Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- ## Example config file FOR clamav-milter
- ##
- # Comment OR remove the LINE below.
- Example
- ##
- ## Main options
- ##
- # Define the interface through which we communicate with sendmail
- # This OPTION IS mandatory! Possible formats are:
- # [[unix|LOCAL]:]/path/TO/file - TO specify a unix domain socket
- # inet:port@[hostname|ip-address] - TO specify an ipv4 socket
- # inet6:port@[hostname|ip-address] - TO specify an ipv6 socket
- #
- # Default: no default
- #MilterSocket /var/RUN/clamav-milter/clamav-milter.socket
- #MilterSocket inet:7357
- # Remove stale socket after unclean shutdown.
- #
- # Default: yes
- #FixStaleSocket yes
- # RUN AS another user (clamav-milter must be started by root FOR this OPTION TO work)
- #
- # Default: unset (don't drop privileges)
- User clamilt
- # Initialize supplementary group ACCESS (clamav-milter must be started by root).
- #
- # Default: no
- AllowSupplementaryGroups yes
- # Waiting FOR DATA from clamd will timeout after this time (seconds).
- # Value of 0 disables the timeout.
- #
- # Default: 120
- #ReadTimeout 300
- # Don't fork into background.
- #
- # Default: no
- #Foreground yes
- # Chroot TO the specified directory.
- # Chrooting IS performed just after reading the config file AND before dropping privileges.
- #
- # Default: unset (don't chroot)
- #Chroot /newroot
- # This OPTION allows you TO save a process identifier of the listening
- # daemon (main thread).
- #
- # Default: disabled
- #PidFile /var/RUN/clamav-milter/clamav-milter.pid
- # Optional path TO the global temporary directory.
- # Default: SYSTEM specific (usually /tmp OR /var/tmp).
- #
- #TemporaryDirectory /var/tmp
- ##
- ## Clamd options
- ##
- # Define the clamd socket TO connect TO FOR scanning.
- # This OPTION IS mandatory! Syntax:
- # ClamdSocket unix:path
- # ClamdSocket tcp:host:port
- # The first syntax specifies a LOCAL unix socket (needs an ABSOLUTE path) e.g.:
- # ClamdSocket unix:/var/RUN/clamd/clamd.socket
- # The second syntax specifies a tcp LOCAL OR remote tcp socket: the
- # host can be a hostname OR an ip address; the ":port" FIELD IS only required
- # FOR IPv6 addresses, otherwise it defaults TO 3310
- # ClamdSocket tcp:192.168.0.1
- #
- # This OPTION can be repeated several times with different sockets OR even
- # with the same socket: clamd servers will be selected in a round-robin fashion.
- #
- # Default: no default
- #ClamdSocket tcp:scanner.mydomain:7357
- ##
- ## Exclusions
- ##
- # Messages originating from these hosts/networks will NOT be scanned
- # This OPTION takes a host(NAME)/mask pair in CIRD notation AND can be
- # repeated several times. IF "/mask" IS omitted, a host IS assumed.
- # TO specify a locally orignated, non-smtp, email use the keyword "local"
- #
- # Default: unset (scan everything regardless of the origin)
- #LocalNet LOCAL
- #LocalNet 192.168.0.0/24
- #LocalNet 1111:2222:3333::/48
- # This OPTION specifies a file which contains a LIST of basic POSIX regular
- # expressions. Addresses (sent TO OR from - see below) matching these regexes
- # will NOT be scanned. Optionally each LINE can start with the STRING "From:"
- # OR "To:" (note: no whitespace after the colon) indicating IF it IS,
- # respectively, the sender OR recipient that IS TO be whitelisted.
- # IF the FIELD IS missing, "To:" IS assumed.
- # Lines starting with #, : OR ! are ignored.
- #
- # Default unset (no exclusion applied)
- #Whitelist /etc/whitelisted_addresses
- # Messages from authenticated SMTP users matching this extended POSIX
- # regular expression (egrep-like) will NOT be scanned.
- # Note: this IS the AUTH login NAME!
- #
- # Default: unset (no whitelisting based ON SMTP auth)
- #SkipAuthenticated ^(tom|dick|henry)$
- ##
- ## Actions
- ##
- # The following group of options controls the delievery process under
- # different circumstances.
- # The following actions are available:
- # - Accept
- # The message IS accepted FOR delievery
- # - Reject
- # Immediately refuse delievery (a 5xx ERROR IS returned TO the peer)
- # - Defer
- # RETURN a temporary failure message (4xx) TO the peer
- # - Blackhole (NOT available FOR OnFail)
- # Like Accept but the message IS sent TO oblivion
- # - Quarantine (NOT available FOR OnFail)
- # Like Accept but message IS quarantined instead of being delivered
- #
- # NOTE: In Sendmail the quarantine queue can be examined via mailq -qQ
- # FOR Postfix this causes the message TO be placed ON hold
- #
- # Action TO be performed ON clean messages (mostly useful FOR testing)
- # Default Accept
- #OnClean Accept
- # Action TO be performed ON infected messages
- # Default: Quarantine
- #OnInfected Quarantine
- # Action TO be performed ON ERROR conditions (this includes failure TO
- # allocate DATA structures, no scanners available, network timeouts,
- # unknown scanner replies AND the like)
- # Default Defer
- #OnFail Defer
- # This OPTION allows TO set a specific rejection reason FOR infected messages
- # AND it's therefore only useful together with "OnInfected Reject"
- # The STRING "%v", IF present, will be replaced with the virus NAME.
- # Default: MTA specific
- #RejectMsg
- # IF this OPTION IS set TO "Replace" (OR "Yes"), an "X-Virus-Scanned" AND an
- # "X-Virus-Status" headers will be attached TO each processed message, possibly
- # replacing existing headers.
- # IF it IS set TO Add, the X-Virus headers are added possibly ON top of the
- # existing ones.
- # Note that WHILE "Replace" can potentially break DKIM signatures, "Add" may
- # confuse procmail AND similar filters.
- # Default: no
- #AddHeader Replace
- ##
- ## Logging options
- ##
- # Uncomment this OPTION TO enable logging.
- # LogFile must be writable FOR the user running daemon.
- # A full path IS required.
- #
- # Default: disabled
- #LogFile /var/LOG/clamav-milter.LOG
- # By default the LOG file IS locked FOR writing - the LOCK protects against
- # running clamav-milter multiple times.
- # This OPTION disables LOG file locking.
- #
- # Default: no
- #LogFileUnlock yes
- # Maximum size of the LOG file.
- # Value of 0 disables the limit.
- # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
- # AND 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
- # in bytes just don't use modifiers.
- #
- # Default: 1M
- #LogFileMaxSize 2M
- # LOG time with each message.
- #
- # Default: no
- #LogTime yes
- # Use SYSTEM logger (can work together with LogFile).
- #
- # Default: no
- LogSyslog yes
- # Specify the TYPE of syslog messages - please refer TO 'man syslog'
- # FOR facility names.
- #
- # Default: LOG_LOCAL6
- #LogFacility LOG_MAIL
- # Enable verbose logging.
- #
- # Default: no
- #LogVerbose yes
- # This OPTION allows TO tune what IS logged when a message IS infected.
- # Possible values are OFF (the default - nothing IS logged),
- # Basic (minimal info logged), Full (verbose info logged)
- # Note:
- # FOR this TO work properly in sendmail, make sure the msg_id, mail_addr,
- # rcpt_addr AND i macroes are available in eom. In other words add a LINE like:
- # Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i
- # TO your .cf file. Alternatively use the macro:
- # define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
- # Postfix should be working fine with the default settings.
- #
- # Default: disabled
- #LogInfected Basic
- ##
- ## Limits
- ##
- # Messages larger than this value won't be scanned.
- # Make sure this value IS lower OR equal than StreamMaxLength in clamd.conf
- #
- # Default: 25M
- #MaxFileSize 10M
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement