Browse code

update

git-svn: trunk@938

Tomasz Kojm authored on 2004/09/28 05:53:24
Showing 13 changed files
... ...
@@ -1,3 +1,8 @@
1
+Mon Sep 27 22:51:05 CEST 2004 (tk)
2
+----------------------------------
3
+  * clamd: add new directive DisableDefaultScanOptions
4
+  * configs, manual pages: clarify default actions for clamd and freshclam
5
+
1 6
 Mon Sep 27 18:12:17 BST 2004 (njh)
2 7
 ----------------------------------
3 8
   * clamav-milter:	added optional iface argument to --broadcast
... ...
@@ -21,12 +21,14 @@
21 21
 
22 22
 #define CL_DEFAULT_CFG CONFDIR"/clamd.conf"
23 23
 #define CL_DEFAULT_BACKLOG 15
24
-#define CL_DEFAULT_MAXTHREADS 5
24
+#define CL_DEFAULT_MAXTHREADS 10
25 25
 #define CL_DEFAULT_SCANTIMEOUT 120
26 26
 #define CL_DEFAULT_LOGSIZE 1048576
27 27
 #define CL_DEFAULT_CLAMUKOMAXFILESIZE 5 * 1048576
28
-#define CL_DEFAULT_SELFCHECK 3600
28
+#define CL_DEFAULT_SELFCHECK 1800
29 29
 #define CL_DEFAULT_MAXWHILEWAIT 120
30 30
 #define CL_DEFAULT_MAXPORTSCAN 1000
31
+#define CL_DEFAULT_MAXDIRREC 15
32
+#define CL_DEFAULT_STREAMMAXLEN 10 * 1048576
31 33
 
32 34
 #endif
... ...
@@ -76,16 +76,20 @@ int dirscan(const char *dirname, const char **virname, unsigned long int *scanne
76 76
 	struct stat statbuf;
77 77
 	struct cfgstruct *cpt;
78 78
 	char *fname;
79
-	int ret = 0, scanret = 0;
79
+	int ret = 0, scanret = 0, maxdirrec = 0;
80 80
 
81
-    if((cpt = cfgopt(copt, "MaxDirectoryRecursion"))) {
82
-	if(cpt->numarg) {
83
-	    if(*reclev > cpt->numarg) {
84
-		logg("*Directory recursion limit exceeded at %s\n", dirname);
85
-		return 0;
86
-	    }
87
-	    (*reclev)++;
81
+
82
+    if((cpt = cfgopt(copt, "MaxDirectoryRecursion")))
83
+	maxdirrec = cpt->numarg;
84
+    else
85
+	maxdirrec = CL_DEFAULT_MAXDIRREC;
86
+
87
+    if(maxdirrec) {
88
+	if(*reclev > maxdirrec) {
89
+	    logg("*Directory recursion limit exceeded at %s\n", dirname);
90
+	    return 0;
88 91
 	}
92
+	(*reclev)++;
89 93
     }
90 94
 
91 95
     if((dd = opendir(dirname)) != NULL) {
... ...
@@ -316,6 +320,9 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root
316 316
 
317 317
     if((cpt = cfgopt(copt, "StreamMaxLength")))
318 318
 	maxsize = cpt->numarg;
319
+    else
320
+	maxsize = CL_DEFAULT_STREAMMAXLEN;
321
+
319 322
 
320 323
     btread = sizeof(buff);
321 324
 
... ...
@@ -195,7 +195,8 @@ static struct cl_node *reload_db(struct cl_node *root, const struct cfgstruct *c
195 195
 
196 196
 int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *copt)
197 197
 {
198
-	int new_sd, max_threads, options=0;
198
+	int new_sd, max_threads, stdopt;
199
+	unsigned int options = 0;
199 200
 	threadpool_t *thr_pool;
200 201
 	struct sigaction sigact;
201 202
 	mode_t old_umask;
... ...
@@ -243,7 +244,15 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
243 243
 	max_threads = CL_DEFAULT_MAXTHREADS;
244 244
     }
245 245
 
246
-    if(cfgopt(copt, "ScanArchive") || cfgopt(copt, "ClamukoScanArchive")) {
246
+    if(cfgopt(copt, "DisableDefaultScanOptions")) {
247
+	logg("RECOMMENDED OPTIONS DISABLED.\n");
248
+	stdopt = 0;
249
+    } else {
250
+	options |= CL_SCAN_STDOPT;
251
+	stdopt = 1;
252
+    }
253
+
254
+    if(stdopt || cfgopt(copt, "ScanArchive") || cfgopt(copt, "ClamukoScanArchive")) {
247 255
 
248 256
 	/* set up limits */
249 257
 	memset(&limits, 0, sizeof(struct cl_limits));
... ...
@@ -256,7 +265,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
256 256
 	    }
257 257
 	} else {
258 258
 	    limits.maxfilesize = 10485760;
259
-	    logg("^USING HARDCODED LIMIT: Archive: Archived file size limit set to %d bytes.\n", limits.maxfilesize);
259
+	    logg("Archive: Archived file size limit set to %d bytes.\n", limits.maxfilesize);
260 260
 	}
261 261
 
262 262
 	if((cpt = cfgopt(copt, "ArchiveMaxRecursion"))) {
... ...
@@ -267,7 +276,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
267 267
 	    }
268 268
 	} else {
269 269
 	    limits.maxreclevel = 5;
270
-	    logg("^USING HARDCODED LIMIT: Archive: Recursion level set to %d.\n", limits.maxreclevel);
270
+	    logg("Archive: Recursion level limit set to %d.\n", limits.maxreclevel);
271 271
 	}
272 272
 
273 273
 	if((cpt = cfgopt(copt, "ArchiveMaxFiles"))) {
... ...
@@ -278,7 +287,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
278 278
 	    }
279 279
 	} else {
280 280
 	    limits.maxfiles = 1000;
281
-	    logg("^USING HARDCODED LIMIT: Archive: Files limit set to %d.\n", limits.maxfiles);
281
+	    logg("Archive: Files limit set to %d.\n", limits.maxfiles);
282 282
 	}
283 283
 
284 284
 	if((cpt = cfgopt(copt, "ArchiveMaxCompressionRatio"))) {
... ...
@@ -288,8 +297,8 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
288 288
 		logg("^Archive: Compression ratio limit disabled.\n");
289 289
 	    }
290 290
 	} else {
291
-	    limits.maxratio = 200;
292
-	    logg("^USING HARDCODED LIMIT: Archive: Compression ratio limit set to %d.\n", limits.maxratio);
291
+	    limits.maxratio = 250;
292
+	    logg("Archive: Compression ratio limit set to %d.\n", limits.maxratio);
293 293
 	}
294 294
 
295 295
 	if(cfgopt(copt, "ArchiveLimitMemoryUsage")) {
... ...
@@ -326,7 +335,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
326 326
 	logg("Archive support disabled.\n");
327 327
     }
328 328
 
329
-    if(cfgopt(copt, "ScanPE")) {
329
+    if(stdopt || cfgopt(copt, "ScanPE")) {
330 330
 	logg("Portable Executable support enabled.\n");
331 331
 	options |= CL_SCAN_PE;
332 332
 
... ...
@@ -339,7 +348,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
339 339
 	logg("Portable Executable support disabled.\n");
340 340
     }
341 341
 
342
-    if(cfgopt(copt, "ScanMail")) {
342
+    if(stdopt || cfgopt(copt, "ScanMail")) {
343 343
 	logg("Mail files support enabled.\n");
344 344
 	options |= CL_SCAN_MAIL;
345 345
 
... ...
@@ -352,14 +361,14 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop
352 352
 	logg("Mail files support disabled.\n");
353 353
     }
354 354
 
355
-    if(cfgopt(copt, "ScanOLE2")) {
355
+    if(stdopt || cfgopt(copt, "ScanOLE2")) {
356 356
 	logg("OLE2 support enabled.\n");
357 357
 	options |= CL_SCAN_OLE2;
358 358
     } else {
359 359
 	logg("OLE2 support disabled.\n");
360 360
     }
361 361
 
362
-    if(cfgopt(copt, "ScanHTML")) {
362
+    if(stdopt || cfgopt(copt, "ScanHTML")) {
363 363
 	logg("HTML support enabled.\n");
364 364
 	options |= CL_SCAN_HTML;
365 365
     } else {
... ...
@@ -149,7 +149,7 @@ int command(int desc, const struct cl_node *root, const struct cl_limits *limits
149 149
     } else if(!strncmp(buff, CMD9, strlen(CMD9))) { /* SESSION */
150 150
 	do {
151 151
 	    if(!is_fd_connected(desc)) {
152
-		logg("Client disconnected without END\n");
152
+		logg("SESSION: Client disconnected without END\n");
153 153
 		return 0;
154 154
 	    }
155 155
 	    ret = command(desc, root, limits, options, copt, -1);
... ...
@@ -26,7 +26,7 @@ Reload the virus databases.
26 26
 Perform a clean exit.
27 27
 .TP 
28 28
 \fBSCAN file/directory\fR
29
-Scan a file or directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required.
29
+Scan a file or a directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required.
30 30
 .TP 
31 31
 \fBRAWSCAN file/directory\fR
32 32
 Scan a file or directory (recursively) with archive support disabled. A full path is required.
... ...
@@ -1,25 +1,25 @@
1 1
 .\" Manual page created by Tomasz Kojm, 20021001.
2
-.TH "clamd.conf" "5" "September 2, 2004" "Tomasz Kojm" "Clam AntiVirus"
2
+.TH "clamd.conf" "5" "September 27, 2004" "Tomasz Kojm" "Clam AntiVirus"
3 3
 .SH "NAME"
4 4
 .LP 
5
-\fBclamd.conf\fR \- a configuration file for Clam AntiVirus Daemon
5
+\fBclamd.conf\fR \- Configuration file for Clam AntiVirus Daemon
6 6
 .SH "DESCRIPTION"
7 7
 .LP 
8 8
 clamd.conf configures the Clam AntiVirus daemon, clamd(8).
9 9
 .SH "FILE FORMAT"
10
-The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options are are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:
10
+The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:
11 11
 .TP 
12 12
 \fBSTRING\fR
13 13
 String without blank characters.
14 14
 .TP 
15 15
 \fBSIZE\fR
16
-Size in bytes. You can use a 'M' or 'm' modifiers for megabytes and a 'K' or 'k' for kilobytes.
16
+Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.
17 17
 .TP 
18 18
 \fBNUMBER\fR
19 19
 Unsigned integer.
20 20
 .SH "DIRECTIVES"
21 21
 .LP 
22
-When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action.
22
+When an option is not used (hashed or doesn't exist in the configuration file) clamd takes a default action.
23 23
 .TP 
24 24
 \fBExample\fR
25 25
 If this option is set clamd will not run.
... ...
@@ -27,67 +27,72 @@ If this option is set clamd will not run.
27 27
 \fBLogFile STRING\fR
28 28
 Enable logging to selected file.
29 29
 .br 
30
-Default: disabled.
30
+Default: disabled
31 31
 .TP 
32 32
 \fBLogFileUnlock\fR
33 33
 Disable a system lock that protects against running clamd with a same configuration file multiple times.
34 34
 .br 
35
-Default: disabled.
35
+Default: disabled
36 36
 .TP 
37 37
 \fBLogFileMaxSize SIZE\fR
38
-Limit a size of a log file. The logger will be automatically disabled  if the file is greater than SIZE. Value of 0 disables the limit.
38
+Limit the size of a log file. The logger will be automatically disabled  if the file is greater than SIZE. Value of 0 disables the limit.
39 39
 .br 
40 40
 Default: 1M
41 41
 .TP 
42 42
 \fBLogTime\fR
43 43
 Log time with each message.
44 44
 .br 
45
-Default: disabled.
45
+Default: disabled
46 46
 .TP 
47 47
 \fBLogClean\fR
48 48
 Log clean files.
49 49
 .br 
50
-Default: disabled.
50
+Default: disabled
51 51
 .TP 
52 52
 \fBLogSyslog\fR
53 53
 Use system logger (can work together with LogFile).
54 54
 .br 
55
-Default: disabled.
55
+Default: disabled
56
+.TP 
57
+\fBLogFacility\fR
58
+Specify the type of syslog messages \- please refer to 'man syslog' for facility names.
59
+.br 
60
+Default: LOG_LOCAL6
56 61
 .TP 
57 62
 \fBLogVerbose\fR
58 63
 Enable verbose logging.
59 64
 .br 
60
-Default: disabled.
65
+Default: disabled
61 66
 .TP 
62 67
 \fBPidFile STRING\fR
63
-Save a process identifier of a listening daemon (main thread) to a specified file.
68
+Save the process identifier of a listening daemon (main thread) to a specified file.
64 69
 .br 
65
-Default: disabled.
70
+Default: disabled
66 71
 .TP 
67 72
 \fBDatabaseDirectory STRING\fR
68 73
 Path to a directory containing database files.
69 74
 .br 
70
-Default: hardcoded directory.
75
+Default: @DBDIR@
71 76
 .TP 
72 77
 \fBLocalSocket STRING\fR
73 78
 Path to a local (Unix) socket the daemon will listen on.
74 79
 .br 
75
-Default: disabled.
80
+Default: disabled
76 81
 .TP 
77 82
 \fBFixStaleSocket\fR
78 83
 Remove stale socket after unclean shutdown.
79 84
 .br 
80
-Default: disabled.
85
+Default: disabled
81 86
 .TP 
82 87
 \fBTCPSocket NUMBER\fR
83 88
 TCP port number the daemon will listen on.
84 89
 .br 
85
-Default: disabled.
90
+Default: disabled
86 91
 .TP 
87 92
 \fBTCPAddr STRING\fR
88 93
 TCP address to bind to. By default clamd binds to INADDR_ANY.
89 94
 .br 
90
-Default: disabled.
95
+Default: disabled
91 96
 .TP 
92 97
 \fBMaxConnectionQueueLength NUMBER\fR
93 98
 Maximum length the queue of pending connections may grow to.
... ...
@@ -97,106 +102,101 @@ Default: 15
97 97
 \fBMaxThreads NUMBER\fR
98 98
 Maximal number of threads running at the same time.
99 99
 .br 
100
-Default: 5.
100
+Default: 10
101 101
 .TP 
102
-\fBThreadTimeout NUMBER\fR
103
-Stop thread\-scanner after specified time (in seconds). Value of 0 disables the timeout.
102
+\fBReadTimeout NUMBER\fR
103
+Waiting for data from a client socket will timeout after this time (seconds).
104 104
 .br 
105
-Default: 180
105
+Default: 120
106 106
 .TP 
107 107
 \fBMaxDirectoryRecursion NUMBER\fR
108
-Maximal depth a directories are scanned at.
108
+Maximal depth directories are scanned at.
109 109
 .br 
110
-Default: disabled.
110
+Default: 15
111 111
 .TP 
112 112
 \fBFollowDirectorySymlinks\fR
113
-Follow a directory symlinks. You should have enabled directory recursion limit to avoid a potential problems.
113
+Follow directory symlinks.
114 114
 .br 
115
-Default: disabled.
115
+Default: disabled
116 116
 .TP 
117 117
 \fBFollowFileSymlinks\fR
118 118
 Follow regular file symlinks.
119 119
 .br 
120
-Default: disabled.
120
+Default: disabled
121 121
 .TP 
122 122
 \fBSelfCheck NUMBER\fR
123
-Do internal checks every NUMBER seconds.
123
+Do internal sanity checks every NUMBER seconds.
124 124
 .br 
125
-Default: 3600
125
+Default: 1800
126 126
 .TP 
127 127
 \fBVirusEvent COMMAND\fR
128 128
 Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.
129 129
 \fR
130 130
 .br 
131
-Default: disabled.
131
+Default: disabled
132 132
 .TP 
133 133
 \fBUser STRING\fR
134
-Drop priviledges to a selected user.
134
+Run as selected user.
135 135
 .br 
136
-Default: disabled.
136
+Default: disabled
137 137
 .TP 
138 138
 \fBAllowSupplementaryGroups\fR
139
-When started by root and the User option is activated, it will initialize all the groups from /etc/group for which user is a member.
139
+Initialize supplementary group access (clamd must be started by root).
140 140
 .br 
141
-Default: disabled.
141
+Default: disabled
142 142
 .TP 
143 143
 \fBForeground\fR
144
-Don't fork into background. Useful in debugging.
144
+Don't fork into background.
145 145
 .br 
146
-Default: disabled.
146
+Default: disabled
147 147
 .TP 
148 148
 \fBDebug\fR
149
-Enable debug messages from libclamav. You need to enable the \fBForeground\fR option to see them.
150
-.TP 
151
-\fBStreamSaveToDisk\fR
152
-When activated the input stream (see STREAM command) will be saved to disk before scanning \- this allows scanning within archives.
153
-.br 
154
-Default: disabled.
149
+Enable debug messages from libclamav.
155 150
 .TP 
156 151
 \fBStreamMaxLength SIZE\fR
157 152
 Close the connection when this limit is exceeded.
158 153
 .br 
159
-Default: disabled.
154
+Default: 10M
155
+.TP 
156
+\fBDisableDefaultScanOptions\fR
157
+By default clamd uses scan options recommended by libclamav. This option disables recommended options and allows you to enable selected options. DO NOT ENABLE IT unless you know what you are doing.
158
+.br 
159
+Default: disabled
160 160
 .TP 
161 161
 \fBScanPE\fR
162 162
 PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
163 163
 .br 
164
-Default: enabled.
164
+Default: enabled
165 165
 .TP 
166 166
 \fBDetectBrokenExecutables\fR
167
-With this option clamav will try to detect broken executables and mark them as Broken.Executable.
167
+With this option clamd will try to detect broken executables and mark them as Broken.Executable.
168 168
 .br 
169
-Default: disabled.
169
+Default: disabled
170 170
 .TP 
171 171
 \fBScanOLE2\fR
172 172
 Enables scanning of Microsoft Office document macros.
173 173
 .br 
174
-Default: enabled.
174
+Default: enabled
175 175
 .TP 
176 176
 \fBScanHTML\fR
177 177
 Enables HTML detection and normalisation.
178 178
 .br 
179
-Default: enabled.
179
+Default: enabled
180 180
 .TP 
181 181
 \fBScanMail\fR
182 182
 Enable scanning of mail files.
183 183
 .br 
184
-Default: enabled.
184
+Default: enabled
185 185
 .TP 
186 186
 \fBMailFollowURLs\fR
187 187
 If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
188 188
 .br 
189
-Default: disabled.
189
+Default: disabled
190 190
 .TP 
191 191
 \fBScanArchive\fR
192 192
 Enable archive scanning.
193 193
 .br 
194
-Default: disabled.
195
-.TP 
196
-\fBScanRAR\fR
197
-The built\-in RAR unpacker is disabled by default because the code leaks.
198
-.br 
199
-Default: disabled.
194
+Default: enabled
200 195
 .TP 
201 196
 \fBArchiveMaxFileSize SIZE\fR
202 197
 Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.
... ...
@@ -214,9 +214,9 @@ Number of files to be scanned within archive. Value of 0 disables the limit.
214 214
 Default: 1000
215 215
 .TP 
216 216
 \fBArchiveMaxCompressionRatio NUMBER\fR
217
-Analyze compression ratio and mark potential archive bombs as viruses (0 disables the limit).
217
+Analyze compression ratio of every file in an archive and mark potential archive bombs as viruses (0 disables the limit).
218 218
 .br 
219
-Default: 200
219
+Default: 250
220 220
 .TP 
221 221
 \fBArchiveLimitMemoryUsage\fR
222 222
 Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
... ...
@@ -236,32 +236,32 @@ Default: disabled
236 236
 \fBClamukoScanOnLine\fR
237 237
 Enable Clamuko \- on\-access scanner for Linux. Dazuko must be already running.
238 238
 .br 
239
-Default: disabled.
239
+Default: disabled
240 240
 .TP 
241 241
 \fBClamukoScanOnOpen\fR
242
-Scan a file on open.
242
+Scan files on open.
243 243
 .br 
244
-Default: disabled.
244
+Default: disabled
245 245
 .TP 
246 246
 \fBClamukoScanOnClose\fR
247
-Scan a file on close.
247
+Scan files on close.
248 248
 .br 
249 249
 Default: disabled.
250 250
 .TP 
251 251
 \fBClamukoScanOnExec\fR
252
-Scan a file on execute.
252
+Scan files on execute.
253 253
 .br 
254
-Default: disabled.
254
+Default: disabled
255 255
 .TP 
256 256
 \fBClamukoIncludePath STRING\fR
257
-Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath options but each directory must be added with a seperate option.
257
+Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a seperate line).
258 258
 .br 
259
-Default: disabled. Required.
259
+Default: disabled
260 260
 .TP 
261 261
 \fBClamukoExcludePath\fR
262
-Set the exclude paths. All subdirectories are also excluded.
262
+Set the exclude paths. All subdirectories will also be excluded.
263 263
 .br 
264
-Default: disabled.
264
+Default: disabled
265 265
 .TP 
266 266
 \fBClamukoMaxFileSize SIZE\fR
267 267
 Don't scan files larger than SIZE.
... ...
@@ -271,7 +271,7 @@ Default: 5M
271 271
 \fBClamukoScanArchive\fR
272 272
 Enable archive scanning. It uses ArchiveMax* limits.
273 273
 .br 
274
-Default: disabled.
274
+Default: disabled
275 275
 .SH "FILES"
276 276
 .LP 
277 277
 @CFGDIR@/clamd.conf
... ...
@@ -1,5 +1,5 @@
1 1
 .\" Manual page created by Magnus Ekdahl and Thomas Lamy
2
-.TH "freshclam.conf" "5" "September 2, 2004" "Thomas Lamy" "Clam AntiVirus"
2
+.TH "freshclam.conf" "5" "September 27, 2004" "Thomas Lamy" "Clam AntiVirus"
3 3
 .SH "NAME"
4 4
 .LP 
5 5
 \fBfreshclam.conf\fR \- Configuration file for Clam AntiVirus Database Updater
... ...
@@ -7,13 +7,13 @@
7 7
 .LP 
8 8
 The file freshclam.conf configures the Clam AntiVirus Database Updater, freshclam(1).
9 9
 .SH "FILE FORMAT"
10
-The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options are are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:
10
+The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are of the following types:
11 11
 .TP 
12 12
 \fBSTRING\fR
13 13
 String without blank characters.
14 14
 .TP 
15 15
 \fBSIZE\fR
16
-Size in bytes. You can use a 'M' or 'm' modifiers for megabytes and a 'K' or 'k' for kilobytes.
16
+Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.
17 17
 .TP 
18 18
 \fBNUMBER\fR
19 19
 Unsigned integer.
... ...
@@ -22,18 +22,21 @@ Unsigned integer.
22 22
 When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action.
23 23
 .TP 
24 24
 \fBExample\fR
25
-If this option is set clamd will not run.
25
+If this option is set freshclam will not run.
26 26
 .TP 
27 27
 \fBDatabaseOwner STRING\fR
28
-When started by root, drop privileges to a specified user. Default is \"clamav\".
28
+When started by root, drop privileges to a specified user. .br 
29
+Default: @CLAMAVUSER@
29 30
 .TP 
30 31
 \fBDatabaseDirectory STRING\fR
31 32
 Path to a directory containing database files.
32 33
 .br 
33
-Default: hardcoded directory
34
+Default: @DBDIR@
34 35
 .TP 
35 36
 \fBChecks NUM\fR
36
-Number of database checks per day. 12 is the recommended number.
37
+Number of database checks per day.
38
+.br 
39
+Default: 12
37 40
 .TP 
38 41
 \fBUpdateLogFile STRING\fR
39 42
 Enable logging to a specified file. Highly recommended.
... ...
@@ -45,20 +48,30 @@ Enable logging to Syslog.  May be used in combination with UpdateLogFile
45 45
 .br 
46 46
 Default: disabled.
47 47
 .TP 
48
+\fBLogFacility\fR
49
+Specify the type of syslog messages \- please refer to 'man syslog' for facility names.
50
+.br 
51
+Default: LOG_LOCAL6
52
+.TP 
48 53
 \fBLogVerbose\fR
49 54
 Enable verbose logging.
55
+.br 
56
+Default: disabled
57
+.TP 
58
+\fBDNSDatabaseInfo STRING\fR
59
+This directive enables database and software version verification through DNS TXT records. We highly recommend enabling it. Please use the current.cvd.clamav.net record.
60
+.br 
61
+Default: disabled
50 62
 .TP 
51 63
 \fBDatabaseMirror STRING\fR
52
-Server name where database updates are downloaded from. The default is database.clamav.net, which points to all official mirrors.
53
-.br .
54
-If this option is given multiple times, freshclam(1) tries them in the order given if one download fails.
64
+Server name where database updates are downloaded from. database.clamav.net is a round\-robin record which points ClamAV users to most reliable mirrors. If this option is given multiple times, freshclam(1) tries them in the order given if one download fails.
55 65
 .br 
56
-There is no default, which results in an error when running freshclam(1).
66
+Default: There is no default, which results in an error when running freshclam(1).
57 67
 .TP 
58 68
 \fBMaxAttempts NUM\fR
59 69
 Freshclam(1) tries every mirror this number of times before switching to the next mirror.
60 70
 .br .
61
-Default is to try once per mirror.
71
+Default: 3 (per mirror)
62 72
 .TP 
63 73
 \fBHTTPProxyServer STR\fR, \fBHTTPProxyPort NUM\fR
64 74
 Use given proxy server and TCP port for database downloads.
... ...
@@ -71,13 +84,17 @@ Default: no proxy authentication
71 71
 \fBNotifyClamd \[STRING\]\fR
72 72
 Notify a running clamd(8) to reload it\'s database after a download has occured. Optionally a clamd.conf(5) file location may be given to tell freshclam(1) how to communicate with clamd(8).
73 73
 .br .
74
-The default is to not notify clamd. See clamd.conf(5)\'s option SelfCheck for how clamd(8) handles database updates in this case.
74
+Default: The default is to not notify clamd. See clamd.conf(5)\'s option SelfCheck for how clamd(8) handles database updates in this case.
75 75
 .TP 
76 76
 \fBOnUpdateExecute STRING\fR
77 77
 Execute this command after the database has been successfully updated.
78
+.br 
79
+Default: disabled
78 80
 .TP 
79 81
 \fBOnErrorExecute\fR
80 82
 Execute this command after a database update has failed.
83
+.br 
84
+Default: disabled
81 85
 .SH "NOTE"
82 86
 While not reasonable, any configuration option from clamd.conf(5) may be given.
83 87
 .SH "FILES"
... ...
@@ -8,128 +8,149 @@
8 8
 Example
9 9
 
10 10
 # Uncomment this option to enable logging.
11
-# LogFile must be writable for the user running the daemon.
12
-# Full path is required.
11
+# LogFile must be writable for the user running daemon.
12
+# A full path is required.
13
+# Default: disabled
13 14
 #LogFile /tmp/clamd.log
14 15
 
15 16
 # By default the log file is locked for writing - the lock protects against
16 17
 # running clamd multiple times (if want to run another clamd, please
17 18
 # copy the configuration file, change the LogFile variable, and run
18
-# the daemon with --config-file option). That's why you shouldn't uncomment
19
-# this option.
19
+# the daemon with --config-file option).
20
+# This option disables log file locking.
21
+# Default: disabled
20 22
 #LogFileUnlock
21 23
 
22
-# Maximal size of the log file. Default is 1 Mb.
24
+# Maximal size of the log file.
23 25
 # Value of 0 disables the limit.
24 26
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
25 27
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
26 28
 # in bytes just don't use modifiers.
29
+# Default: 1M
27 30
 #LogFileMaxSize 2M
28 31
 
29
-# Log time with an each message.
32
+# Log time with each message.
33
+# Default: disabled
30 34
 #LogTime
31 35
 
32
-# Log also clean files. May be useful in debugging but will drastically
33
-# increase the log size.
36
+# Also log clean files. Useful in debugging but drastically increases the
37
+# log size.
38
+# Default: disabled
34 39
 #LogClean
35 40
 
36 41
 # Use system logger (can work together with LogFile).
42
+# Default: disabled
37 43
 #LogSyslog
38 44
 
39 45
 # Specify the type of syslog messages - please refer to 'man syslog'
40
-# for facility names. Default is LOG_LOCAL6.
46
+# for facility names.
47
+# Default: LOG_LOCAL6
41 48
 #LogFacility LOG_MAIL
42 49
 
43 50
 # Enable verbose logging.
51
+# Default: disabled
44 52
 #LogVerbose
45 53
 
46
-# This option allows you to save the process identifier of the listening
54
+# This option allows you to save a process identifier of the listening
47 55
 # daemon (main thread).
56
+# Default: disabled
48 57
 #PidFile /var/run/clamd.pid
49 58
 
50 59
 # Optional path to the global temporary directory.
51
-# Default is system specific - usually /var/tmp or /tmp.
60
+# Default: system specific (usually /tmp or /var/tmp).
52 61
 #TemporaryDirectory /var/tmp
53 62
 
54 63
 # Path to the database directory.
55
-# Default is the hardcoded directory (mostly /usr/local/share/clamav,
56
-# but it depends on installation options).
64
+# Default: hardcoded (depends on installation options)
57 65
 #DatabaseDirectory /var/lib/clamav
58 66
 
59
-# The daemon works in local or network mode. Currently the local mode is
60
-# recommended for security reasons.
67
+# The daemon works in a local OR a network mode. Due to security reasons we
68
+# recommend the local mode.
61 69
 
62
-# Path to the local socket. The daemon doesn't change the mode of the
63
-# created file (portability reasons). You may want to create it in a directory
64
-# which is only accessible for a user running daemon.
70
+# Path to a local socket file the daemon will listen on.
71
+# Default: disabled
65 72
 LocalSocket /tmp/clamd
66 73
 
67 74
 # Remove stale socket after unclean shutdown.
75
+# Default: disabled
68 76
 FixStaleSocket
69 77
 
70 78
 # TCP port address.
79
+# Default: disabled
71 80
 #TCPSocket 3310
72 81
 
73 82
 # TCP address.
74 83
 # By default we bind to INADDR_ANY, probably not wise.
75 84
 # Enable the following to provide some degree of protection
76 85
 # from the outside world.
86
+# Default: disabled
77 87
 #TCPAddr 127.0.0.1
78 88
 
79 89
 # Maximum length the queue of pending connections may grow to.
80
-# Default is 15.
90
+# Default: 15
81 91
 #MaxConnectionQueueLength 30
82 92
 
83 93
 # Close the connection if this limit is exceeded.
84
-#StreamMaxLength 10M
94
+# Default: 10M
95
+#StreamMaxLength 20M
85 96
 
86
-# Maximal number of a threads running at the same time.
87
-# Default is 5, and it should be sufficient for a typical workstation.
88
-# You may need to increase threads number for a server machine.
89
-#MaxThreads 10
97
+# Maximal number of threads running at the same time.
98
+# Default: 10
99
+#MaxThreads 20
90 100
 
91 101
 # Waiting for data from a client socket will timeout after this time (seconds).
92
-# Default is 120. Value of 0 disables the timeout.
102
+# Value of 0 disables the timeout.
103
+# Default: 120
93 104
 #ReadTimeout 300
94 105
 
95
-# Maximal depth the directories are scanned at.
96
-MaxDirectoryRecursion 15
106
+# Maximal depth directories are scanned at.
107
+# Default: 15
108
+#MaxDirectoryRecursion 20
97 109
 
98
-# Follow a directory symlinks.
99
-# SECURITY HINT: You should have enabled directory recursion limit to
100
-# avoid potential problems.
110
+# Follow directory symlinks.
111
+# Default: disabled
101 112
 #FollowDirectorySymlinks
102 113
 
103 114
 # Follow regular file symlinks.
115
+# Default: disabled
104 116
 #FollowFileSymlinks
105 117
 
106
-# Do internal checks (eg. check the integrity of the database structures)
107
-# By default clamd checks itself every 3600 seconds (1 hour).
118
+# Perform internal sanity check (database integrity and freshness).
119
+# Default: 1800 (30 min)
108 120
 #SelfCheck 600
109 121
 
110
-# Execute a command when a virus is found. In the command string %v will
111
-# be replaced by the virus name.
112
-#
122
+# Execute a command when virus is found. In the command string %v will
123
+# be replaced by a virus name.
124
+# Default: disabled
113 125
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
114 126
 
115
-# Run as selected user (clamd must be started by root).
116
-# By default it doesn't drop privileges.
127
+# Run as a selected user (clamd must be started by root).
128
+# Default: disabled
117 129
 #User clamav
118 130
 
119
-# Initialize the supplementary group access (for all groups in /etc/group
120
-# user is added in. clamd must be started by root).
131
+# Initialize supplementary group access (clamd must be started by root).
132
+# Default: disabled
121 133
 #AllowSupplementaryGroups
122 134
 
123
-# Don't fork into background. Useful in debugging.
135
+# Don't fork into background.
136
+# Default: disabled
124 137
 #Foreground
125 138
 
126 139
 # Enable debug messages in libclamav.
140
+# Default: disabled
127 141
 #Debug
128 142
 
129 143
 # Do not remove temporary files (for debug purposes).
144
+# Default: disabled
130 145
 #LeaveTemporaryFiles
131 146
 
132 147
 
148
+# By default clamd uses scan options recommended by libclamav. This option
149
+# disables recommended options and allows you to enable selected ones below.
150
+# DO NOT TOUCH IT unless you know what you are doing.
151
+# Default: disabled
152
+#DisableDefaultScanOptions
153
+
133 154
 ##
134 155
 ## Executable files
135 156
 ##
... ...
@@ -137,11 +158,14 @@ MaxDirectoryRecursion 15
137 137
 # PE stands for Portable Executable - it's an executable file format used
138 138
 # in all 32-bit versions of Windows operating systems. This option allows
139 139
 # ClamAV to perform a deeper analysis of executable files and it's also
140
-# required for decompression of popular executable packers such as UPX.
141
-ScanPE
140
+# required for decompression of popular executable packers such as UPX, FSG,
141
+# and Petite.
142
+# Default: enabled
143
+#ScanPE
142 144
 
143 145
 # With this option clamav will try to detect broken executables and mark
144 146
 # them as Broken.Executable
147
+# Default: disabled
145 148
 #DetectBrokenExecutables
146 149
 
147 150
 
... ...
@@ -150,18 +174,21 @@ ScanPE
150 150
 ##
151 151
 
152 152
 # This option enables scanning of Microsoft Office document macros.
153
-ScanOLE2
153
+# Default: enabled
154
+#ScanOLE2
154 155
 
155 156
 ##
156 157
 ## Mail files
157 158
 ##
158 159
 
159 160
 # Enable internal e-mail scanner.
160
-ScanMail
161
+# Default: enabled
162
+#ScanMail
161 163
 
162 164
 # If an email contains URLs ClamAV can download and scan them.
163 165
 # WARNING: This option may open your system to a DoS attack.
164 166
 #	   Never use it on loaded servers.
167
+# Default: disabled
165 168
 #MailFollowURLs
166 169
 
167 170
 
... ...
@@ -169,54 +196,57 @@ ScanMail
169 169
 ## HTML
170 170
 ##
171 171
 
172
-# This option enables HTML detection and normalisation. It's highly
173
-# recommended and required to detect popular exploits.
174
-ScanHTML
172
+# Perform HTML normalisation and decryption of MS Script Encoder code.
173
+# Default: enabled
174
+#ScanHTML
175 175
 
176 176
 
177 177
 ##
178 178
 ## Archives
179 179
 ##
180 180
 
181
-# Comment this line to disable scanning of the archives.
182
-ScanArchive
183
-
184
-# By default the built-in RAR unpacker is disabled by default because the code
185
-# terribly leaks, however it's probably a good idea to enable it.
186
-#ScanRAR
181
+# ClamAV can scan within archives and compressed files.
182
+# Default: enabled
183
+#ScanArchive
187 184
 
188
-# Options below protect your system against Denial of Service attacks
189
-# with archive bombs.
185
+# The options below protect your system against Denial of Service attacks
186
+# using archive bombs.
190 187
 
191 188
 # Files in archives larger than this limit won't be scanned.
192 189
 # Value of 0 disables the limit.
193
-# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
194
-#	   archives are decompressed to the memory. That's why never disable
195
-#	   this limit (but you may increase it of course!)
196
-ArchiveMaxFileSize 10M
197
-
198
-# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
199
-# the RAR file will be decompressed, too (but only if recursion limit is set
200
-# at least to 1). With this option you may set the recursion level.
190
+# Default: 10M
191
+#ArchiveMaxFileSize 15M
192
+
193
+# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
194
+# file, all files within it will also be scanned. This options specifies how
195
+# deep the process should be continued.
201 196
 # Value of 0 disables the limit.
202
-ArchiveMaxRecursion 5
197
+# Default: 5
198
+#ArchiveMaxRecursion 8
203 199
 
204
-# Number of files to be scanned within archive.
200
+# Number of files to be scanned within an archive.
205 201
 # Value of 0 disables the limit.
206
-ArchiveMaxFiles 1000
202
+# Default: 1000
203
+#ArchiveMaxFiles 1500
207 204
 
208
-# Mark potential archive bombs as viruses (0 disables the limit)
209
-ArchiveMaxCompressionRatio 200
205
+# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
206
+# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
207
+# Value of 0 disables the limit.
208
+# Default: 250
209
+#ArchiveMaxCompressionRatio 300
210 210
 
211
-# Use slower decompression algorithm which uses less memory. This option 
212
-# affects bzip2 decompressor only.
211
+# Use slower but memory efficient decompression algorithm.
212
+# only affects the bzip2 decompressor.
213
+# Default: disabled
213 214
 #ArchiveLimitMemoryUsage
214 215
 
215 216
 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
217
+# Default: disabled
216 218
 #ArchiveBlockEncrypted
217 219
 
218 220
 # Mark archives as viruses if ArchiveMaxFiles, ArchiveMaxFileSize, or
219 221
 # ArchiveMaxRecursion limit is reached.
222
+# Default: disabled
220 223
 #ArchiveBlockMax
221 224
 
222 225
 
... ...
@@ -227,28 +257,30 @@ ArchiveMaxCompressionRatio 200
227 227
 ##
228 228
 
229 229
 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
230
+# Default: disabled
230 231
 #ClamukoScanOnAccess
231 232
 
232 233
 # Set access mask for Clamuko.
233
-ClamukoScanOnOpen
234
-ClamukoScanOnClose
235
-ClamukoScanOnExec
234
+# Default: disabled
235
+#ClamukoScanOnOpen
236
+#ClamukoScanOnClose
237
+#ClamukoScanOnExec
236 238
 
237 239
 # Set the include paths (all files in them will be scanned). You can have
238
-# multiple ClamukoIncludePath options, but each directory must be added
239
-# in a seperate option. All subdirectories are scanned, too.
240
-ClamukoIncludePath /home
240
+# multiple ClamukoIncludePath directives but each directory must be added
241
+# in a seperate line.
242
+# Default: disabled
243
+#ClamukoIncludePath /home
241 244
 #ClamukoIncludePath /students
242 245
 
243 246
 # Set the exclude paths. All subdirectories are also excluded.
247
+# Default: disabled
244 248
 #ClamukoExcludePath /home/guru
245 249
 
246
-# Limit the file size to be scanned (probably you don't want to scan your movie
247
-# files ;))
248
-# Value of 0 disables the limit. 1 Mb should be fine.
249
-ClamukoMaxFileSize 1M
250
+# Don't scan files larger than ClamukoMaxFileSize
251
+# Value of 0 disables the limit.
252
+# Default: 5M
253
+#ClamukoMaxFileSize 10M
250 254
 
251
-# Enable archive support. It uses the limits from clamd section.
252
-# (This option doesn't depend on ScanArchive, you can have archive support
253
-# in clamd disabled).
254
-ClamukoScanArchive
255
+# FIXME: Add support for other directives.
256
+#ClamukoScanArchive
... ...
@@ -1,58 +1,87 @@
1 1
 ##
2 2
 ## Example config file for freshclam
3
-## Please read the clamd.conf(5) manual before editing this file.
3
+## Please read the freshclam.conf(5) manual before editing this file.
4 4
 ## This file may be optionally merged with clamd.conf.
5 5
 ##
6 6
 
7
-# It must match clamd.conf's directive!
7
+
8
+# Comment or remove the line below.
9
+Example
10
+
11
+# Path to the database directory.
12
+# WARNING: It must match clamd.conf's directive!
13
+# Default: hardcoded (depends on installation options)
8 14
 #DatabaseDirectory /var/lib/clamav
9 15
 
10 16
 # Path to the log file (make sure it has proper permissions)
17
+# Default: disabled
11 18
 #UpdateLogFile /var/log/freshclam.log
12 19
 
13 20
 # Enable verbose logging.
21
+# Default: disabled
14 22
 #LogVerbose
15 23
 
16 24
 # Use system logger (can work together with UpdateLogFile).
25
+# Default: disabled
17 26
 #LogSyslog
18 27
 
19 28
 # Specify the type of syslog messages - please refer to 'man syslog'
20
-# for facility names. Default is LOG_LOCAL6.
29
+# for facility names.
30
+# Default: LOG_LOCAL6
21 31
 #LogFacility LOG_MAIL
22 32
 
23 33
 # This option allows you to save the process identifier of the daemon
34
+# Default: disabled
24 35
 #PidFile /var/run/freshclam.pid
25 36
 
26
-# By default when freshclam is started by root it drops privileges and
27
-# switches to the "clamav" user. You can change this behaviour here.
37
+# By default when started freshclam drops privileges and switches to the
38
+# "clamav" user. This directive allows you to change the database owner.
39
+# Default: clamav (may depend on installation options)
28 40
 #DatabaseOwner clamav
29 41
 
30
-# Use DNS to verify virus database version.
42
+# Use DNS to verify virus database version. Freshclam uses DNS TXT records
43
+# to verify database and software versions. We highly recommend enabling
44
+# this option.
45
+# Default: disabled
31 46
 DNSDatabaseInfo current.cvd.clamav.net
32 47
 
33
-# The main database mirror is database.clamav.net (this is a round-robin
34
-# DNS that points to many mirrors on the world) and in most cases you
35
-# SHOULD NOT change it.
48
+# Uncomment the following line and replace XY with your country
49
+# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
50
+# Default: There is no default, which results in an error when running freshclam
51
+#DatabaseMirror db.XY.clamav.net
52
+
53
+# database.clamav.net is a round-robin record which points to our most 
54
+# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is 
55
+# not working. DO NOT TOUCH the following line unless you know what you
56
+# are doing.
36 57
 DatabaseMirror database.clamav.net
37 58
 
38 59
 # How many attempts to make before giving up.
39
-MaxAttempts 3
60
+# Default: 3 (per mirror)
61
+#MaxAttempts 5
40 62
 
41
-# How often check for a new database. We suggest checking for it every
42
-# two hours.
43
-Checks 12
63
+# Number of database checks per day.
64
+# Default: 12 (every two hours)
65
+#Checks 24
44 66
 
45 67
 # Proxy settings
68
+# Default: disabled
46 69
 #HTTPProxyServer myproxy.com
47 70
 #HTTPProxyPort 1234
48 71
 #HTTPProxyUsername myusername
49 72
 #HTTPProxyPassword mypass
50 73
 
51 74
 # Send the RELOAD command to clamd.
52
-#NotifyClamd [/optional/config/file/path]
75
+# Default: disabled
76
+#NotifyClamd
77
+# By default it uses the hardcoded configuration file but you can force an
78
+# another one.
79
+#NotifyClamd /config/file/path
53 80
 
54
-# Run command after database update.
81
+# Run command after successful database update.
82
+# Default: disabled
55 83
 #OnUpdateExecute command
56 84
 
57
-# Run command if database update failed.
85
+# Run command when database update process fails.
86
+# Default: disabled
58 87
 #OnErrorExecute command
... ...
@@ -22,10 +22,6 @@
22 22
 
23 23
 #define VIRUSDBDIR DATADIR
24 24
 
25
-#define MIRROR_CFG "/mirrors.txt"
26
-
27
-#define MIRROR "/mirror"
28
-
29 25
 /* default names */
30 26
 
31 27
 #ifdef CLAMAVUSER
... ...
@@ -40,4 +36,5 @@
40 40
 #define UNPGROUP "clamav"
41 41
 #endif
42 42
 
43
-#define CL_DEFAULT_CHECKS 6
43
+#define CL_DEFAULT_CHECKS 12
44
+#define CL_DEFAULT_MAXATTEMPTS 3
... ...
@@ -352,6 +352,9 @@ int download(const struct cfgstruct *copt, const struct optstruct *opt)
352 352
 
353 353
     if((cpt = cfgopt(copt, "MaxAttempts")))
354 354
 	maxattempts = cpt->numarg;
355
+    else
356
+	maxattempts = CL_DEFAULT_MAXATTEMPTS;
357
+
355 358
 
356 359
     mprintf("*Max retries == %d\n", maxattempts);
357 360
 
... ...
@@ -61,7 +61,7 @@ struct cfgstruct *parsecfg(const char *cfgfile, int messages)
61 61
 	    {"LogFacility", OPT_STR},
62 62
 	    {"PidFile", OPT_STR},
63 63
 	    {"TemporaryDirectory", OPT_STR},
64
-	    {"MaxFileSize", OPT_COMPSIZE},
64
+	    {"DisableDefaultScanOptions", OPT_NOARG},
65 65
 	    {"ScanPE", OPT_NOARG},
66 66
 	    {"DetectBrokenExecutables", OPT_NOARG},
67 67
 	    {"ScanMail", OPT_NOARG},