Provided by: clamav-base_0.95.1+dfsg-1ubuntu1_all bug

NAME

       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION

       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

       The  file  consists  of  comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use ’M’ or ’m’  modifiers  for  megabytes
              and ’K’ or ’k’ for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES

       When  some  option  is  not  used (commented out or not included in the
       configuration file at all) clamd takes a default action.

       Example
              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: no

       LogFileUnlock BOOL
              Disable a system lock that protects against running  clamd  with
              the same configuration file multiple times.
              Default: no

       LogFileMaxSize SIZE
              Limit the size of the log file. The logger will be automatically
              disabled if the file is greater than SIZE. Value of  0  disables
              the limit.
              Default: 1M

       LogTime BOOL
              Log time for each message.
              Default: no

       LogClean BOOL
              Log clean files.
              Default: no

       LogSyslog BOOL
              Use system logger (can work together with LogFile).
              Default: no

       LogFacility STRING
              Specify  the  type  of  syslog  messages  - please refer to ’man
              syslog’ for facility names.
              Default: LOG_LOCAL6

       LogVerbose BOOL
              Enable verbose logging.
              Default: no

       PidFile STRING
              Save the process identifier of a listening daemon (main  thread)
              to a specified file.
              Default: no

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.
              Default: /var/lib/clamav/

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: no

       FixStaleSocket BOOL
              Remove stale socket after unclean shutdown.
              Default: yes

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: no

       TCPAddr STRING
              TCP  socket  address  to  bind  to.  By  default  clamd binds to
              INADDR_ANY.
              Default: no

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 15

       MaxThreads NUMBER
              Maximum number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting for data from a client socket will  timeout  after  this
              time (seconds).
              Default: 120

       CommandReadTimeout NUMBER
              This  option  specifies  the time (in seconds) after which clamd
              should timeout if a client doesn’t provide any  initial  command
              after  connecting.   Note: the timeout for subsequents commands,
              and/or data chunks is specified by ReadTimeout.
              Default: 5

       SendBufTimeout NUMBER
              This option specifies how long to wait (in miliseconds)  if  the
              send  buffer  is  full.   Keep  this  value low to prevent clamd
              hanging.
              Default: 500

       MaxQueue NUMBER
              Maximum number of queued items (including those being  processed
              by MaxThreads threads).  It is recommended to have this value at
              least twice MaxThreads if possible.
              WARNING: you shouldnt increase this too much to  avoid  running
              out  of  file  descriptors, the following condition should hold:
              MaxThreads*MaxRecursion  +  MaxQueue  -   MaxThreads   +   6   <
              RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
              descriptors (usually 1024), set by ulimit -n.
              Default: 100

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       ExcludePath REGEX
              Don’t scan files and directories matching REGEX. This  directive
              can be used multiple times.
              Default: scan all

       MaxDirectoryRecursion NUMBER
              Maximum depth directories are scanned at.
              Default: 15

       FollowDirectorySymlinks BOOL
              Follow directory symlinks.
              Default: no

       FollowFileSymlinks BOOL
              Follow regular file symlinks.
              Default: no

       SelfCheck NUMBER
              Perform a database check.
              Default: 1800

       VirusEvent COMMAND
              Execute  COMMAND when a virus is found. In the command string %v
              will be replaced with the virus name.
              Default: no

       ExitOnOOM BOOL
              Stop daemon when libclamav reports out of memory condition.
              Default: no

       User STRING
              Run as another user (clamd must be started by root to make  this
              option working).
              Default: no

       AllowSupplementaryGroups BOOL
              Initialize  supplementary group access (clamd must be started by
              root).
              Default: no

       Foreground BOOL
              Don’t fork into background.
              Default: no

       Debug BOOL
              Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
              Do not remove temporary files (for debug purpose).
              Default: no

       StreamMaxLength SIZE
              Clamd  uses  FTP-like  protocol  to  receive  data  from  remote
              clients.  If you are using clamav-milter to balance load between
              remote clamd daemons on firewall servers you may  need  to  tune
              the Stream* options. This option allows you to specify the upper
              limit for data size that will be  transfered  to  remote  daemon
              when  scanning  a  single file. It should match your MTA’s limit
              for a maximum attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

       DetectPUA
              Detect Possibly Unwanted Applications.
              Default: No

       ExcludePUA CATEGORY
              Exclude a specific PUA category.  This  directive  can  be  used
              multiple  times.  See  http://www.clamav.net/support/pua for the
              complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
              Only include a specific PUA category. This directive can be used
              multiple  times.  See  http://www.clamav.net/support/pua for the
              complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
              In some cases (eg. complex malware, exploits in  graphic  files,
              and  others), ClamAV uses special algorithms to provide accurate
              detection. This option controls the algorithmic detection.
              Default: yes

       ScanPE BOOL
              PE stands for Portable Executable  -  it’s  an  executable  file
              format  used  in all 32 and 64-bit versions of Windows operating
              systems. This option allows ClamAV to perform a deeper  analysis
              of  executable files and it’s also required for decompression of
              popular executable packers such as UPX.
              Default: yes

       ScanELF BOOL
              Executable and Linking Format is  a  standard  format  for  UN*X
              executables.  This  option allows you to control the scanning of
              ELF files.
              Default: yes

       DetectBrokenExecutables BOOL
              With this option clamd will try  to  detect  broken  executables
              (both PE and ELF) and mark them as Broken.Executable.
              Default: no

       ScanOLE2 BOOL
              This  option  enables  scanning of OLE2 files, such as Microsoft
              Office documents and .msi files.
              Default: yes

       ScanPDF BOOL
              This option enables scanning within PDF files.
              Default: yes

       ScanHTML BOOL
              Enables HTML detection and normalisation.
              Default: yes

       ScanMail BOOL
              Enable scanning of mail files.
              Default: yes

       MailFollowURLs BOOL
              If an email contains URLs ClamAV can  download  and  scan  them.
              WARNING: This option may open your system to a DoS attack. Never
              use it on loaded servers.
              Default: no

       ScanPartialMessages BOOL
              Scan RFC1341 messages split over many emails. You will  need  to
              periodically    clean    up   $TemporaryDirectory/clamav-partial
              directory. WARNING: This option may open your system  to  a  DoS
              attack. Never use it on loaded servers.
              Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
              With  this  option  enabled  ClamAV  will try to detect phishing
              attempts by using signatures.
              Default: yes

       PhishingScanURLs BOOL
              Scan URLs found in mails for phishing attempts using heuristics.
              This  will  classify  "Possibly  Unwanted"  phishing  emails  as
              Phishing.Heuristics.Email.*
              Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
              Always block SSL mismatches in URLs, even if the  URL  isn’t  in
              the database. This can lead to false positives.
              Default: no

       PhishingAlwaysBlockCloak BOOL
              Always  block  cloaked URLs, even if URL isn’t in database. This
              can lead to false positives.
              Default: no

       HeuristicScanPrecedence BOOL
              Allow heuristic match to take precedence.  When  enabled,  if  a
              heuristic   scan  (such  as  phishingScan)  detects  a  possible
              virus/phishing it will stop scanning  immediately.  Recommended,
              saves  CPU  scan-time. When disabled, virus/phishing detected by
              heuristic scans will be reported only at the end of a  scan.  If
              an    archive    contains    both   a   heuristically   detected
              virus/phishing, and a real malware, the  real  malware  will  be
              reported.   Keep   this   disabled   if  you  intend  to  handle
              "*.Heuristics.*" viruses  differently from "real" malware. If  a
              non-heuristically-detected   virus  (signature-based)  is  found
              first, the scan is interrupted immediately, regardless  of  this
              config option.
              Default: no

       StructuredDataDetection BOOL
              Enable the DLP module.
              Default: no

       StructuredMinCreditCardCount NUMBER
              This  option sets the lowest number of Credit Card numbers found
              in a file to generate a detect.
              Default: 3

       StructuredMinSSNCount NUMBER
              This option sets the lowest number of  Social  Security  Numbers
              found in a file to generate a detect.
              Default: 3

       StructuredSSNFormatNormal BOOL
              With  this  option  enabled the DLP module will search for valid
              SSNs formatted as xxx-yy-zzzz.
              Default: Yes

       StructuredSSNFormatStripped BOOL
              With this option enabled the DLP module will  search  for  valid
              SSNs formatted as xxxyyzzzz.
              Default: No

       ScanArchive BOOL
              Enable archive scanning.
              Default: yes

       ArchiveMaxFileSize (OBSOLETE)
              WARNING:  This option is no longer accepted. See MaxFileSize and
              MaxScanSize.

       ArchiveMaxRecursion (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage BOOL
              Use slower decompression algorithm which uses less memory.  This
              option only affects the bzip2 decompressor.
              Default: no

       ArchiveBlockEncrypted BOOL
              Mark    encrypted    archives    as    viruses   (Encrypted.Zip,
              Encrypted.RAR).
              Default: no

       MaxScanSize SIZE
              Sets the maximum amount of data to be  scanned  for  each  input
              file.  Archives  and  other containers are recursively extracted
              and scanned up to this value. Warning: disabling this  limit  or
              setting it too high may result in severe damage to the system.
              Default: 100M

       MaxFileSize SIZE
              Files larger than this limit won’t be scanned. Affects the input
              file itself as well as files contained inside it (when the input
              file is an archive, a document or some other kind of container).
              Warning: disabling this limit or setting it too high may  result
              in severe damage to the system.
              Default: 25M

       MaxRecursion NUMBER
              Nested  archives  are scanned recursively, e.g. if a Zip archive
              contains a RAR file, all files within it will also  be  scanned.
              This   options  specifies  how  deeply  the  process  should  be
              continued. Warning: disabling this limit or setting it too  high
              may result in severe damage to the system.
              Default: 16

       MaxFiles NUMBER
              Number  of files to be scanned within an archive, a document, or
              any other kind of container. Warning: disabling  this  limit  or
              setting it too high may result in severe damage to the system.
              Default: 10000

       ClamukoScanOnAccess BOOL
              Enable  Clamuko.  Dazuko  (/dev/dazuko)  must  be configured and
              running.
              Default: no

       ClamukoScanOnOpen BOOL
              Scan files on open.
              Default: no

       ClamukoScanOnClose BOOL
              Scan files on close.
              Default: no.

       ClamukoScanOnExec BOOL
              Scan files on execute.
              Default: no

       ClamukoIncludePath STRING
              Set the include paths (all files  and  directories  inside  them
              will  be  scanned).  You  can  have  multiple ClamukoIncludePath
              directives but each directory must be added in a separate line).
              Default: no

       ClamukoExcludePath STRING
              Set the exclude paths. All subdirectories will also be excluded.
              Default: no

       ClamukoMaxFileSize SIZE
              Ignore files larger than SIZE.
              Default: 5M

NOTES

       All options expressing a size are limited to max 4GB. Values in  excess
       will be resetted to the maximum.

FILES

       /etc/clamav/clamd.conf

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamd(8),  clamdscan(1),  clamav-milter(8),  clamscan(1), freshclam(1),
       sigtool(1)