2 ## Example config file for the Clam AV daemon
3 ## Please read the clamd.conf(5) manual before editing this file.
7 # Uncomment this option to enable logging.
8 # LogFile must be writable for the user running daemon.
9 # A full path is required.
11 LogFile /var/log/clamav/clamd.log
13 # By default the log file is locked for writing - the lock protects against
14 # running clamd multiple times (if want to run another clamd, please
15 # copy the configuration file, change the LogFile variable, and run
16 # the daemon with --config-file option).
17 # This option disables log file locking.
21 # Maximal size of the log file.
22 # Value of 0 disables the limit.
23 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
24 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
25 # in bytes just don't use modifiers.
29 # Log time with each message.
33 # Also log clean files. Useful in debugging but drastically increases the
38 # Use system logger (can work together with LogFile).
42 # Specify the type of syslog messages - please refer to 'man syslog'
47 # Enable verbose logging.
51 # This option allows you to save a process identifier of the listening
52 # daemon (main thread).
54 PidFile /var/run/clamav/clamd.pid
56 # Optional path to the global temporary directory.
57 # Default: system specific (usually /tmp or /var/tmp).
58 #TemporaryDirectory /var/tmp
60 # Path to the database directory.
61 # Default: hardcoded (depends on installation options)
62 #DatabaseDirectory /var/lib/clamav
64 # The daemon works in a local OR a network mode. Due to security reasons we
65 # recommend the local mode.
67 # Path to a local socket file the daemon will listen on.
68 # Default: disabled (must be specified by a user)
69 LocalSocket /var/run/clamav/clamd.sock
71 # Remove stale socket after unclean shutdown.
80 # By default we bind to INADDR_ANY, probably not wise.
81 # Enable the following to provide some degree of protection
82 # from the outside world.
86 # Maximum length the queue of pending connections may grow to.
88 #MaxConnectionQueueLength 30
90 # Clamd uses FTP-like protocol to receive data from remote clients.
91 # If you are using clamav-milter to balance load between remote clamd daemons
92 # on firewall servers you may need to tune the options below.
94 # Close the connection when the data size limit is exceeded.
95 # The value should match your MTA's limit for a maximal attachment size.
105 # Maximal number of threads running at the same time.
109 # Waiting for data from a client socket will timeout after this time (seconds).
110 # Value of 0 disables the timeout.
114 # Waiting for a new job will timeout after this time (seconds).
118 # Maximal depth directories are scanned at.
120 #MaxDirectoryRecursion 20
122 # Follow directory symlinks.
124 #FollowDirectorySymlinks yes
126 # Follow regular file symlinks.
128 #FollowFileSymlinks yes
130 # Perform internal sanity check (database integrity and freshness).
131 # Default: 1800 (30 min)
134 # Execute a command when virus is found. In the command string %v will
135 # be replaced by a virus name.
137 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
139 # Run as a selected user (clamd must be started by root).
140 # Default: don't drop privileges
143 # Initialize supplementary group access (clamd must be started by root).
145 #AllowSupplementaryGroups no
147 # Stop daemon when libclamav reports out of memory condition.
150 # Don't fork into background.
154 # Enable debug messages in libclamav.
158 # Do not remove temporary files (for debug purposes).
160 #LeaveTemporaryFiles yes
162 # In some cases (eg. complex malware, exploits in graphic files, and others),
163 # ClamAV uses special algorithms to provide accurate detection. This option
164 # controls the algorithmic detection.
166 #AlgorithmicDetection yes
172 # PE stands for Portable Executable - it's an executable file format used
173 # in all 32-bit versions of Windows operating systems. This option allows
174 # ClamAV to perform a deeper analysis of executable files and it's also
175 # required for decompression of popular executable packers such as UPX, FSG,
180 # With this option clamav will try to detect broken executables and mark
181 # them as Broken.Executable
183 #DetectBrokenExecutables yes
190 # This option enables scanning of Microsoft Office document macros.
198 # Enable internal e-mail scanner.
202 # If an email contains URLs ClamAV can download and scan them.
203 # WARNING: This option may open your system to a DoS attack.
204 # Never use it on loaded servers.
208 # With this option enabled ClamAV will try to detect phishing attempts (using signatures).
212 # Use phishing detection for all domains (not just those listed in the .pdb database).
213 # It is not recommended to turn this option on, it is mean for internal use.
214 # (available in experimental builds only)
216 #PhishingStrictURLCheck no
218 # Scan urls found in mails for phishing attempts.
219 # (available in experimental builds only)
221 #PhishingScanURLs yes
227 # Perform HTML normalisation and decryption of MS Script Encoder code.
236 # ClamAV can scan within archives and compressed files.
240 # The options below protect your system against Denial of Service attacks
241 # using archive bombs.
243 # Files in archives larger than this limit won't be scanned.
244 # Value of 0 disables the limit.
246 #ArchiveMaxFileSize 15M
248 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
249 # file, all files within it will also be scanned. This options specifies how
250 # deep the process should be continued.
251 # Value of 0 disables the limit.
253 #ArchiveMaxRecursion 10
255 # Number of files to be scanned within an archive.
256 # Value of 0 disables the limit.
258 #ArchiveMaxFiles 1500
260 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
261 # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
262 # Value of 0 disables the limit.
264 #ArchiveMaxCompressionRatio 300
266 # Use slower but memory efficient decompression algorithm.
267 # only affects the bzip2 decompressor.
269 #ArchiveLimitMemoryUsage yes
271 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
273 #ArchiveBlockEncrypted no
275 # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
276 # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
281 # Enable support for Sensory Networks' NodalCore hardware accelerator.
283 #NodalCoreAcceleration yes
288 ## WARNING: This is experimental software. It is very likely it will hang
292 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
294 #ClamukoScanOnAccess yes
296 # Set access mask for Clamuko.
298 #ClamukoScanOnOpen yes
299 #ClamukoScanOnClose yes
300 #ClamukoScanOnExec yes
302 # Set the include paths (all files in them will be scanned). You can have
303 # multiple ClamukoIncludePath directives but each directory must be added
304 # in a seperate line.
306 #ClamukoIncludePath /home
307 #ClamukoIncludePath /students
309 # Set the exclude paths. All subdirectories are also excluded.
311 #ClamukoExcludePath /home/bofh
313 # Don't scan files larger than ClamukoMaxFileSize
314 # Value of 0 disables the limit.
316 #ClamukoMaxFileSize 10M