Provided by: clamav-base_0.94.dfsg.1~rc1-0ubuntu2_all bug

NAME

       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION

       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

       The  file  consists  of  comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use ’M’ or ’m’  modifiers  for  megabytes
              and ’K’ or ’k’ for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES

       When  some  option  is  not  used (commented out or not included in the
       configuration file at all) clamd takes a default action.

       Example
              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: no

       LogFileUnlock BOOL
              Disable a system lock that protects against running  clamd  with
              the same configuration file multiple times.
              Default: no

       LogFileMaxSize SIZE
              Limit the size of the log file. The logger will be automatically
              disabled if the file is greater than SIZE. Value of  0  disables
              the limit.
              Default: 1M

       LogTime BOOL
              Log time for each message.
              Default: no

       LogClean BOOL
              Log clean files.
              Default: no

       LogSyslog BOOL
              Use system logger (can work together with LogFile).
              Default: no

       LogFacility STRING
              Specify  the  type  of  syslog  messages  - please refer to ’man
              syslog’ for facility names.
              Default: LOG_LOCAL6

       LogVerbose BOOL
              Enable verbose logging.
              Default: no

       PidFile STRING
              Save the process identifier of a listening daemon (main  thread)
              to a specified file.
              Default: no

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.
              Default: /var/lib/clamav/

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: no

       FixStaleSocket BOOL
              Remove stale socket after unclean shutdown.
              Default: yes

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: no

       TCPAddr STRING
              TCP  socket  address  to  bind  to.  By  default  clamd binds to
              INADDR_ANY.
              Default: no

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 15

       MaxThreads NUMBER
              Maximum number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting for data from a client socket will  timeout  after  this
              time (seconds).
              Default: 120

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       ExcludePath REGEX
              Don’t  scan files and directories matching REGEX. This directive
              can be used multiple times.
              Default: scan all

       MaxDirectoryRecursion NUMBER
              Maximum depth directories are scanned at.
              Default: 15

       FollowDirectorySymlinks BOOL
              Follow directory symlinks.
              Default: no

       FollowFileSymlinks BOOL
              Follow regular file symlinks.
              Default: no

       SelfCheck NUMBER
              Perform a database check.
              Default: 1800

       VirusEvent COMMAND
              Execute COMMAND when a virus is found. In the command string  %v
              will be replaced with the virus name.
              Default: no

       ExitOnOOM BOOL
              Stop daemon when libclamav reports out of memory condition.
              Default: no

       User STRING
              Run  as another user (clamd must be started by root to make this
              option working).
              Default: no

       AllowSupplementaryGroups BOOL
              Initialize supplementary group access (clamd must be started  by
              root).
              Default: no

       Foreground BOOL
              Don’t fork into background.
              Default: no

       Debug BOOL
              Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
              Do not remove temporary files (for debug purpose).
              Default: no

       StreamMaxLength SIZE
              Clamd  uses  FTP-like  protocol  to  receive  data  from  remote
              clients. If you are using clamav-milter to balance load  between
              remote  clamd  daemons  on firewall servers you may need to tune
              the Stream* options. This option allows you to specify the upper
              limit  for  data  size  that will be transfered to remote daemon
              when scanning a single file. It should match  your  MTA’s  limit
              for a maximum attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

       DetectPUA
              Detect Possibly Unwanted Applications.
              Default: No

       ExcludePUA CATEGORY
              Exclude  a  specific  PUA  category.  This directive can be used
              multiple times. See  http://www.clamav.net/support/pua  for  the
              complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
              Only include a specific PUA category. This directive can be used
              multiple times. See  http://www.clamav.net/support/pua  for  the
              complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
              In  some  cases (eg. complex malware, exploits in graphic files,
              and others), ClamAV uses special algorithms to provide  accurate
              detection. This option controls the algorithmic detection.
              Default: yes

       ScanPE BOOL
              PE  stands  for  Portable  Executable  - it’s an executable file
              format used in all 32 and 64-bit versions of  Windows  operating
              systems.  This option allows ClamAV to perform a deeper analysis
              of executable files and it’s also required for decompression  of
              popular executable packers such as UPX.
              Default: yes

       ScanELF BOOL
              Executable  and  Linking  Format  is  a standard format for UN*X
              executables. This option allows you to control the  scanning  of
              ELF files.
              Default: yes

       DetectBrokenExecutables BOOL
              With  this  option  clamd  will try to detect broken executables
              (both PE and ELF) and mark them as Broken.Executable.
              Default: no

       ScanOLE2 BOOL
              This option enables scanning of OLE2 files,  such  as  Microsoft
              Office documents and .msi files.
              Default: yes

       ScanPDF BOOL
              This option enables scanning within PDF files.
              Default: yes

       ScanHTML BOOL
              Enables HTML detection and normalisation.
              Default: yes

       ScanMail BOOL
              Enable scanning of mail files.
              Default: yes

       MailFollowURLs BOOL
              If  an  email  contains  URLs ClamAV can download and scan them.
              WARNING: This option may open your system to a DoS attack. Never
              use it on loaded servers.
              Default: no

       ScanPartialMessages BOOL
              Scan  RFC1341  messages split over many emails. You will need to
              periodically   clean    up    $TemporaryDirectory/clamav-partial
              directory.  WARNING:  This  option may open your system to a DoS
              attack. Never use it on loaded servers.
              Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
              With this option enabled ClamAV  will  try  to  detect  phishing
              attempts by using signatures.
              Default: yes

       PhishingScanURLs BOOL
              Scan URLs found in mails for phishing attempts using heuristics.
              This  will  classify  "Possibly  Unwanted"  phishing  emails  as
              Phishing.Heuristics.Email.*
              Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
              Always  block  SSL  mismatches in URLs, even if the URL isn’t in
              the database. This can lead to false positives.
              Default: no

       PhishingAlwaysBlockCloak BOOL
              Always block cloaked URLs, even if URL isn’t in  database.  This
              can lead to false positives.
              Default: no

       HeuristicScanPrecedence BOOL
              Allow  heuristic  match  to  take precedence. When enabled, if a
              heuristic  scan  (such  as  phishingScan)  detects  a   possible
              virus/phishing  it  will stop scanning immediately. Recommended,
              saves CPU scan-time. When disabled, virus/phishing  detected  by
              heuristic  scans  will be reported only at the end of a scan. If
              an   archive   contains   both    a    heuristically    detected
              virus/phishing,  and  a  real  malware, the real malware will be
              reported.  Keep  this  disabled  if   you   intend   to   handle
              "*.Heuristics.*"  viruses  differently from "real" malware. If a
              non-heuristically-detected  virus  (signature-based)  is   found
              first,  the  scan is interrupted immediately, regardless of this
              config option.
              Default: no

       StructuredDataDetection BOOL
              Enable the DLP module.
              Default: no

       StructuredMinCreditCardCount NUMBER
              This option sets the lowest number of Credit Card numbers  found
              in a file to generate a detect.
              Default: 3

       StructuredMinSSNCount NUMBER
              This  option  sets  the lowest number of Social Security Numbers
              found in a file to generate a detect.
              Default: 3

       StructuredSSNFormatNormal BOOL
              With this option enabled the DLP module will  search  for  valid
              SSNs formatted as xxx-yy-zzzz.
              Default: Yes

       StructuredSSNFormatStripped BOOL
              With  this  option  enabled the DLP module will search for valid
              SSNs formatted as xxxyyzzzz.
              Default: No

       ScanArchive BOOL
              Enable archive scanning.
              Default: yes

       ArchiveMaxFileSize (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxFileSize  and
              MaxScanSize.

       ArchiveMaxRecursion (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage BOOL
              Use  slower decompression algorithm which uses less memory. This
              option only affects the bzip2 decompressor.
              Default: no

       ArchiveBlockEncrypted BOOL
              Mark   encrypted    archives    as    viruses    (Encrypted.Zip,
              Encrypted.RAR).
              Default: no

       MaxScanSize SIZE
              Sets  the  maximum  amount  of data to be scanned for each input
              file. Archives and other containers  are  recursively  extracted
              and  scanned  up to this value. Warning: disabling this limit or
              setting it too high may result in severe damage to the system.
              Default: 100M

       MaxFileSize SIZE
              Files larger than this limit won’t be scanned. Affects the input
              file itself as well as files contained inside it (when the input
              file is an archive, a document or some other kind of container).
              Warning:  disabling this limit or setting it too high may result
              in severe damage to the system.
              Default: 25M

       MaxRecursion NUMBER
              Nested archives are scanned recursively, e.g. if a  Zip  archive
              contains  a  RAR file, all files within it will also be scanned.
              This  options  specifies  how  deeply  the  process  should   be
              continued.  Warning: disabling this limit or setting it too high
              may result in severe damage to the system.
              Default: 16

       MaxFiles NUMBER
              Number of files to be scanned within an archive, a document,  or
              any  other  kind  of container. Warning: disabling this limit or
              setting it too high may result in severe damage to the system.
              Default: 10000

       ClamukoScanOnAccess BOOL
              Enable Clamuko. Dazuko  (/dev/dazuko)  must  be  configured  and
              running.
              Default: no

       ClamukoScanOnOpen BOOL
              Scan files on open.
              Default: no

       ClamukoScanOnClose BOOL
              Scan files on close.
              Default: no.

       ClamukoScanOnExec BOOL
              Scan files on execute.
              Default: no

       ClamukoIncludePath STRING
              Set  the  include  paths  (all files and directories inside them
              will be  scanned).  You  can  have  multiple  ClamukoIncludePath
              directives but each directory must be added in a separate line).
              Default: no

       ClamukoExcludePath STRING
              Set the exclude paths. All subdirectories will also be excluded.
              Default: no

       ClamukoMaxFileSize SIZE
              Ignore files larger than SIZE.
              Default: 5M

FILES

       /etc/clamav/clamd.conf

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamd(8),  clamdscan(1),  clamav-milter(8),  clamscan(1), freshclam(1),
       sigtool(1)