| 1 | ## |
| 2 | ## Example config file for the Clam AV daemon |
| 3 | ## Please read the clamd.conf(5) manual before editing this file. |
| 4 | ## |
| 5 | |
| 6 | |
| 7 | # Uncomment this option to enable logging. |
| 8 | # LogFile must be writable for the user running daemon. |
| 9 | # A full path is required. |
| 10 | # Default: disabled |
| 11 | LogFile /var/log/clamav/clamd.log |
| 12 | |
| 13 | # By default the log file is locked for writing - the lock protects against |
| 14 | # running clamd multiple times (if want to run another clamd, please |
| 15 | # copy the configuration file, change the LogFile variable, and run |
| 16 | # the daemon with --config-file option). |
| 17 | # This option disables log file locking. |
| 18 | # Default: no |
| 19 | #LogFileUnlock yes |
| 20 | |
| 21 | # Maximal size of the log file. |
| 22 | # Value of 0 disables the limit. |
| 23 | # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) |
| 24 | # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size |
| 25 | # in bytes just don't use modifiers. |
| 26 | # Default: 1M |
| 27 | #LogFileMaxSize 2M |
| 28 | |
| 29 | # Log time with each message. |
| 30 | # Default: no |
| 31 | LogTime yes |
| 32 | |
| 33 | # Also log clean files. Useful in debugging but drastically increases the |
| 34 | # log size. |
| 35 | # Default: no |
| 36 | #LogClean yes |
| 37 | |
| 38 | # Use system logger (can work together with LogFile). |
| 39 | # Default: no |
| 40 | #LogSyslog yes |
| 41 | |
| 42 | # Specify the type of syslog messages - please refer to 'man syslog' |
| 43 | # for facility names. |
| 44 | # Default: LOG_LOCAL6 |
| 45 | #LogFacility LOG_MAIL |
| 46 | |
| 47 | # Enable verbose logging. |
| 48 | # Default: no |
| 49 | #LogVerbose yes |
| 50 | |
| 51 | # This option allows you to save a process identifier of the listening |
| 52 | # daemon (main thread). |
| 53 | # Default: disabled |
| 54 | PidFile /var/run/clamav/clamd.pid |
| 55 | |
| 56 | # Optional path to the global temporary directory. |
| 57 | # Default: system specific (usually /tmp or /var/tmp). |
| 58 | #TemporaryDirectory /var/tmp |
| 59 | |
| 60 | # Path to the database directory. |
| 61 | # Default: hardcoded (depends on installation options) |
| 62 | #DatabaseDirectory /var/lib/clamav |
| 63 | |
| 64 | # The daemon works in a local OR a network mode. Due to security reasons we |
| 65 | # recommend the local mode. |
| 66 | |
| 67 | # Path to a local socket file the daemon will listen on. |
| 68 | # Default: disabled (must be specified by a user) |
| 69 | LocalSocket /var/run/clamav/clamd.sock |
| 70 | |
| 71 | # Remove stale socket after unclean shutdown. |
| 72 | # Default: no |
| 73 | FixStaleSocket yes |
| 74 | |
| 75 | # TCP port address. |
| 76 | # Default: no |
| 77 | #TCPSocket 3310 |
| 78 | |
| 79 | # TCP address. |
| 80 | # By default we bind to INADDR_ANY, probably not wise. |
| 81 | # Enable the following to provide some degree of protection |
| 82 | # from the outside world. |
| 83 | # Default: no |
| 84 | #TCPAddr 127.0.0.1 |
| 85 | |
| 86 | # Maximum length the queue of pending connections may grow to. |
| 87 | # Default: 15 |
| 88 | #MaxConnectionQueueLength 30 |
| 89 | |
| 90 | # Clamd uses FTP-like protocol to receive data from remote clients. |
| 91 | # If you are using clamav-milter to balance load between remote clamd daemons |
| 92 | # on firewall servers you may need to tune the options below. |
| 93 | |
| 94 | # Close the connection when the data size limit is exceeded. |
| 95 | # The value should match your MTA's limit for a maximal attachment size. |
| 96 | # Default: 10M |
| 97 | #StreamMaxLength 20M |
| 98 | |
| 99 | # Limit port range. |
| 100 | # Default: 1024 |
| 101 | #StreamMinPort 30000 |
| 102 | # Default: 2048 |
| 103 | #StreamMaxPort 32000 |
| 104 | |
| 105 | # Maximal number of threads running at the same time. |
| 106 | # Default: 10 |
| 107 | #MaxThreads 20 |
| 108 | |
| 109 | # Waiting for data from a client socket will timeout after this time (seconds). |
| 110 | # Value of 0 disables the timeout. |
| 111 | # Default: 120 |
| 112 | #ReadTimeout 300 |
| 113 | |
| 114 | # Waiting for a new job will timeout after this time (seconds). |
| 115 | # Default: 30 |
| 116 | #IdleTimeout 60 |
| 117 | |
| 118 | # Maximal depth directories are scanned at. |
| 119 | # Default: 15 |
| 120 | #MaxDirectoryRecursion 20 |
| 121 | |
| 122 | # Follow directory symlinks. |
| 123 | # Default: no |
| 124 | #FollowDirectorySymlinks yes |
| 125 | |
| 126 | # Follow regular file symlinks. |
| 127 | # Default: no |
| 128 | #FollowFileSymlinks yes |
| 129 | |
| 130 | # Perform internal sanity check (database integrity and freshness). |
| 131 | # Default: 1800 (30 min) |
| 132 | #SelfCheck 600 |
| 133 | |
| 134 | # Execute a command when virus is found. In the command string %v will |
| 135 | # be replaced by a virus name. |
| 136 | # Default: no |
| 137 | #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" |
| 138 | |
| 139 | # Run as a selected user (clamd must be started by root). |
| 140 | # Default: don't drop privileges |
| 141 | User clamav |
| 142 | |
| 143 | # Initialize supplementary group access (clamd must be started by root). |
| 144 | # Default: no |
| 145 | #AllowSupplementaryGroups no |
| 146 | |
| 147 | # Stop daemon when libclamav reports out of memory condition. |
| 148 | #ExitOnOOM yes |
| 149 | |
| 150 | # Don't fork into background. |
| 151 | # Default: no |
| 152 | #Foreground yes |
| 153 | |
| 154 | # Enable debug messages in libclamav. |
| 155 | # Default: no |
| 156 | #Debug yes |
| 157 | |
| 158 | # Do not remove temporary files (for debug purposes). |
| 159 | # Default: no |
| 160 | #LeaveTemporaryFiles yes |
| 161 | |
| 162 | # In some cases (eg. complex malware, exploits in graphic files, and others), |
| 163 | # ClamAV uses special algorithms to provide accurate detection. This option |
| 164 | # controls the algorithmic detection. |
| 165 | # Default: yes |
| 166 | #AlgorithmicDetection yes |
| 167 | |
| 168 | ## |
| 169 | ## Executable files |
| 170 | ## |
| 171 | |
| 172 | # PE stands for Portable Executable - it's an executable file format used |
| 173 | # in all 32-bit versions of Windows operating systems. This option allows |
| 174 | # ClamAV to perform a deeper analysis of executable files and it's also |
| 175 | # required for decompression of popular executable packers such as UPX, FSG, |
| 176 | # and Petite. |
| 177 | # Default: yes |
| 178 | #ScanPE yes |
| 179 | |
| 180 | # With this option clamav will try to detect broken executables and mark |
| 181 | # them as Broken.Executable |
| 182 | # Default: no |
| 183 | #DetectBrokenExecutables yes |
| 184 | |
| 185 | |
| 186 | ## |
| 187 | ## Documents |
| 188 | ## |
| 189 | |
| 190 | # This option enables scanning of Microsoft Office document macros. |
| 191 | # Default: yes |
| 192 | #ScanOLE2 yes |
| 193 | |
| 194 | ## |
| 195 | ## Mail files |
| 196 | ## |
| 197 | |
| 198 | # Enable internal e-mail scanner. |
| 199 | # Default: yes |
| 200 | #ScanMail yes |
| 201 | |
| 202 | # If an email contains URLs ClamAV can download and scan them. |
| 203 | # WARNING: This option may open your system to a DoS attack. |
| 204 | # Never use it on loaded servers. |
| 205 | # Default: no |
| 206 | #MailFollowURLs no |
| 207 | |
| 208 | # With this option enabled ClamAV will try to detect phishing attempts (using signatures). |
| 209 | # Default: yes |
| 210 | #DetectPhishing yes |
| 211 | |
| 212 | # Use phishing detection for all domains (not just those listed in the .pdb database). |
| 213 | # It is not recommended to turn this option on, it is mean for internal use. |
| 214 | # (available in experimental builds only) |
| 215 | # Default: no |
| 216 | #PhishingStrictURLCheck no |
| 217 | |
| 218 | # Scan urls found in mails for phishing attempts. |
| 219 | # (available in experimental builds only) |
| 220 | # Default: yes |
| 221 | #PhishingScanURLs yes |
| 222 | |
| 223 | ## |
| 224 | ## HTML |
| 225 | ## |
| 226 | |
| 227 | # Perform HTML normalisation and decryption of MS Script Encoder code. |
| 228 | # Default: yes |
| 229 | #ScanHTML yes |
| 230 | |
| 231 | |
| 232 | ## |
| 233 | ## Archives |
| 234 | ## |
| 235 | |
| 236 | # ClamAV can scan within archives and compressed files. |
| 237 | # Default: yes |
| 238 | #ScanArchive yes |
| 239 | |
| 240 | # The options below protect your system against Denial of Service attacks |
| 241 | # using archive bombs. |
| 242 | |
| 243 | # Files in archives larger than this limit won't be scanned. |
| 244 | # Value of 0 disables the limit. |
| 245 | # Default: 10M |
| 246 | #ArchiveMaxFileSize 15M |
| 247 | |
| 248 | # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR |
| 249 | # file, all files within it will also be scanned. This options specifies how |
| 250 | # deep the process should be continued. |
| 251 | # Value of 0 disables the limit. |
| 252 | # Default: 8 |
| 253 | #ArchiveMaxRecursion 10 |
| 254 | |
| 255 | # Number of files to be scanned within an archive. |
| 256 | # Value of 0 disables the limit. |
| 257 | # Default: 1000 |
| 258 | #ArchiveMaxFiles 1500 |
| 259 | |
| 260 | # If a file in an archive is compressed more than ArchiveMaxCompressionRatio |
| 261 | # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip) |
| 262 | # Value of 0 disables the limit. |
| 263 | # Default: 250 |
| 264 | #ArchiveMaxCompressionRatio 300 |
| 265 | |
| 266 | # Use slower but memory efficient decompression algorithm. |
| 267 | # only affects the bzip2 decompressor. |
| 268 | # Default: no |
| 269 | #ArchiveLimitMemoryUsage yes |
| 270 | |
| 271 | # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). |
| 272 | # Default: no |
| 273 | #ArchiveBlockEncrypted no |
| 274 | |
| 275 | # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) |
| 276 | # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is |
| 277 | # reached. |
| 278 | # Default: no |
| 279 | #ArchiveBlockMax no |
| 280 | |
| 281 | # Enable support for Sensory Networks' NodalCore hardware accelerator. |
| 282 | # Default: no |
| 283 | #NodalCoreAcceleration yes |
| 284 | |
| 285 | |
| 286 | ## |
| 287 | ## Clamuko settings |
| 288 | ## WARNING: This is experimental software. It is very likely it will hang |
| 289 | ## up your system!!! |
| 290 | ## |
| 291 | |
| 292 | # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. |
| 293 | # Default: no |
| 294 | #ClamukoScanOnAccess yes |
| 295 | |
| 296 | # Set access mask for Clamuko. |
| 297 | # Default: no |
| 298 | #ClamukoScanOnOpen yes |
| 299 | #ClamukoScanOnClose yes |
| 300 | #ClamukoScanOnExec yes |
| 301 | |
| 302 | # Set the include paths (all files in them will be scanned). You can have |
| 303 | # multiple ClamukoIncludePath directives but each directory must be added |
| 304 | # in a seperate line. |
| 305 | # Default: disabled |
| 306 | #ClamukoIncludePath /home |
| 307 | #ClamukoIncludePath /students |
| 308 | |
| 309 | # Set the exclude paths. All subdirectories are also excluded. |
| 310 | # Default: disabled |
| 311 | #ClamukoExcludePath /home/bofh |
| 312 | |
| 313 | # Don't scan files larger than ClamukoMaxFileSize |
| 314 | # Value of 0 disables the limit. |
| 315 | # Default: 5M |
| 316 | #ClamukoMaxFileSize 10M |