Rechercher une page de manuel
clamd.conf
Langue: en
Version: 301563 (debian - 07/07/09)
Section: 5 (Format de fichier)
NAME
clamd.conf - Configuration file for Clam AntiVirus Daemon
DESCRIPTION
clamd.conf configures the Clam AntiVirus daemon, clamd(8).
FILE FORMAT
The file consists of comments and options with arguments. Each line which starts with a hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of the form Option Argument. The arguments are of the following types:- BOOL
- Boolean value (yes/no or true/false or 1/0).
- STRING
- String without blank characters.
- SIZE
- Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.
- NUMBER
- Unsigned integer.
DIRECTIVES
When some option is not used (commented out or not included in the configuration file at all) clamd takes a default action.
- Example
- If this option is set clamd will not run.
- LogFile STRING
- Enable logging to selected file.
Default: no - LogFileUnlock BOOL
- Disable a system lock that protects against running clamd with the same configuration file multiple times.
Default: no - LogFileMaxSize SIZE
- Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
Default: 1M - LogTime BOOL
- Log time for each message.
Default: no - LogClean BOOL
- Log clean files.
Default: no - LogSyslog BOOL
- Use system logger (can work together with LogFile).
Default: no - LogFacility STRING
- Specify the type of syslog messages - please refer to 'man syslog' for facility names.
Default: LOG_LOCAL6 - LogVerbose BOOL
- Enable verbose logging.
Default: no - PidFile STRING
- Save the process identifier of a listening daemon (main thread) to a specified file.
Default: no - TemporaryDirectory STRING
- Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp). - DatabaseDirectory STRING
- Path to a directory containing database files.
Default: /var/lib/clamav/ - LocalSocket STRING
- Path to a local (Unix) socket the daemon will listen on.
Default: no - FixStaleSocket BOOL
- Remove stale socket after unclean shutdown.
Default: yes - TCPSocket NUMBER
- TCP port number the daemon will listen on.
Default: no - TCPAddr STRING
- TCP socket address to bind to. By default clamd binds to INADDR_ANY.
Default: no - MaxConnectionQueueLength NUMBER
- Maximum length the queue of pending connections may grow to.
Default: 15 - MaxThreads NUMBER
- Maximum number of threads running at the same time.
Default: 10 - ReadTimeout NUMBER
- Waiting for data from a client socket will timeout after this time (seconds).
Default: 120 - CommandReadTimeout NUMBER
- This option specifies the time (in seconds) after which clamd should timeout if a client doesn't provide any initial command after connecting. Note: the timeout for subsequents commands, and/or data chunks is specified by ReadTimeout.
Default: 5 - SendBufTimeout NUMBER
- This option specifies how long to wait (in miliseconds) if the send buffer is full. Keep this value low to prevent clamd hanging.
Default: 500 - MaxQueue NUMBER
- Maximum number of queued items (including those being processed by MaxThreads threads). It is recommended to have this value at least twice MaxThreads if possible.
WARNING: you shouldn't increase this too much to avoid running out of file descriptors, the following condition should hold: MaxThreads*MaxRecursion + MaxQueue - MaxThreads + 6 < RLIMIT_NOFILE. RLIMIT_NOFILE is the maximum number of open file descriptors (usually 1024), set by ulimit -n.
Default: 100 - IdleTimeout NUMBER
- Waiting for a new job will timeout after this time (seconds).
Default: 30 - ExcludePath REGEX
- Don't scan files and directories matching REGEX. This directive can be used multiple times.
Default: scan all - MaxDirectoryRecursion NUMBER
- Maximum depth directories are scanned at.
Default: 15 - FollowDirectorySymlinks BOOL
- Follow directory symlinks.
Default: no - FollowFileSymlinks BOOL
- Follow regular file symlinks.
Default: no - SelfCheck NUMBER
- Perform a database check.
Default: 1800 - VirusEvent COMMAND
- Execute COMMAND when a virus is found. In the command string %v will be replaced with the virus name.
Default: no - ExitOnOOM BOOL
- Stop daemon when libclamav reports out of memory condition.
Default: no - User STRING
- Run as another user (clamd must be started by root to make this option working).
Default: no - AllowSupplementaryGroups BOOL
- Initialize supplementary group access (clamd must be started by root).
Default: no - Foreground BOOL
- Don't fork into background.
Default: no - Debug BOOL
- Enable debug messages from libclamav.
- LeaveTemporaryFiles BOOL
- Do not remove temporary files (for debug purpose).
Default: no - StreamMaxLength SIZE
- Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximum attachment size.
Default: 10M - StreamMinPort NUMBER
- Limit data port range.
Default: 1024 - StreamMaxPort NUMBER
- Limit data port range.
Default: 2048 - DetectPUA
- Detect Possibly Unwanted Applications.
Default: No - ExcludePUA CATEGORY
- Exclude a specific PUA category. This directive can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA categories.
Default: Load all categories (if DetectPUA is activated) - IncludePUA CATEGORY
- Only include a specific PUA category. This directive can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA categories.
Default: Load all categories (if DetectPUA is activated) - AlgorithmicDetection BOOL
- In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option controls the algorithmic detection.
Default: yes - ScanPE BOOL
- PE stands for Portable Executable - it's an executable file format used in all 32 and 64-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
Default: yes - ScanELF BOOL
- Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning of ELF files.
Default: yes - DetectBrokenExecutables BOOL
- With this option clamd will try to detect broken executables (both PE and ELF) and mark them as Broken.Executable.
Default: no - ScanOLE2 BOOL
- This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.
Default: yes - ScanPDF BOOL
- This option enables scanning within PDF files.
Default: yes - ScanHTML BOOL
- Enables HTML detection and normalisation.
Default: yes - ScanMail BOOL
- Enable scanning of mail files.
Default: yes - MailFollowURLs BOOL
- If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: no - ScanPartialMessages BOOL
- Scan RFC1341 messages split over many emails. You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: no - MailMaxRecursion NUMBER (OBSOLETE)
- WARNING: This option is no longer accepted. See MaxRecursion.
- PhishingSignatures BOOL
- With this option enabled ClamAV will try to detect phishing attempts by using signatures.
Default: yes - PhishingScanURLs BOOL
- Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
Default: yes - PhishingAlwaysBlockSSLMismatch BOOL
- Always block SSL mismatches in URLs, even if the URL isn't in the database. This can lead to false positives.
Default: no - PhishingAlwaysBlockCloak BOOL
- Always block cloaked URLs, even if URL isn't in database. This can lead to false positives.
Default: no - HeuristicScanPrecedence BOOL
- Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phishing it will stop scanning immediately. Recommended, saves CPU scan-time. When disabled, virus/phishing detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phishing, and a real malware, the real malware will be reported. Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config option.
Default: no - StructuredDataDetection BOOL
- Enable the DLP module.
Default: no - StructuredMinCreditCardCount NUMBER
- This option sets the lowest number of Credit Card numbers found in a file to generate a detect.
Default: 3 - StructuredMinSSNCount NUMBER
- This option sets the lowest number of Social Security Numbers found in a file to generate a detect.
Default: 3 - StructuredSSNFormatNormal BOOL
- With this option enabled the DLP module will search for valid SSNs formatted as xxx-yy-zzzz.
Default: Yes - StructuredSSNFormatStripped BOOL
- With this option enabled the DLP module will search for valid SSNs formatted as xxxyyzzzz.
Default: No - ScanArchive BOOL
- Enable archive scanning.
Default: yes - ArchiveMaxFileSize (OBSOLETE)
- WARNING: This option is no longer accepted. See MaxFileSize and MaxScanSize.
- ArchiveMaxRecursion (OBSOLETE)
- WARNING: This option is no longer accepted. See MaxRecursion.
- ArchiveMaxFiles (OBSOLETE)
- WARNING: This option is no longer accepted. See MaxFiles.
- ArchiveMaxCompressionRatio (OBSOLETE)
- WARNING: This option is no longer accepted.
- ArchiveBlockMax (OBSOLETE)
- WARNING: This option is no longer accepted.
- ArchiveLimitMemoryUsage BOOL
- Use slower decompression algorithm which uses less memory. This option only affects the bzip2 decompressor.
Default: no - ArchiveBlockEncrypted BOOL
- Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
Default: no - MaxScanSize SIZE
- Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 100M - MaxFileSize SIZE
- Files larger than this limit won't be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container). Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 25M - MaxRecursion NUMBER
- Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 16 - MaxFiles NUMBER
- Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 10000 - ClamukoScanOnAccess BOOL
- Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
Default: no - ClamukoScanOnOpen BOOL
- Scan files on open.
Default: no - ClamukoScanOnClose BOOL
- Scan files on close.
Default: no. - ClamukoScanOnExec BOOL
- Scan files on execute.
Default: no - ClamukoIncludePath STRING
- Set the include paths (all files and directories inside them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
Default: no - ClamukoExcludePath STRING
- Set the exclude paths. All subdirectories will also be excluded.
Default: no - ClamukoMaxFileSize SIZE
- Ignore files larger than SIZE.
Default: 5M
NOTES
All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum.
FILES
/etc/clamav/clamd.conf
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamd(8), clamdscan(1), clamav-milter(8), clamscan(1), freshclam(1), sigtool(1)
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre