Index of Section 5 Manual Pages
| Interix / SUA | clamd.conf.5 | Interix / SUA |
clamd.conf(5) Clam AntiVirus clamd.conf(5)
NAME
clamd.conf - Configuration file for Clam AntiVirus Daemon
DESCRIPTION
clamd.conf configures the Clam AntiVirus daemon, clamd(8).
FILE FORMAT
The file consists of comments and options with arguments.
Each line which starts with a hash (#) symbol is ignored
by the parser. Options and arguments are case sensitive
and of the form Option Argument. The arguments are of the
following types:
BOOL Boolean value (yes/no or true/false or 1/0).
STRING String without blank characters.
SIZE Size in bytes. You can use 'M' or 'm' modifiers for
megabytes and 'K' or 'k' for kilobytes.
NUMBER Unsigned integer.
DIRECTIVES
When some option is not used (commented out or not
included in the configuration file at all) clamd takes a
default action.
Example
If this option is set clamd will not run.
LogFile STRING
Enable logging to selected file.
Default: no
LogFileUnlock BOOL
Disable a system lock that protects against running
clamd with a same configuration file multiple
times.
Default: no
LogFileMaxSize SIZE
Limit the size of a log file. The logger will be
automatically disabled if the file is greater than
SIZE. Value of 0 disables the limit.
Default: 1M
LogTime BOOL
Log time for each message.
Default: no
LogClean BOOL
Log clean files.
Default: no
LogSyslog BOOL
Use system logger (can work together with LogFile).
Default: no
LogFacility STRING
Specify the type of syslog messages - please refer
to 'man syslog' for facility names.
Default: LOG_LOCAL6
LogVerbose BOOL
Enable verbose logging.
Default: no
PidFile STRING
Save the process identifier of a listening daemon
(main thread) to a specified file.
Default: no
TemporaryDirectory STRING
Optional path to the global temporary directory.
Default: system specific (usually /tmp or
/var/tmp).
DatabaseDirectory STRING
Path to a directory containing database files.
Default: /usr/local/share/clamav
LocalSocket STRING
Path to a local (Unix) socket the daemon will lis-
ten on.
Default: no
FixStaleSocket BOOL
Remove stale socket after unclean shutdown.
Default: no
TCPSocket NUMBER
TCP port number the daemon will listen on.
Default: no
TCPAddr STRING
TCP socket address to bind to. By default clamd
binds to INADDR_ANY.
Default: no
MaxConnectionQueueLength NUMBER
Maximum length the queue of pending connections may
grow to.
Default: 15
MaxThreads NUMBER
Maximum number of threads running at the same time.
Default: 10
ReadTimeout NUMBER
Waiting for data from a client socket will timeout
after this time (seconds).
Default: 120
IdleTimeout NUMBER
Waiting for a new job will timeout after this time
(seconds).
Default: 30
MaxDirectoryRecursion NUMBER
Maximum depth directories are scanned at.
Default: 15
FollowDirectorySymlinks BOOL
Follow directory symlinks.
Default: no
FollowFileSymlinks BOOL
Follow regular file symlinks.
Default: no
SelfCheck NUMBER
Perform a database check.
Default: 1800
VirusEvent COMMAND
Execute COMMAND when a virus is found. In the com-
mand string %v will be replaced with the virus
name.
Default: no
ExitOnOOM BOOL
Stop daemon when libclamav reports out of memory
condition.
Default: no
User STRING
Run as another user (clamd must be started by root
to make this option working).
Default: no
AllowSupplementaryGroups BOOL
Initialize supplementary group access (clamd must
be started by root).
Default: no
Foreground BOOL
Don't fork into background.
Default: no
Debug BOOL
Enable debug messages from libclamav.
LeaveTemporaryFiles BOOL
Do not remove temporary files (for debug purpose).
Default: no
StreamMaxLength SIZE
Clamd uses FTP-like protocol to receive data from
remote clients. If you are using clamav-milter to
balance load between remote clamd daemons on fire-
wall servers you may need to tune the Stream*
options. This option allows you to specify the
upper limit for data size that will be transfered
to remote daemon when scanning a single file. It
should match your MTA's limit for a maximum attach-
ment size.
Default: 10M
StreamMinPort NUMBER
Limit data port range.
Default: 1024
StreamMaxPort NUMBER
Limit data port range.
Default: 2048
AlgorithmicDetection BOOL
In some cases (eg. complex malware, exploits in
graphic files, and others), ClamAV uses special
algorithms to provide accurate detection. This
option controls the algorithmic detection.
Default: yes
ScanPE BOOL
PE stands for Portable Executable - it's an exe-
cutable file format used in all 32 and 64-bit ver-
sions of Windows operating systems. This option
allows ClamAV to perform a deeper analysis of exe-
cutable files and it's also required for decompres-
sion of popular executable packers such as UPX.
Default: yes
ScanELF BOOL
Executable and Linking Format is a standard format
for UN*X executables. This option allows you to
control the scanning of ELF files.
Default: yes
DetectBrokenExecutables BOOL
With this option clamd will try to detect broken
executables (both PE and ELF) and mark them as Bro-
ken.Executable.
Default: no
ScanOLE2 BOOL
This option enables scanning of OLE2 files, such as
Microsoft Office documents and .msi files.
Default: yes
ScanPDF BOOL
This option enables scanning within PDF files.
Default: no
ScanHTML BOOL
Enables HTML detection and normalisation.
Default: yes
ScanMail BOOL
Enable scanning of mail files.
Default: yes
MailFollowURLs BOOL
If an email contains URLs ClamAV can download and
scan them. WARNING: This option may open your sys-
tem to a DoS attack. Never use it on loaded
servers.
Default: no
MailMaxRecursion NUMBER
Recursion level limit for the mail scanner.
Default: 64
PhishingSignatures BOOL
With this option enabled ClamAV will try to detect
phishing attempts by using signatures.
Default: yes
PhishingScanURLs BOOL
Scan URLs in mails for phishing attempts (available
in experimental builds only).
Default: yes
PhishingRestrictedScan BOOL
Use phishing detection only for domains listed in
the .pdb database. It is not recommended to have
this option turned off, because scanning of all
domains may lead to many false positives! (avail-
able in experimental builds only)
Default: no
PhishingAlwaysBlockSSLMismatch BOOL
Always block SSL mismatches in URLs, even if the
URL isn't in the database. This can lead to false
positives. (available in experimental builds only)
Default: no
PhishingAlwaysBlockCloak BOOL
Always block cloaked URLs, even if URL isn't in
database. There is a remote possibility, that this
will lead to false positives. (available in experi-
mental builds only)
Default: no
ScanArchive BOOL
Enable archive scanning.
Default: yes
ArchiveMaxFileSize SIZE
Files in archives larger than this limit won't be
scanned. Value of 0 disables the limit.
Default: 10M
ArchiveMaxRecursion NUMBER
Limit archive recursion level. Value of 0 disables
the limit.
Default: 8
ArchiveMaxFiles NUMBER
Number of files to be scanned within an archive.
Value of 0 disables the limit.
Default: 1000
ArchiveMaxCompressionRatio NUMBER
Analyze compression ratio of every file in an
archive and mark potential archive bombs as viruses
(0 disables the limit).
Default: 250
ArchiveLimitMemoryUsage BOOL
Use slower decompression algorithm which uses less
memory. This option only affects the bzip2 decom-
pressor.
Default: no
ArchiveBlockEncrypted BOOL
Mark encrypted archives as viruses (Encrypted.Zip,
Encrypted.RAR).
Default: no
ArchiveBlockMax BOOL
Mark archives as viruses (e.g RAR.ExceededFileSize,
Zip.ExceededFilesLimit) if ArchiveMaxFiles,
ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
reached.
Default: no
NodalCoreAcceleration BOOL
Enable support for Sensory Networks' NodalCore
hardware accelerator.
Default: no
ClamukoScanOnAccess BOOL
Enable Clamuko. Dazuko (/dev/dazuko) must be con-
figured and running.
Default: no
ClamukoScanOnOpen BOOL
Scan files on open.
Default: no
ClamukoScanOnClose BOOL
Scan files on close.
Default: no.
ClamukoScanOnExec BOOL
Scan files on execute.
Default: no
ClamukoIncludePath STRING
Set the include paths (all files and directories
inside them will be scanned). You can have multiple
ClamukoIncludePath directives but each directory
must be added in a separate line).
Default: no
ClamukoExcludePath STRING
Set the exclude paths. All subdirectories will also
be excluded.
Default: no
ClamukoMaxFileSize SIZE
Ignore files larger than SIZE.
Default: 5M
FILES
/usr/local/etc/clamd.conf
AUTHOR
Tomasz Kojm
SEE ALSO
clamd(8), clamdscan(1), clamav-milter(8), clamscan(1),
freshclam(1), sigtool(1)
ClamAV 0.90 February 12, 2007 clamd.conf(5)