Provided by: clamav-base_0.92.1~dfsg2-1.1_all bug

NAME

       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION

       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

       The  file  consists  of  comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use ’M’ or ’m’  modifiers  for  megabytes
              and ’K’ or ’k’ for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES

       When  some  option  is  not  used (commented out or not included in the
       configuration file at all) clamd takes a default action.

       Example
              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: no

       LogFileUnlock BOOL
              Disable a system lock that protects against running  clamd  with
              the same configuration file multiple times.
              Default: no

       LogFileMaxSize SIZE
              Limit the size of the log file. The logger will be automatically
              disabled if the file is greater than SIZE. Value of  0  disables
              the limit.
              Default: 1M

       LogTime BOOL
              Log time for each message.
              Default: no

       LogClean BOOL
              Log clean files.
              Default: no

       LogSyslog BOOL
              Use system logger (can work together with LogFile).
              Default: no

       LogFacility STRING
              Specify  the  type  of  syslog  messages  - please refer to ’man
              syslog’ for facility names.
              Default: LOG_LOCAL6

       LogVerbose BOOL
              Enable verbose logging.
              Default: no

       PidFile STRING
              Save the process identifier of a listening daemon (main  thread)
              to a specified file.
              Default: no

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.
              Default: /var/lib/clamav/

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: no

       FixStaleSocket BOOL
              Remove stale socket after unclean shutdown.
              Default: yes

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: no

       TCPAddr STRING
              TCP  socket  address  to  bind  to.  By  default  clamd binds to
              INADDR_ANY.
              Default: no

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 15

       MaxThreads NUMBER
              Maximum number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting for data from a client socket will  timeout  after  this
              time (seconds).
              Default: 120

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       MaxDirectoryRecursion NUMBER
              Maximum depth directories are scanned at.
              Default: 15

       FollowDirectorySymlinks BOOL
              Follow directory symlinks.
              Default: no

       FollowFileSymlinks BOOL
              Follow regular file symlinks.
              Default: no

       SelfCheck NUMBER
              Perform a database check.
              Default: 1800

       VirusEvent COMMAND
              Execute  COMMAND when a virus is found. In the command string %v
              will be replaced with the virus name.
              Default: no

       ExitOnOOM BOOL
              Stop daemon when libclamav reports out of memory condition.
              Default: no

       User STRING
              Run as another user (clamd must be started by root to make  this
              option working).
              Default: no

       AllowSupplementaryGroups BOOL
              Initialize  supplementary group access (clamd must be started by
              root).
              Default: no

       Foreground BOOL
              Don’t fork into background.
              Default: no

       Debug BOOL
              Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
              Do not remove temporary files (for debug purpose).
              Default: no

       StreamMaxLength SIZE
              Clamd  uses  FTP-like  protocol  to  receive  data  from  remote
              clients.  If you are using clamav-milter to balance load between
              remote clamd daemons on firewall servers you may  need  to  tune
              the Stream* options. This option allows you to specify the upper
              limit for data size that will be  transfered  to  remote  daemon
              when  scanning  a  single file. It should match your MTA’s limit
              for a maximum attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

       DetectPUA
              Detect Possibly Unwanted Applications.
              Default: No

       AlgorithmicDetection BOOL
              In some cases (eg. complex malware, exploits in  graphic  files,
              and  others), ClamAV uses special algorithms to provide accurate
              detection. This option controls the algorithmic detection.
              Default: yes

       ScanPE BOOL
              PE stands for Portable Executable  -  it’s  an  executable  file
              format  used  in all 32 and 64-bit versions of Windows operating
              systems. This option allows ClamAV to perform a deeper  analysis
              of  executable files and it’s also required for decompression of
              popular executable packers such as UPX.
              Default: yes

       ScanELF BOOL
              Executable and Linking Format is  a  standard  format  for  UN*X
              executables.  This  option allows you to control the scanning of
              ELF files.
              Default: yes

       DetectBrokenExecutables BOOL
              With this option clamd will try  to  detect  broken  executables
              (both PE and ELF) and mark them as Broken.Executable.
              Default: no

       ScanOLE2 BOOL
              This  option  enables  scanning of OLE2 files, such as Microsoft
              Office documents and .msi files.
              Default: yes

       ScanPDF BOOL
              This option enables scanning within PDF files.
              Default: no

       ScanHTML BOOL
              Enables HTML detection and normalisation.
              Default: yes

       ScanMail BOOL
              Enable scanning of mail files.
              Default: yes

       MailFollowURLs BOOL
              If an email contains URLs ClamAV can  download  and  scan  them.
              WARNING: This option may open your system to a DoS attack. Never
              use it on loaded servers.
              Default: no

       MailMaxRecursion NUMBER
              Recursion level limit for the mail scanner.
              Default: 64

       PhishingSignatures BOOL
              With this option enabled ClamAV  will  try  to  detect  phishing
              attempts by using signatures.
              Default: yes

       PhishingScanURLs BOOL
              Scan URLs found in mails for phishing attempts using heuristics.
              This  will  classify  "Possibly  Unwanted"  phishing  emails  as
              Phishing.Heuristics.Email.*
              Default: yes

       PhishingRestrictedScan BOOL
              Use  phishing  detection  only  for  domains  listed in the .pdb
              database. It is not recommended to have this option turned  off,
              because   scanning  of  all  domains  may  lead  to  many  false
              positives!
              Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
              Always block SSL mismatches in URLs, even if the  URL  isn’t  in
              the database. This can lead to false positives.
              Default: no

       PhishingAlwaysBlockCloak BOOL
              Always  block  cloaked URLs, even if URL isn’t in database. This
              can lead to false positives.
              Default: no

       ScanArchive BOOL
              Enable archive scanning.
              Default: yes

       ArchiveMaxFileSize SIZE
              Files in archives larger than this limit won’t be scanned. Value
              of 0 disables the limit.
              Default: 10M

       ArchiveMaxRecursion NUMBER
              Limit archive recursion level. Value of 0 disables the limit.
              Default: 8

       ArchiveMaxFiles NUMBER
              Number  of  files  to  be  scanned within an archive. Value of 0
              disables the limit.
              Default: 1000

       ArchiveMaxCompressionRatio NUMBER
              Analyze compression ratio of every file in an archive  and  mark
              potential archive bombs as viruses (0 disables the limit).
              Default: 250

       ArchiveLimitMemoryUsage BOOL
              Use  slower decompression algorithm which uses less memory. This
              option only affects the bzip2 decompressor.
              Default: no

       ArchiveBlockEncrypted BOOL
              Mark   encrypted    archives    as    viruses    (Encrypted.Zip,
              Encrypted.RAR).
              Default: no

       ArchiveBlockMax BOOL
              Mark    archives    as    viruses   (e.g   RAR.ExceededFileSize,
              Zip.ExceededFilesLimit) if ArchiveMaxFiles,  ArchiveMaxFileSize,
              or ArchiveMaxRecursion limit is reached.
              Default: no

       ClamukoScanOnAccess BOOL
              Enable  Clamuko.  Dazuko  (/dev/dazuko)  must  be configured and
              running.
              Default: no

       ClamukoScanOnOpen BOOL
              Scan files on open.
              Default: no

       ClamukoScanOnClose BOOL
              Scan files on close.
              Default: no.

       ClamukoScanOnExec BOOL
              Scan files on execute.
              Default: no

       ClamukoIncludePath STRING
              Set the include paths (all files  and  directories  inside  them
              will  be  scanned).  You  can  have  multiple ClamukoIncludePath
              directives but each directory must be added in a separate line).
              Default: no

       ClamukoExcludePath STRING
              Set the exclude paths. All subdirectories will also be excluded.
              Default: no

       ClamukoMaxFileSize SIZE
              Ignore files larger than SIZE.
              Default: 5M

FILES

       /etc/clamav/clamd.conf

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamd(8), clamdscan(1),  clamav-milter(8),  clamscan(1),  freshclam(1),
       sigtool(1)