Provided by: clamav-base_0.88.2-1ubuntu1_all bug


       clamd.conf - Configuration file for Clam AntiVirus Daemon


       clamd.conf configures the Clam AntiVirus daemon, clamd(8).


       The  file  consists  of  comments and options with arguments. Each line
       that starts with a hash (#) symbol is a comment. Options and  arguments
       are  case  sensitive  and  of  the  form Option Argument. The (possibly
       optional) arguments are are of the following types:

       STRING String without blank characters.

       SIZE   Size in bytes. You can use ’M’ or ’m’  modifiers  for  megabytes
              and ’K’ or ’k’ for kilobytes.

       NUMBER Unsigned integer.


       When   an   option  is  not  used  (hashed  or  doesn’t  exist  in  the
       configuration file) clamd takes a default action.

              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: disabled

              Disable a system lock that protects against running clamd with a
              same configuration file multiple times.
              Default: disabled

       LogFileMaxSize SIZE
              Limit  the  size of a log file. The logger will be automatically
              disabled  if the file is greater than SIZE. Value of 0  disables
              the limit.
              Default: 1M

              Log time with each message.
              Default: disabled

              Log clean files.
              Default: disabled

              Use system logger (can work together with LogFile).
              Default: disabled

              Specify  the  type  of  syslog  messages  - please refer to ’man
              syslog’ for facility names.
              Default: LOG_LOCAL6

              Enable verbose logging.
              Default: disabled

       PidFile STRING
              Save the process identifier of a listening daemon (main  thread)
              to a specified file.
              Default: disabled

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.
              Default: /var/lib/clamav/

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: disabled

              Remove stale socket after unclean shutdown.
              Default: disabled

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: disabled

       TCPAddr STRING
              TCP  socket  address  to  bind  to.  By  default  clamd binds to
              Default: disabled

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 15

       MaxThreads NUMBER
              Maximal number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting for data from a client socket will  timeout  after  this
              time (seconds).
              Default: 120

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       MaxDirectoryRecursion NUMBER
              Maximal depth directories are scanned at.
              Default: 15

              Follow directory symlinks.
              Default: disabled

              Follow regular file symlinks.
              Default: disabled

       SelfCheck NUMBER
              Do internal sanity checks every NUMBER seconds.
              Default: 1800

       VirusEvent COMMAND
              Execute  the  COMMAND when virus is found. In the command string
              %v will be replaced by a virus name.
              Default: disabled

              Stop daemon when libclamav reports out of memory condition.
              Default: disabled

       User STRING
              Run as selected user.
              Default: disabled

              Initialize supplementary  group  access  (clamd  must  be
              started by root).
              Default: disabled

              Don’t fork into background.
              Default: disabled

       Debug  Enable debug messages from libclamav.

              Do not remove temporary files (for debug purposes).
              Default: disabled

       StreamMaxLength SIZE
              Clamd  uses FTP-like protocol to receive data from remote
              clients. If you are using clamav-milter to  balance  load
              between  remote clamd daemons on firewall servers you may
              need to tune the Stream* options. This option allows  you
              to  specify  the  maximal  limit  for  data transfered to
              remote daemon when scanning  a  single  file.  It  should
              match your MTA’s limit for a maximal attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

              By   default  clamd  uses  scan  options  recommended  by
              libclamav. This option disables recommended  options  and
              allows  you  to enable selected options. DO NOT ENABLE IT
              unless you know what you are doing.
              Default: disabled

       ScanPE PE stands for Portable Executable -  it’s  an  executable
              file  format  used  in  all  32-bit  versions  of Windows
              operating systems. This option allows ClamAV to perform a
              deeper   analysis  of  executable  files  and  it’s  also
              required for decompression of popular executable  packers
              such as UPX.
              Default: enabled

              With   this  option  clamd  will  try  to  detect  broken
              executables and mark them as Broken.Executable.
              Default: disabled

              Enables scanning of Microsoft Office document macros.
              Default: enabled

              Enables HTML detection and normalisation.
              Default: enabled

              Enable scanning of mail files.
              Default: enabled

              If an email contains URLs ClamAV can  download  and  scan
              them.  WARNING: This option may open your system to a DoS
              attack. Never use it on loaded servers.
              Default: disabled

              Enable archive scanning.
              Default: enabled

              Enable scanning of RAR archives. Due  to  license  issues
              libclamav does not support RAR 3.0 archives (only the old
              2.0 format  is  supported).  Because  some  users  report
              stability problems with unrarlib it’s disabled by default
              and must be enabled in the config file.
              Default: disabled

       ArchiveMaxFileSize SIZE
              Files  in  archives  larger  than  this  limit  won’t  be
              scanned. Value of 0 disables the limit.
              Default: 10M

       ArchiveMaxRecursion NUMBER
              Limit  archive  recursion  level. Value of 0 disables the
              Default: 8

       ArchiveMaxFiles NUMBER
              Number of files to be scanned within archive. Value of  0
              disables the limit.
              Default: 1000

       ArchiveMaxCompressionRatio NUMBER
              Analyze compression ratio of every file in an archive and
              mark potential archive bombs as viruses (0  disables  the
              Default: 250

              Use   slower  decompression  algorithm  which  uses  less
              memory. This option affects bzip2 decompressor only.
              Default: disabled

              Mark  encrypted  archives  as   viruses   (Encrypted.Zip,
              Default: disabled

              Mark   archives  as  viruses  (e.g  RAR.ExceededFileSize,
              Zip.ExceededFilesLimit)        if        ArchiveMaxFiles,
              ArchiveMaxFileSize,   or   ArchiveMaxRecursion  limit  is
              Default: disabled

              Enable Clamuko. Dazuko (/dev/dazuko) must  be  configured
              and running.
              Default: disabled

              Scan files on open.
              Default: disabled

              Scan files on close.
              Default: disabled.

              Scan files on execute.
              Default: disabled

       ClamukoIncludePath STRING
              Set  the include paths (all files and directories in them
              will    be    scanned).    You    can    have    multiple
              ClamukoIncludePath  directives but each directory must be
              added in a separate line).
              Default: disabled

              Set the exclude paths. All subdirectories  will  also  be
              Default: disabled

       ClamukoMaxFileSize SIZE
              Don’t scan files larger than SIZE.
              Default: 5M

              Enable archive scanning. It uses ArchiveMax* limits.
              Default: disabled




       Tomasz Kojm <>


       clamd(8),  clamdscan(1),  clamscan(1), freshclam(1), sigtool(1),