@@ -362,13 +362,18 @@ int command(client_conn_t *conn, int *virus)

 	     cli_unlink(conn->filename);

 	     return ret;

 	 case COMMAND_ALLMATCHSCAN:

-	     thrmgr_setactivetask(NULL, "ALLMATCHSCAN");

-	     scandata.options |= CL_SCAN_ALLMATCHES;

-	     type = TYPE_SCAN;

-	     break;

+	     if (!optget(opts, "AllowAllMatchScan")->enabled) {

+		logg("$Rejecting ALLMATCHSCAN command.\n");

+		conn_reply(conn, conn->filename, "ALLMATCHSCAN command disabled by clamd configuration.", "ERROR");

+		return 1;

+	    }

+	    thrmgr_setactivetask(NULL, "ALLMATCHSCAN");

+	    scandata.options |= CL_SCAN_ALLMATCHES;

+	    type = TYPE_SCAN;

+	    break;

 	 default:

-	     logg("!Invalid command distpached: %d\n", conn->cmdtype);

-	     return 1;

+	    logg("!Invalid command dispatched: %d\n", conn->cmdtype);

+	    return 1;

      }

      scandata.type = type;

@@ -212,6 +212,11 @@ Example

 # Default: no

 #LeaveTemporaryFiles yes

+# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject

+# any ALLMATCHSCAN command as invalid.

+# Default: yes

+#AllowAllMatchScan no

+

 # Detect Possibly Unwanted Applications.

 # Default: no

 #DetectPUA yes

@@ -253,6 +253,8 @@ const struct clam_option __clam_options[] = {

     { "ExitOnOOM", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Stop the daemon when libclamav reports an out of memory condition.", "yes" },

+    { "AllowAllMatchScan", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "Permit use of the ALLMATCHSCAN command.", "yes" },

+

     { "Foreground", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Don't fork into background.", "no" },

     { "Debug", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM, "Enable debug messages in libclamav.", "no" },