Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- clamd.conf file
- ===========
- ##
- ## Example config file for the Clam AV daemon
- ## Please read the clamd.conf(5) manual before editing this file.
- ##
- # Comment or remove the line below.
- #Example
- # Uncomment this option to enable logging.
- # LogFile must be writable for the user running daemon.
- # A full path is required.
- # Default: disabled
- LogFile /var/log/clamd.log
- # By default the log file is locked for writing - the lock protects against
- # running clamd multiple times (if want to run another clamd, please
- # copy the configuration file, change the LogFile variable, and run
- # the daemon with --config-file option).
- # This option disables log file locking.
- # Default: no
- #LogFileUnlock yes
- # Maximum size of the log file.
- # Value of 0 disables the limit.
- # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
- # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
- # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
- # rotation (the LogRotate option) will always be enabled.
- # Default: 1M
- LogFileMaxSize 2M
- # Log time with each message.
- # Default: no
- LogTime yes
- # Also log clean files. Useful in debugging but drastically increases the
- # log size.
- # Default: no
- #LogClean yes
- # Use system logger (can work together with LogFile).
- # Default: no
- #LogSyslog yes
- # Specify the type of syslog messages - please refer to 'man syslog'
- # for facility names.
- # Default: LOG_LOCAL6
- #LogFacility LOG_MAIL
- # Enable verbose logging.
- # Default: no
- #LogVerbose yes
- # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
- # Default: no
- LogRotate yes
- # Log additional information about the infected file, such as its
- # size and hash, together with the virus name.
- #ExtendedDetectionInfo yes
- ExtendedDetectionInfo yes
- # This option allows you to save a process identifier of the listening
- # daemon (main thread).
- # Default: disabled
- PidFile /var/run/clamd/clamd.pid
- # Optional path to the global temporary directory.
- # Default: system specific (usually /tmp or /var/tmp).
- #TemporaryDirectory /var/tmp
- # Path to the database directory.
- # Default: hardcoded (depends on installation options)
- DatabaseDirectory /usr/local/share/clamav
- # Only load the official signatures published by the ClamAV project.
- # Default: no
- #OfficialDatabaseOnly no
- # The daemon can work in local mode, network mode or both.
- # Due to security reasons we recommend the local mode.
- # Path to a local socket file the daemon will listen on.
- # Default: disabled (must be specified by a user)
- LocalSocket /tmp/clamd
- # Sets the group ownership on the unix socket.
- # Default: disabled (the primary group of the user running clamd)
- #LocalSocketGroup virusgroup
- # Sets the permissions on the unix socket to the specified mode.
- # Default: disabled (socket is world accessible)
- #LocalSocketMode 660
- # Remove stale socket after unclean shutdown.
- # Default: yes
- #FixStaleSocket yes
- # TCP port address.
- # Default: no
- #TCPSocket 3310
- # TCP address.
- # By default we bind to INADDR_ANY, probably not wise.
- # Enable the following to provide some degree of protection
- # from the outside world. This option can be specified multiple
- # times if you want to listen on multiple IPs. IPv6 is now supported.
- # Default: no
- #TCPAddr 127.0.0.1
- # Maximum length the queue of pending connections may grow to.
- # Default: 200
- #MaxConnectionQueueLength 30
- # Clamd uses FTP-like protocol to receive data from remote clients.
- # If you are using clamav-milter to balance load between remote clamd daemons
- # on firewall servers you may need to tune the options below.
- # Close the connection when the data size limit is exceeded.
- # The value should match your MTA's limit for a maximum attachment size.
- # Default: 25M
- #StreamMaxLength 10M
- # Limit port range.
- # Default: 1024
- #StreamMinPort 30000
- # Default: 2048
- #StreamMaxPort 32000
- # Maximum number of threads running at the same time.
- # Default: 10
- #MaxThreads 20
- # Waiting for data from a client socket will timeout after this time (seconds).
- # Default: 120
- #ReadTimeout 300
- # This option specifies the time (in seconds) after which clamd should
- # timeout if a client doesn't provide any initial command after connecting.
- # Default: 5
- #CommandReadTimeout 5
- # This option specifies how long to wait (in miliseconds) if the send buffer is full.
- # Keep this value low to prevent clamd hanging
- #
- # Default: 500
- #SendBufTimeout 200
- # Maximum number of queued items (including those being processed by MaxThreads threads)
- # It is recommended to have this value at least twice MaxThreads if possible.
- # WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
- # the following condition should hold:
- # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
- #
- # Default: 100
- #MaxQueue 200
- # Waiting for a new job will timeout after this time (seconds).
- # Default: 30
- #IdleTimeout 60
- # Don't scan files and directories matching regex
- # This directive can be used multiple times
- # Default: scan all
- #ExcludePath ^/proc/
- #ExcludePath ^/sys/
- # Maximum depth directories are scanned at.
- # Default: 15
- #MaxDirectoryRecursion 20
- # Follow directory symlinks.
- # Default: no
- #FollowDirectorySymlinks yes
- # Follow regular file symlinks.
- # Default: no
- #FollowFileSymlinks yes
- # Scan files and directories on other filesystems.
- # Default: yes
- #CrossFilesystems yes
- # Perform a database check.
- # Default: 600 (10 min)
- #SelfCheck 600
- # Execute a command when virus is found. In the command string %v will
- # be replaced with the virus name.
- # Default: no
- #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
- # Run as another user (clamd must be started by root for this option to work)
- # Default: don't drop privileges
- #User clamav
- # Initialize supplementary group access (clamd must be started by root).
- # Default: no
- #AllowSupplementaryGroups no
- # Stop daemon when libclamav reports out of memory condition.
- #ExitOnOOM yes
- # Don't fork into background.
- # Default: no
- #Foreground yes
- # Enable debug messages in libclamav.
- # Default: no
- #Debug yes
- # Do not remove temporary files (for debug purposes).
- # Default: no
- #LeaveTemporaryFiles yes
- # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
- # any ALLMATCHSCAN command as invalid.
- # Default: yes
- #AllowAllMatchScan no
- # Detect Possibly Unwanted Applications.
- # Default: no
- #DetectPUA yes
- # Exclude a specific PUA category. This directive can be used multiple times.
- # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
- # the complete list of PUA categories.
- # Default: Load all categories (if DetectPUA is activated)
- #ExcludePUA NetTool
- #ExcludePUA PWTool
- # Only include a specific PUA category. This directive can be used multiple
- # times.
- # Default: Load all categories (if DetectPUA is activated)
- #IncludePUA Spy
- #IncludePUA Scanner
- #IncludePUA RAT
- # In some cases (eg. complex malware, exploits in graphic files, and others),
- # ClamAV uses special algorithms to provide accurate detection. This option
- # controls the algorithmic detection.
- # Default: yes
- #AlgorithmicDetection yes
- # This option causes memory or nested map scans to dump the content to disk.
- # If you turn on this option, more data is written to disk and is available
- # when the LeaveTemporaryFiles option is enabled.
- #ForceToDisk yes
- # This option allows you to disable the caching feature of the engine. By
- # default, the engine will store an MD5 in a cache of any files that are
- # not flagged as virus or that hit limits checks. Disabling the cache will
- # have a negative performance impact on large scans.
- # Default: no
- #DisableCache yes
- ##
- ## Executable files
- ##
- # PE stands for Portable Executable - it's an executable file format used
- # in all 32 and 64-bit versions of Windows operating systems. This option allows
- # ClamAV to perform a deeper analysis of executable files and it's also
- # required for decompression of popular executable packers such as UPX, FSG,
- # and Petite. If you turn off this option, the original files will still be
- # scanned, but without additional processing.
- # Default: yes
- #ScanPE yes
- # Certain PE files contain an authenticode signature. By default, we check
- # the signature chain in the PE file against a database of trusted and
- # revoked certificates if the file being scanned is marked as a virus.
- # If any certificate in the chain validates against any trusted root, but
- # does not match any revoked certificate, the file is marked as whitelisted.
- # If the file does match a revoked certificate, the file is marked as virus.
- # The following setting completely turns off authenticode verification.
- # Default: no
- #DisableCertCheck yes
- # Executable and Linking Format is a standard format for UN*X executables.
- # This option allows you to control the scanning of ELF files.
- # If you turn off this option, the original files will still be scanned, but
- # without additional processing.
- # Default: yes
- #ScanELF yes
- # With this option clamav will try to detect broken executables (both PE and
- # ELF) and mark them as Broken.Executable.
- # Default: no
- #DetectBrokenExecutables yes
- ##
- ## Documents
- ##
- # This option enables scanning of OLE2 files, such as Microsoft Office
- # documents and .msi files.
- # If you turn off this option, the original files will still be scanned, but
- # without additional processing.
- # Default: yes
- #ScanOLE2 yes
- # With this option enabled OLE2 files with VBA macros, which were not
- # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
- # Default: no
- #OLE2BlockMacros no
- # This option enables scanning within PDF files.
- # If you turn off this option, the original files will still be scanned, but
- # without decoding and additional processing.
- # Default: yes
- #ScanPDF yes
- # This option enables scanning within SWF files.
- # If you turn off this option, the original files will still be scanned, but
- # without decoding and additional processing.
- # Default: yes
- #ScanSWF yes
- ##
- ## Mail files
- ##
- # Enable internal e-mail scanner.
- # If you turn off this option, the original files will still be scanned, but
- # without parsing individual messages/attachments.
- # Default: yes
- #ScanMail yes
- # Scan RFC1341 messages split over many emails.
- # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
- # WARNING: This option may open your system to a DoS attack.
- # Never use it on loaded servers.
- # Default: no
- ScanPartialMessages yes
- # With this option enabled ClamAV will try to detect phishing attempts by using
- # signatures.
- # Default: yes
- #PhishingSignatures yes
- # Scan URLs found in mails for phishing attempts using heuristics.
- # Default: yes
- #PhishingScanURLs yes
- # Always block SSL mismatches in URLs, even if the URL isn't in the database.
- # This can lead to false positives.
- #
- # Default: no
- #PhishingAlwaysBlockSSLMismatch no
- # Always block cloaked URLs, even if URL isn't in database.
- # This can lead to false positives.
- #
- # Default: no
- #PhishingAlwaysBlockCloak no
- # Detect partition intersections in raw disk images using heuristics.
- # Default: no
- PartitionIntersection no
- # Allow heuristic match to take precedence.
- # When enabled, if a heuristic scan (such as phishingScan) detects
- # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
- # scan-time.
- # When disabled, virus/phish detected by heuristic scans will be reported only at
- # the end of a scan. If an archive contains both a heuristically detected
- # virus/phish, and a real malware, the real malware will be reported
- #
- # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
- # differently from "real" malware.
- # If a non-heuristically-detected virus (signature-based) is found first,
- # the scan is interrupted immediately, regardless of this config option.
- #
- # Default: no
- #HeuristicScanPrecedence yes
- ##
- ## Data Loss Prevention (DLP)
- ##
- # Enable the DLP module
- # Default: No
- #StructuredDataDetection yes
- # This option sets the lowest number of Credit Card numbers found in a file
- # to generate a detect.
- # Default: 3
- #StructuredMinCreditCardCount 5
- # This option sets the lowest number of Social Security Numbers found
- # in a file to generate a detect.
- # Default: 3
- #StructuredMinSSNCount 5
- # With this option enabled the DLP module will search for valid
- # SSNs formatted as xxx-yy-zzzz
- # Default: yes
- #StructuredSSNFormatNormal yes
- # With this option enabled the DLP module will search for valid
- # SSNs formatted as xxxyyzzzz
- # Default: no
- #StructuredSSNFormatStripped yes
- ##
- ## HTML
- ##
- # Perform HTML normalisation and decryption of MS Script Encoder code.
- # Default: yes
- # If you turn off this option, the original files will still be scanned, but
- # without additional processing.
- #ScanHTML yes
- ##
- ## Archives
- ##
- # ClamAV can scan within archives and compressed files.
- # If you turn off this option, the original files will still be scanned, but
- # without unpacking and additional processing.
- # Default: yes
- #ScanArchive yes
- # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
- # Default: no
- #ArchiveBlockEncrypted no
- ##
- ## Limits
- ##
- # The options below protect your system against Denial of Service attacks
- # using archive bombs.
- # This option sets the maximum amount of data to be scanned for each input file.
- # Archives and other containers are recursively extracted and scanned up to this
- # value.
- # Value of 0 disables the limit
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 100M
- #MaxScanSize 150M
- # Files larger than this limit won't be scanned. Affects the input file itself
- # as well as files contained inside it (when the input file is an archive, a
- # document or some other kind of container).
- # Value of 0 disables the limit.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 25M
- #MaxFileSize 30M
- # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
- # file, all files within it will also be scanned. This options specifies how
- # deeply the process should be continued.
- # Note: setting this limit too high may result in severe damage to the system.
- # Default: 16
- #MaxRecursion 10
- # Number of files to be scanned within an archive, a document, or any other
- # container file.
- # Value of 0 disables the limit.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 10000
- #MaxFiles 15000
- # Maximum size of a file to check for embedded PE. Files larger than this value
- # will skip the additional analysis step.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 10M
- #MaxEmbeddedPE 10M
- # Maximum size of a HTML file to normalize. HTML files larger than this value
- # will not be normalized or scanned.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 10M
- #MaxHTMLNormalize 10M
- # Maximum size of a normalized HTML file to scan. HTML files larger than this
- # value after normalization will not be scanned.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 2M
- #MaxHTMLNoTags 2M
- # Maximum size of a script file to normalize. Script content larger than this
- # value will not be normalized or scanned.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 5M
- #MaxScriptNormalize 5M
- # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
- # than this value will skip the step to potentially reanalyze as PE.
- # Note: disabling this limit or setting it too high may result in severe damage
- # to the system.
- # Default: 1M
- #MaxZipTypeRcg 1M
- # This option sets the maximum number of partitions of a raw disk image to be scanned.
- # Raw disk images with more partitions than this value will have up to the value number
- # partitions scanned. Negative values are not allowed.
- # Note: setting this limit too high may result in severe damage or impact performance.
- # Default: 50
- #MaxPartitions 128
- # This option sets the maximum number of icons within a PE to be scanned.
- # PE files with more icons than this value will have up to the value number icons scanned.
- # Negative values are not allowed.
- # WARNING: setting this limit too high may result in severe damage or impact performance.
- # Default: 100
- #MaxIconsPE 200
- ##
- ## On-access Scan Settings
- ##
- # Enable on-access scanning. Currently, this is supported via fanotify.
- # Clamuko/Dazuko support has been deprecated.
- # Default: no
- #ScanOnAccess yes
- # Don't scan files larger than OnAccessMaxFileSize
- # Value of 0 disables the limit.
- # Default: 5M
- #OnAccessMaxFileSize 10M
- # Set the include paths (all files inside them will be scanned). You can have
- # multiple OnAccessIncludePath directives but each directory must be added
- # in a separate line. (On-access scan only)
- # Default: disabled
- #OnAccessIncludePath /home
- #OnAccessIncludePath /students
- # Set the exclude paths. All subdirectories are also excluded.
- # (On-access scan only)
- # Default: disabled
- #OnAccessExcludePath /home/bofh
- # With this option you can whitelist specific UIDs. Processes with these UIDs
- # will be able to access all files.
- # This option can be used multiple times (one per line).
- # Default: disabled
- #OnAccessExcludeUID 0
- ##
- ## Bytecode
- ##
- # With this option enabled ClamAV will load bytecode from the database.
- # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
- # Default: yes
- #Bytecode yes
- # Set bytecode security level.
- # Possible values:
- # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
- # This value is only available if clamav was built with --enable-debug!
- # TrustSigned - trust bytecode loaded from signed .c[lv]d files,
- # insert runtime safety checks for bytecode loaded from other sources
- # Paranoid - don't trust any bytecode, insert runtime checks for all
- # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
- # Note that by default only signed bytecode is loaded, currently you can only
- # load unsigned bytecode in --enable-debug mode.
- #
- # Default: TrustSigned
- #BytecodeSecurity TrustSigned
- # Set bytecode timeout in miliseconds.
- #
- # Default: 5000
- # BytecodeTimeout 1000
- ##
- ## Statistics gathering and submitting
- ##
- # Enable statistical reporting.
- # Default: no
- StatsEnabled yes
- # Disable submission of individual PE sections for files flagged as malware.
- # Default: no
- #StatsPEDisabled yes
- # HostID in the form of an UUID to use when submitting statistical information.
- # Default: auto
- #StatsHostID auto
- # Time in seconds to wait for the stats server to come back with a response
- # Default: 10
- #StatsTimeout 10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement