.TP 
\fBMaxThreads NUMBER\fR
Maximal number of threads running at the same time.
.br 
Default: 5.
.TP 
\fBThreadTimeout NUMBER\fR
Stop thread\-scanner after specified time (in seconds). Value of 0 disables the timeout.
.br 
Default: 180
.TP 
\fBMaxDirectoryRecursion NUMBER\fR
Maximal depth a directories are scanned at.
.br 
Default: disabled.
.TP 
\fBFollowDirectorySymlinks\fR
Follow a directory symlinks. You should have enabled directory recursion limit to avoid a potential problems.
.br 
Default: disabled.
.TP 
\fBFollowFileSymlinks\fR
Follow regular file symlinks.
.br 
Default: disabled.
.TP 
\fBSelfCheck NUMBER\fR
Do internal checks every NUMBER seconds.
.br 
Default: 3600
.TP 
\fBVirusEvent COMMAND\fR
Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.
\fR
.br 
Default: disabled.
.TP 
\fBUser STRING\fR
Drop priviledges to a selected user.
.br 
Default: disabled.
.TP 
\fBAllowSupplementaryGroups\fR
When started by root and the User option is activated, it will initialize all the groups from /etc/group for which user is a member.
.br 
Default: disabled.
.TP 
\fBForeground\fR
Don't fork into background. Useful in debugging.
.br 
Default: disabled.
.TP 
\fBDebug\fR
Enable debug messages from libclamav. You need to enable the \fBForeground\fR option to see them.
.TP 
\fBStreamSaveToDisk\fR
When activated the input stream (see STREAM command) will be saved to disk before scanning \- this allows scanning within archives.
.br 
Default: disabled.
.TP 
\fBStreamMaxLength SIZE\fR
Close the connection when this limit is exceeded.
.br 
Default: disabled.
.TP 
\fBScanPE\fR
PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
.br 
Default: enabled.
.TP 
\fBDetectBrokenExecutables\fR
With this option clamav will try to detect broken executables and mark them as Broken.Executable.
.br 
Default: disabled.
.TP 
\fBScanOLE2\fR
Enables scanning of Microsoft Office document macros.
.br 
Default: enabled.
.TP 
\fBScanHTML\fR
Enables HTML detection and normalisation.
.br 
Default: enabled.
.TP 
\fBScanMail\fR
Enable scanning of mail files.
.br 
Default: enabled.
.TP 
\fBMailFollowURLs\fR
If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
.br 
Default: disabled.
.TP 
\fBScanArchive\fR
Enable archive scanning.
.br 
Default: disabled.
.TP 
\fBScanRAR\fR
The built\-in RAR unpacker is disabled by default because the code leaks.
.br 
Default: disabled.
.TP 
\fBArchiveMaxFileSize SIZE\fR
Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.
.br 
Default: 10M
.TP 
\fBArchiveMaxRecursion NUMBER\fR
Limit archive recursion level. Value of 0 disables the limit.
.br 
Default: 5
.TP 
\fBArchiveMaxFiles NUMBER\fR
Number of files to be scanned within archive. Value of 0 disables the limit.
.br 
Default: 1000
.TP 
\fBArchiveMaxCompressionRatio NUMBER\fR
Analyze compression ratio and mark potential archive bombs as viruses (0 disables the limit).
.br 
Default: 200
.TP 
\fBArchiveLimitMemoryUsage\fR
Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
.br 
Default: disabled
.TP 
\fBArchiveBlockEncrypted\fR
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
.br 
Default: disabled
.TP 
\fBClamukoScanOnLine\fR
Enable Clamuko \- on\-access scanner for Linux. Dazuko must be already running.
.br 
Default: disabled.
.TP 
\fBClamukoScanOnOpen\fR
Scan a file on open.
.br 
Default: disabled.
.TP 
\fBClamukoScanOnClose\fR
Scan a file on close.
.br 
Default: disabled.
.TP 
\fBClamukoScanOnExec\fR
Scan a file on execute.
.br 
Default: disabled.
.TP 
\fBClamukoIncludePath STRING\fR
Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath options but each directory must be added with a seperate option.
.br 
Default: disabled. Required.
.TP 
\fBClamukoExcludePath\fR
Set the exclude paths. All subdirectories are also excluded.
.br 
Default: disabled.
.TP 
\fBClamukoMaxFileSize SIZE\fR
Don't scan files larger than SIZE.
.br 
Default: 5M
.TP 
\fBClamukoScanArchive\fR
Enable archive scanning. It uses ArchiveMax* limits.
.br 
Default: disabled.
.SH "FILES"
.LP 
/etc/clamav.conf
.br 
/usr/local/etc/clamav.conf
.SH "AUTHOR"
.LP 
Tomasz Kojm <tkojm@clamav.net>
.SH "SEE ALSO"
.LP 
clamd(8), clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamav\-milter(8)