1 ##
2 ## Example config file for the Clam AV daemon
3 ## Please read the clamd.conf(5) manual before editing this file.
4 ##
5
6
7 # Uncomment this option to enable logging.
8 # LogFile must be writable for the user running daemon.
9 # A full path is required.
10 # Default: disabled
11 LogFile /var/log/clamav/clamd.log
12
13 # By default the log file is locked for writing - the lock protects against
14 # running clamd multiple times (if want to run another clamd, please
15 # copy the configuration file, change the LogFile variable, and run
16 # the daemon with --config-file option).
17 # This option disables log file locking.
18 # Default: no
19 #LogFileUnlock yes
20
21 # Maximal size of the log file.
22 # Value of 0 disables the limit.
23 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
24 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
25 # in bytes just don't use modifiers.
26 # Default: 1M
27 #LogFileMaxSize 2M
28
29 # Log time with each message.
30 # Default: no
31 LogTime yes
32
33 # Also log clean files. Useful in debugging but drastically increases the
34 # log size.
35 # Default: no
36 #LogClean yes
37
38 # Use system logger (can work together with LogFile).
39 # Default: no
40 #LogSyslog yes
41
42 # Specify the type of syslog messages - please refer to 'man syslog'
43 # for facility names.
44 # Default: LOG_LOCAL6
45 #LogFacility LOG_MAIL
46
47 # Enable verbose logging.
48 # Default: no
49 #LogVerbose yes
50
51 # This option allows you to save a process identifier of the listening
52 # daemon (main thread).
53 # Default: disabled
54 PidFile /var/run/clamav/clamd.pid
55
56 # Optional path to the global temporary directory.
57 # Default: system specific (usually /tmp or /var/tmp).
58 #TemporaryDirectory /var/tmp
59
60 # Path to the database directory.
61 # Default: hardcoded (depends on installation options)
62 #DatabaseDirectory /var/lib/clamav
63
64 # The daemon works in a local OR a network mode. Due to security reasons we
65 # recommend the local mode.
66
67 # Path to a local socket file the daemon will listen on.
68 # Default: disabled (must be specified by a user)
69 LocalSocket /var/run/clamav/clamd.sock
70
71 # Remove stale socket after unclean shutdown.
72 # Default: no
73 FixStaleSocket yes
74
75 # TCP port address.
76 # Default: no
77 #TCPSocket 3310
78
79 # TCP address.
80 # By default we bind to INADDR_ANY, probably not wise.
81 # Enable the following to provide some degree of protection
82 # from the outside world.
83 # Default: no
84 #TCPAddr 127.0.0.1
85
86 # Maximum length the queue of pending connections may grow to.
87 # Default: 15
88 #MaxConnectionQueueLength 30
89
90 # Clamd uses FTP-like protocol to receive data from remote clients.
91 # If you are using clamav-milter to balance load between remote clamd daemons
92 # on firewall servers you may need to tune the options below.
93
94 # Close the connection when the data size limit is exceeded.
95 # The value should match your MTA's limit for a maximal attachment size.
96 # Default: 10M
97 #StreamMaxLength 20M
98
99 # Limit port range.
100 # Default: 1024
101 #StreamMinPort 30000
102 # Default: 2048
103 #StreamMaxPort 32000
104
105 # Maximal number of threads running at the same time.
106 # Default: 10
107 #MaxThreads 20
108
109 # Waiting for data from a client socket will timeout after this time (seconds).
110 # Value of 0 disables the timeout.
111 # Default: 120
112 #ReadTimeout 300
113
114 # Waiting for a new job will timeout after this time (seconds).
115 # Default: 30
116 #IdleTimeout 60
117
118 # Maximal depth directories are scanned at.
119 # Default: 15
120 #MaxDirectoryRecursion 20
121
122 # Follow directory symlinks.
123 # Default: no
124 #FollowDirectorySymlinks yes
125
126 # Follow regular file symlinks.
127 # Default: no
128 #FollowFileSymlinks yes
129
130 # Perform internal sanity check (database integrity and freshness).
131 # Default: 1800 (30 min)
132 #SelfCheck 600
133
134 # Execute a command when virus is found. In the command string %v will
135 # be replaced by a virus name.
136 # Default: no
137 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
138
139 # Run as a selected user (clamd must be started by root).
140 # Default: don't drop privileges
141 User clamav
142
143 # Initialize supplementary group access (clamd must be started by root).
144 # Default: no
145 #AllowSupplementaryGroups no
146
147 # Stop daemon when libclamav reports out of memory condition.
148 #ExitOnOOM yes
149
150 # Don't fork into background.
151 # Default: no
152 #Foreground yes
153
154 # Enable debug messages in libclamav.
155 # Default: no
156 #Debug yes
157
158 # Do not remove temporary files (for debug purposes).
159 # Default: no
160 #LeaveTemporaryFiles yes
161
162 # In some cases (eg. complex malware, exploits in graphic files, and others),
163 # ClamAV uses special algorithms to provide accurate detection. This option
164 # controls the algorithmic detection.
165 # Default: yes
166 #AlgorithmicDetection yes
167
168 ##
169 ## Executable files
170 ##
171
172 # PE stands for Portable Executable - it's an executable file format used
173 # in all 32-bit versions of Windows operating systems. This option allows
174 # ClamAV to perform a deeper analysis of executable files and it's also
175 # required for decompression of popular executable packers such as UPX, FSG,
176 # and Petite.
177 # Default: yes
178 #ScanPE yes
179
180 # With this option clamav will try to detect broken executables and mark
181 # them as Broken.Executable
182 # Default: no
183 #DetectBrokenExecutables yes
184
185
186 ##
187 ## Documents
188 ##
189
190 # This option enables scanning of Microsoft Office document macros.
191 # Default: yes
192 #ScanOLE2 yes
193
194 ##
195 ## Mail files
196 ##
197
198 # Enable internal e-mail scanner.
199 # Default: yes
200 #ScanMail yes
201
202 # If an email contains URLs ClamAV can download and scan them.
203 # WARNING: This option may open your system to a DoS attack.
204 # Never use it on loaded servers.
205 # Default: no
206 #MailFollowURLs no
207
208 # With this option enabled ClamAV will try to detect phishing attempts (using signatures).
209 # Default: yes
210 #DetectPhishing yes
211
212 # Use phishing detection for all domains (not just those listed in the .pdb database).
213 # It is not recommended to turn this option on, it is mean for internal use.
214 # (available in experimental builds only)
215 # Default: no
216 #PhishingStrictURLCheck no
217
218 # Scan urls found in mails for phishing attempts.
219 # (available in experimental builds only)
220 # Default: yes
221 #PhishingScanURLs yes
222
223 ##
224 ## HTML
225 ##
226
227 # Perform HTML normalisation and decryption of MS Script Encoder code.
228 # Default: yes
229 #ScanHTML yes
230
231
232 ##
233 ## Archives
234 ##
235
236 # ClamAV can scan within archives and compressed files.
237 # Default: yes
238 #ScanArchive yes
239
240 # The options below protect your system against Denial of Service attacks
241 # using archive bombs.
242
243 # Files in archives larger than this limit won't be scanned.
244 # Value of 0 disables the limit.
245 # Default: 10M
246 #ArchiveMaxFileSize 15M
247
248 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
249 # file, all files within it will also be scanned. This options specifies how
250 # deep the process should be continued.
251 # Value of 0 disables the limit.
252 # Default: 8
253 #ArchiveMaxRecursion 10
254
255 # Number of files to be scanned within an archive.
256 # Value of 0 disables the limit.
257 # Default: 1000
258 #ArchiveMaxFiles 1500
259
260 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
261 # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
262 # Value of 0 disables the limit.
263 # Default: 250
264 #ArchiveMaxCompressionRatio 300
265
266 # Use slower but memory efficient decompression algorithm.
267 # only affects the bzip2 decompressor.
268 # Default: no
269 #ArchiveLimitMemoryUsage yes
270
271 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
272 # Default: no
273 #ArchiveBlockEncrypted no
274
275 # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
276 # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
277 # reached.
278 # Default: no
279 #ArchiveBlockMax no
280
281 # Enable support for Sensory Networks' NodalCore hardware accelerator.
282 # Default: no
283 #NodalCoreAcceleration yes
284
285
286 ##
287 ## Clamuko settings
288 ## WARNING: This is experimental software. It is very likely it will hang
289 ## up your system!!!
290 ##
291
292 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
293 # Default: no
294 #ClamukoScanOnAccess yes
295
296 # Set access mask for Clamuko.
297 # Default: no
298 #ClamukoScanOnOpen yes
299 #ClamukoScanOnClose yes
300 #ClamukoScanOnExec yes
301
302 # Set the include paths (all files in them will be scanned). You can have
303 # multiple ClamukoIncludePath directives but each directory must be added
304 # in a seperate line.
305 # Default: disabled
306 #ClamukoIncludePath /home
307 #ClamukoIncludePath /students
308
309 # Set the exclude paths. All subdirectories are also excluded.
310 # Default: disabled
311 #ClamukoExcludePath /home/bofh
312
313 # Don't scan files larger than ClamukoMaxFileSize
314 # Value of 0 disables the limit.
315 # Default: 5M
316 #ClamukoMaxFileSize 10M
|