clamav/clamd.conf

   1 ##
   2 ## Example config file for the Clam AV daemon
   3 ## Please read the clamd.conf(5) manual before editing this file.
   4 ##
   5
   6
   7 # Uncomment this option to enable logging.
   8 # LogFile must be writable for the user running daemon.
   9 # A full path is required.
  10 # Default: disabled
  11 LogFile /var/log/clamav/clamd.log
  12
  13 # By default the log file is locked for writing - the lock protects against
  14 # running clamd multiple times (if want to run another clamd, please
  15 # copy the configuration file, change the LogFile variable, and run
  16 # the daemon with --config-file option).
  17 # This option disables log file locking.
  18 # Default: no
  19 #LogFileUnlock yes
  20
  21 # Maximal size of the log file.
  22 # Value of 0 disables the limit.
  23 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  24 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  25 # in bytes just don't use modifiers.
  26 # Default: 1M
  27 #LogFileMaxSize 2M
  28
  29 # Log time with each message.
  30 # Default: no
  31 LogTime yes
  32
  33 # Also log clean files. Useful in debugging but drastically increases the
  34 # log size.
  35 # Default: no
  36 #LogClean yes
  37
  38 # Use system logger (can work together with LogFile).
  39 # Default: no
  40 #LogSyslog yes
  41
  42 # Specify the type of syslog messages - please refer to 'man syslog'
  43 # for facility names.
  44 # Default: LOG_LOCAL6
  45 #LogFacility LOG_MAIL
  46
  47 # Enable verbose logging.
  48 # Default: no
  49 #LogVerbose yes
  50
  51 # This option allows you to save a process identifier of the listening
  52 # daemon (main thread).
  53 # Default: disabled
  54 PidFile /var/run/clamav/clamd.pid
  55
  56 # Optional path to the global temporary directory.
  57 # Default: system specific (usually /tmp or /var/tmp).
  58 #TemporaryDirectory /var/tmp
  59
  60 # Path to the database directory.
  61 # Default: hardcoded (depends on installation options)
  62 #DatabaseDirectory /var/lib/clamav
  63
  64 # The daemon works in a local OR a network mode. Due to security reasons we
  65 # recommend the local mode.
  66
  67 # Path to a local socket file the daemon will listen on.
  68 # Default: disabled (must be specified by a user)
  69 LocalSocket /var/run/clamav/clamd.sock
  70
  71 # Remove stale socket after unclean shutdown.
  72 # Default: no
  73 FixStaleSocket yes
  74
  75 # TCP port address.
  76 # Default: no
  77 #TCPSocket 3310
  78
  79 # TCP address.
  80 # By default we bind to INADDR_ANY, probably not wise.
  81 # Enable the following to provide some degree of protection
  82 # from the outside world.
  83 # Default: no
  84 #TCPAddr 127.0.0.1
  85
  86 # Maximum length the queue of pending connections may grow to.
  87 # Default: 15
  88 #MaxConnectionQueueLength 30
  89
  90 # Clamd uses FTP-like protocol to receive data from remote clients.
  91 # If you are using clamav-milter to balance load between remote clamd daemons
  92 # on firewall servers you may need to tune the options below.
  93
  94 # Close the connection when the data size limit is exceeded.
  95 # The value should match your MTA's limit for a maximal attachment size.
  96 # Default: 10M
  97 #StreamMaxLength 20M
  98
  99 # Limit port range.
 100 # Default: 1024
 101 #StreamMinPort 30000
 102 # Default: 2048
 103 #StreamMaxPort 32000
 104
 105 # Maximal number of threads running at the same time.
 106 # Default: 10
 107 #MaxThreads 20
 108
 109 # Waiting for data from a client socket will timeout after this time (seconds).
 110 # Value of 0 disables the timeout.
 111 # Default: 120
 112 #ReadTimeout 300
 113
 114 # Waiting for a new job will timeout after this time (seconds).
 115 # Default: 30
 116 #IdleTimeout 60
 117
 118 # Maximal depth directories are scanned at.
 119 # Default: 15
 120 #MaxDirectoryRecursion 20
 121
 122 # Follow directory symlinks.
 123 # Default: no
 124 #FollowDirectorySymlinks yes
 125
 126 # Follow regular file symlinks.
 127 # Default: no
 128 #FollowFileSymlinks yes
 129
 130 # Perform internal sanity check (database integrity and freshness).
 131 # Default: 1800 (30 min)
 132 #SelfCheck 600
 133
 134 # Execute a command when virus is found. In the command string %v will
 135 # be replaced by a virus name.
 136 # Default: no
 137 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
 138
 139 # Run as a selected user (clamd must be started by root).
 140 # Default: don't drop privileges
 141 User clamav
 142
 143 # Initialize supplementary group access (clamd must be started by root).
 144 # Default: no
 145 #AllowSupplementaryGroups no
 146
 147 # Stop daemon when libclamav reports out of memory condition.
 148 #ExitOnOOM yes
 149
 150 # Don't fork into background.
 151 # Default: no
 152 #Foreground yes
 153
 154 # Enable debug messages in libclamav.
 155 # Default: no
 156 #Debug yes
 157
 158 # Do not remove temporary files (for debug purposes).
 159 # Default: no
 160 #LeaveTemporaryFiles yes
 161
 162 # In some cases (eg. complex malware, exploits in graphic files, and others),
 163 # ClamAV uses special algorithms to provide accurate detection. This option
 164 # controls the algorithmic detection.
 165 # Default: yes
 166 #AlgorithmicDetection yes
 167
 168 ##
 169 ## Executable files
 170 ##
 171
 172 # PE stands for Portable Executable - it's an executable file format used
 173 # in all 32-bit versions of Windows operating systems. This option allows
 174 # ClamAV to perform a deeper analysis of executable files and it's also
 175 # required for decompression of popular executable packers such as UPX, FSG,
 176 # and Petite.
 177 # Default: yes
 178 #ScanPE yes
 179
 180 # With this option clamav will try to detect broken executables and mark
 181 # them as Broken.Executable
 182 # Default: no
 183 #DetectBrokenExecutables yes
 184
 185
 186 ##
 187 ## Documents
 188 ##
 189
 190 # This option enables scanning of Microsoft Office document macros.
 191 # Default: yes
 192 #ScanOLE2 yes
 193
 194 ##
 195 ## Mail files
 196 ##
 197
 198 # Enable internal e-mail scanner.
 199 # Default: yes
 200 #ScanMail yes
 201
 202 # If an email contains URLs ClamAV can download and scan them.
 203 # WARNING: This option may open your system to a DoS attack.
 204 #          Never use it on loaded servers.
 205 # Default: no
 206 #MailFollowURLs no
 207
 208 # With this option enabled ClamAV will try to detect phishing attempts (using signatures).
 209 # Default: yes
 210 #DetectPhishing yes
 211
 212 # Use phishing detection for all domains (not just those listed in the .pdb database).
 213 # It is not recommended to turn this option on, it is mean for internal use.
 214 # (available in experimental builds only)
 215 # Default: no
 216 #PhishingStrictURLCheck no
 217
 218 # Scan urls found in mails for phishing attempts.
 219 # (available in experimental builds only)
 220 # Default: yes
 221 #PhishingScanURLs yes
 222
 223 ##
 224 ## HTML
 225 ##
 226
 227 # Perform HTML normalisation and decryption of MS Script Encoder code.
 228 # Default: yes
 229 #ScanHTML yes
 230
 231
 232 ##
 233 ## Archives
 234 ##
 235
 236 # ClamAV can scan within archives and compressed files.
 237 # Default: yes
 238 #ScanArchive yes
 239
 240 # The options below protect your system against Denial of Service attacks
 241 # using archive bombs.
 242
 243 # Files in archives larger than this limit won't be scanned.
 244 # Value of 0 disables the limit.
 245 # Default: 10M
 246 #ArchiveMaxFileSize 15M
 247
 248 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 249 # file, all files within it will also be scanned. This options specifies how
 250 # deep the process should be continued.
 251 # Value of 0 disables the limit.
 252 # Default: 8
 253 #ArchiveMaxRecursion 10
 254
 255 # Number of files to be scanned within an archive.
 256 # Value of 0 disables the limit.
 257 # Default: 1000
 258 #ArchiveMaxFiles 1500
 259
 260 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
 261 # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
 262 # Value of 0 disables the limit.
 263 # Default: 250
 264 #ArchiveMaxCompressionRatio 300
 265
 266 # Use slower but memory efficient decompression algorithm.
 267 # only affects the bzip2 decompressor.
 268 # Default: no
 269 #ArchiveLimitMemoryUsage yes
 270
 271 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
 272 # Default: no
 273 #ArchiveBlockEncrypted no
 274
 275 # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
 276 # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
 277 # reached.
 278 # Default: no
 279 #ArchiveBlockMax no
 280
 281 # Enable support for Sensory Networks' NodalCore hardware accelerator.
 282 # Default: no
 283 #NodalCoreAcceleration yes
 284
 285
 286 ##
 287 ## Clamuko settings
 288 ## WARNING: This is experimental software. It is very likely it will hang
 289 ##          up your system!!!
 290 ##
 291
 292 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
 293 # Default: no
 294 #ClamukoScanOnAccess yes
 295
 296 # Set access mask for Clamuko.
 297 # Default: no
 298 #ClamukoScanOnOpen yes
 299 #ClamukoScanOnClose yes
 300 #ClamukoScanOnExec yes
 301
 302 # Set the include paths (all files in them will be scanned). You can have
 303 # multiple ClamukoIncludePath directives but each directory must be added
 304 # in a seperate line.
 305 # Default: disabled
 306 #ClamukoIncludePath /home
 307 #ClamukoIncludePath /students
 308
 309 # Set the exclude paths. All subdirectories are also excluded.
 310 # Default: disabled
 311 #ClamukoExcludePath /home/bofh
 312
 313 # Don't scan files larger than ClamukoMaxFileSize
 314 # Value of 0 disables the limit.
 315 # Default: 5M
 316 #ClamukoMaxFileSize 10M