clamd.conf man page on Pidora

Man page or keyword search:  
man Server   31170 pages
apropos Keyword Search (all sections)
Output format
Pidora logo
[printable version]

clamd.conf(5)			Clam AntiVirus			 clamd.conf(5)

NAME
       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION
       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT
       The  file  consists  of	comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers	for  megabytes
	      and 'K' or 'k' for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES
       When some option is not used (commented out or not included in the con‐
       figuration file at all) clamd takes a default action.

       Example
	      If this option is set clamd will not run.

       LogFile STRING
	      Enable logging to selected file.
	      Default: no

       LogFileUnlock BOOL
	      Disable a system lock that protects against running  clamd  with
	      the same configuration file multiple times.
	      Default: no

       LogFileMaxSize SIZE
	      Limit the size of the log file. The logger will be automatically
	      disabled if the file is greater than SIZE. Value of  0  disables
	      the limit.
	      Default: 1M

       LogTime BOOL
	      Log time for each message.
	      Default: no

       LogClean BOOL
	      Log clean files.
	      Default: no

       LogSyslog BOOL
	      Use system logger (can work together with LogFile).
	      Default: no

       LogFacility STRING
	      Specify  the type of syslog messages - please refer to 'man sys‐
	      log' for facility names.
	      Default: LOG_LOCAL6

       LogVerbose BOOL
	      Enable verbose logging.
	      Default: no

       ExtendedDetectionInfo BOOL
	      Log additional information about the infected file, such as  its
	      size and hash, together with the virus name.
	      Default: no

       PidFile STRING
	      Save  the process identifier of a listening daemon (main thread)
	      to a specified file.
	      Default: no

       TemporaryDirectory STRING
	      Optional path to the global temporary directory.
	      Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
	      Path to a directory containing database files.

       OfficialDatabaseOnly BOOL
	      Only load	 the  official	signatures  published  by  the	ClamAV
	      project.
	      Default: no

       LocalSocket STRING
	      Path to a local (Unix) socket the daemon will listen on.
	      Default: no

       LocalSocketGroup STRING
	      Sets the group ownership on the unix socket.
	      Default: the primary group of the user running clamd

       LocalSocketMode STRING
	      Sets the permissions on the unix socket to the specified mode.
	      Default: socket is world readable and writable

       FixStaleSocket BOOL
	      Remove stale socket after unclean shutdown.
	      Default: yes

       TCPSocket NUMBER
	      TCP port number the daemon will listen on.
	      Default: no

       TCPAddr STRING
	      TCP  socket  address  to	bind  to.  By  default	clamd binds to
	      INADDR_ANY.
	      Default: no

       MaxConnectionQueueLength NUMBER
	      Maximum length the queue of pending connections may grow to.
	      Default: 200

       MaxThreads NUMBER
	      Maximum number of threads running at the same time.
	      Default: 10

       ReadTimeout NUMBER
	      Waiting for data from a client socket will  timeout  after  this
	      time (seconds).
	      Default: 120

       CommandReadTimeout NUMBER
	      This  option  specifies  the time (in seconds) after which clamd
	      should timeout if a client doesn't provide any  initial  command
	      after  connecting.   Note: the timeout for subsequents commands,
	      and/or data chunks is specified by ReadTimeout.
	      Default: 5

       SendBufTimeout NUMBER
	      This option specifies how long to wait (in milliseconds) if  the
	      send buffer is full.  Keep this value low to prevent clamd hang‐
	      ing.
	      Default: 500

       MaxQueue NUMBER
	      Maximum number of queued items (including those being  processed
	      by MaxThreads threads).  It is recommended to have this value at
	      least twice MaxThreads if possible.
	      WARNING: you shouldn't increase this too much to	avoid  running
	      out  of  file  descriptors, the following condition should hold:
	      MaxThreads*MaxRecursion  +  MaxQueue  -	MaxThreads   +	 6   <
	      RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
	      descriptors (usually 1024), set by ulimit -n.
	      Default: 100

       IdleTimeout NUMBER
	      Waiting for a new job will timeout after this time (seconds).
	      Default: 30

       ExcludePath REGEX
	      Don't scan files and directories matching REGEX. This  directive
	      can be used multiple times.
	      Default: scan all

       MaxDirectoryRecursion NUMBER
	      Maximum depth directories are scanned at.
	      Default: 15

       FollowDirectorySymlinks BOOL
	      Follow directory symlinks.
	      Default: no

       CrossFilesystems BOOL
	      Scan files and directories on other filesystems.
	      Default: yes

       FollowFileSymlinks BOOL
	      Follow regular file symlinks.
	      Default: no

       SelfCheck NUMBER
	      Perform a database check.
	      Default: 1800

       VirusEvent COMMAND
	      Execute  COMMAND when a virus is found. In the command string %v
	      will be replaced with the virus name.
	      Default: no

       ExitOnOOM BOOL
	      Stop daemon when libclamav reports out of memory condition.
	      Default: no

       User STRING
	      Run as another user (clamd must be started by root to make  this
	      option working).
	      Default: no

       AllowSupplementaryGroups BOOL
	      Initialize  supplementary group access (clamd must be started by
	      root).
	      Default: no

       Foreground BOOL
	      Don't fork into background.
	      Default: no

       Debug BOOL
	      Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
	      Do not remove temporary files (for debug purpose).
	      Default: no

       StreamMaxLength SIZE
	      Clamd  uses  FTP-like  protocol  to  receive  data  from	remote
	      clients.	If you are using clamav-milter to balance load between
	      remote clamd daemons on firewall servers you may	need  to  tune
	      the Stream* options. This option allows you to specify the upper
	      limit for data size that will be	transfered  to	remote	daemon
	      when  scanning  a	 single file. It should match your MTA's limit
	      for a maximum attachment size.
	      Default: 10M

       StreamMinPort NUMBER
	      Limit data port range.
	      Default: 1024

       StreamMaxPort NUMBER
	      Limit data port range.
	      Default: 2048

       Bytecode BOOL
	      With this option enabled ClamAV  will  load  bytecode  from  the
	      database.	 It  is highly recommended you keep this option turned
	      on, otherwise you may miss detections for many new viruses.
	      Default: yes

       BytecodeSecurity STRING
	      Set bytecode security level. Possible values: TrustSigned: trust
	      bytecode	loaded	from  signed  .c[lv]d files and insert runtime
	      safety checks for bytecode loaded from other sources,  Paranoid:
	      don't  trust  any	 bytecode,  insert runtime checks for all. The
	      recommended setting is TrustSigned,  because  bytecode  in  .cvd
	      files already has safety checks inserted into it.
	      Default: TrustSigned

       BytecodeUnsigned BOOL
	      Allow  loading  bytecode	from  outside digitally signed .c[lv]d
	      files.
	      Default: no

       BytecodeTimeout NUMBER
	      Set bytecode timeout in milliseconds.
	      Default: 5000

       DetectPUA BOOL
	      Detect Possibly Unwanted Applications.
	      Default: No

       ExcludePUA CATEGORY
	      Exclude a specific PUA category. This directive can be used mul‐
	      tiple  times. See http://www.clamav.net/support/pua for the com‐
	      plete list of PUA categories.
	      Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
	      Only include a specific PUA category. This directive can be used
	      multiple	times.	See  http://www.clamav.net/support/pua for the
	      complete list of PUA categories.
	      Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
	      In some cases (eg. complex malware, exploits in  graphic	files,
	      and  others), ClamAV uses special algorithms to provide accurate
	      detection. This option controls the algorithmic detection.
	      Default: yes

       ScanPE BOOL
	      PE stands for Portable Executable - it's an executable file for‐
	      mat used in all 32 and 64-bit versions of Windows operating sys‐
	      tems. This option allows ClamAV to perform a deeper analysis  of
	      executable  files	 and  it's  also required for decompression of
	      popular executable packers such as UPX.
	      Default: yes

       ScanELF BOOL
	      Executable and Linking Format is a standard format for UN*X exe‐
	      cutables.	 This option allows you to control the scanning of ELF
	      files.
	      Default: yes

       DetectBrokenExecutables BOOL
	      With this option clamd will try  to  detect  broken  executables
	      (both PE and ELF) and mark them as Broken.Executable.
	      Default: no

       ScanOLE2 BOOL
	      This  option  enables  scanning of OLE2 files, such as Microsoft
	      Office documents and .msi files.
	      Default: yes

       OLE2BlockMacros BOOL
	      With this option enabled OLE2 files with VBA macros, which  were
	      not   detected   by   signatures	will  be  marked  as  "Heuris‐
	      tics.OLE2.ContainsMacros".
	      Default: no

       ScanPDF BOOL
	      This option enables scanning within PDF files.
	      Default: yes

       ScanHTML BOOL
	      Enables HTML detection and normalisation.
	      Default: yes

       ScanMail BOOL
	      Enable scanning of mail files.
	      Default: yes

       ScanPartialMessages BOOL
	      Scan RFC1341 messages split over many emails. You will  need  to
	      periodically  clean up $TemporaryDirectory/clamav-partial direc‐
	      tory. WARNING: This option may open your system to a DoS attack.
	      Never use it on loaded servers.
	      Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
	      With  this  option  enabled  ClamAV  will try to detect phishing
	      attempts by using signatures.
	      Default: yes

       PhishingScanURLs BOOL
	      Scan URLs found in mails for phishing attempts using heuristics.
	      This will classify "Possibly Unwanted" phishing emails as Phish‐
	      ing.Heuristics.Email.*
	      Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
	      Always block SSL mismatches in URLs, even if the	URL  isn't  in
	      the database. This can lead to false positives.
	      Default: no

       PhishingAlwaysBlockCloak BOOL
	      Always  block  cloaked URLs, even if URL isn't in database. This
	      can lead to false positives.
	      Default: no

       HeuristicScanPrecedence BOOL
	      Allow heuristic match to take precedence.	 When  enabled,	 if  a
	      heuristic	  scan	(such  as  phishingScan)  detects  a  possible
	      virus/phishing it will stop scanning  immediately.  Recommended,
	      saves  CPU  scan-time. When disabled, virus/phishing detected by
	      heuristic scans will be reported only at the end of a  scan.  If
	      an  archive  contains both a heuristically detected virus/phish‐
	      ing, and a real malware, the real malware will be reported. Keep
	      this  disabled  if you intend to handle "*.Heuristics.*" viruses
	      differently from "real" malware. If a non-heuristically-detected
	      virus  (signature-based) is found first, the scan is interrupted
	      immediately, regardless of this config option.
	      Default: no

       StructuredDataDetection BOOL
	      Enable the DLP module.
	      Default: no

       StructuredMinCreditCardCount NUMBER
	      This option sets the lowest number of Credit Card numbers	 found
	      in a file to generate a detect.
	      Default: 3

       StructuredMinSSNCount NUMBER
	      This  option  sets  the lowest number of Social Security Numbers
	      found in a file to generate a detect.
	      Default: 3

       StructuredSSNFormatNormal BOOL
	      With this option enabled the DLP module will  search  for	 valid
	      SSNs formatted as xxx-yy-zzzz.
	      Default: Yes

       StructuredSSNFormatStripped BOOL
	      With  this  option  enabled the DLP module will search for valid
	      SSNs formatted as xxxyyzzzz.
	      Default: No

       ScanArchive BOOL
	      Enable archive scanning.
	      Default: yes

       ArchiveMaxFileSize (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxFileSize  and
	      MaxScanSize.

       ArchiveMaxRecursion (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
	      WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
	      WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage (OBSOLETE)
	      WARNING: This option is no longer accepted.
	      Default: no

       ArchiveBlockEncrypted BOOL
	      Mark    encrypted	   archives    as    viruses   (Encrypted.Zip,
	      Encrypted.RAR).
	      Default: no

       MaxScanSize SIZE
	      Sets the maximum amount of data to be  scanned  for  each	 input
	      file.  Archives  and  other containers are recursively extracted
	      and scanned up to this value. Warning: disabling this  limit  or
	      setting it too high may result in severe damage to the system.
	      Default: 100M

       MaxFileSize SIZE
	      Files larger than this limit won't be scanned. Affects the input
	      file itself as well as files contained inside it (when the input
	      file is an archive, a document or some other kind of container).
	      Warning: disabling this limit or setting it too high may	result
	      in severe damage to the system.
	      Default: 25M

       MaxRecursion NUMBER
	      Nested  archives	are scanned recursively, e.g. if a Zip archive
	      contains a RAR file, all files within it will also  be  scanned.
	      This  options specifies how deeply the process should be contin‐
	      ued. Warning: setting this limit too high may result  in	severe
	      damage to the system.
	      Default: 16

       MaxFiles NUMBER
	      Number  of files to be scanned within an archive, a document, or
	      any other kind of container. Warning: disabling  this  limit  or
	      setting it too high may result in severe damage to the system.
	      Default: 10000

       ClamukoScanOnAccess BOOL
	      Enable Clamuko. Dazuko (/dev/dazuko) must be configured and run‐
	      ning.
	      Default: no

       ClamukoScannerCount NUMBER
	      The number of scanner threads that  will	be  started  (DazukoFS
	      only).  Having  multiple scanner threads allows Clamuko to serve
	      multiple processes simultaneously. This is particularly  benefi‐
	      cial on SMP machines.
	      Default: 3

       ClamukoScanOnOpen BOOL
	      Scan files on open.
	      Default: no

       ClamukoScanOnClose BOOL
	      Scan files on close.
	      Default: no.

       ClamukoScanOnExec BOOL
	      Scan files on execute.
	      Default: no

       ClamukoIncludePath STRING
	      Set  the	include	 paths	(all files and directories inside them
	      will be  scanned).  You  can  have  multiple  ClamukoIncludePath
	      directives but each directory must be added in a separate line).
	      Default: no

       ClamukoExcludePath STRING
	      Set the exclude paths. All subdirectories will also be excluded.
	      Default:	no  ClamukoExcludeUID  NUMBER With this option you can
	      whitelist specific UIDs. Processes with these UIDs will be  able
	      to access all files. This option can be used multiple times (one
	      per line).
	      Default: no

       ClamukoMaxFileSize SIZE
	      Ignore files larger than SIZE.
	      Default: 5M

NOTES
       All options expressing a size are limited to max 4GB. Values in	excess
       will be resetted to the maximum.

FILES
       /etc/clamd.conf

AUTHOR
       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO
       clamd(8),    clamdscan(1),   clamav-milter(8),	freshclam(1),	fresh‐
       clam.conf(5)

ClamAV 0.97.6		       February 12, 2007		 clamd.conf(5)
[top]

List of man pages available for Pidora

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net