Provided by: clamav-base_0.97.3+dfsg-2.1ubuntu1_all bug

NAME

       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION

       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

       The  file  consists  of comments and options with arguments. Each line which starts with a
       hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and  of
       the form Option Argument. The arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size  in  bytes.  You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for
              kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES

       When some option is not used (commented out or not included in the configuration  file  at
       all) clamd takes a default action.

       Example
              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: no

       LogFileUnlock BOOL
              Disable   a  system  lock  that  protects  against  running  clamd  with  the  same
              configuration file multiple times.
              Default: no

       LogFileMaxSize SIZE
              Limit the size of the log file. The logger will be automatically  disabled  if  the
              file is greater than SIZE. Value of 0 disables the limit.
              Default: 1M

       LogTime BOOL
              Log time for each message.
              Default: no

       LogClean BOOL
              Log clean files.
              Default: no

       LogSyslog BOOL
              Use system logger (can work together with LogFile).
              Default: no

       LogFacility STRING
              Specify  the  type  of  syslog messages - please refer to 'man syslog' for facility
              names.
              Default: LOG_LOCAL6

       LogVerbose BOOL
              Enable verbose logging.
              Default: no

       ExtendedDetectionInfo BOOL
              Log additional information about the infected file, such  as  its  size  and  hash,
              together with the virus name.
              Default: no

       PidFile STRING
              Save  the  process  identifier  of  a listening daemon (main thread) to a specified
              file.
              Default: no

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.

       OfficialDatabaseOnly BOOL
              Only load the official signatures published by the ClamAV project.
              Default: no

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: no

       LocalSocketGroup STRING
              Sets the group ownership on the unix socket.
              Default: the primary group of the user running clamd

       LocalSocketMode STRING
              Sets the permissions on the unix socket to the specified mode.
              Default: socket is world readable and writable

       FixStaleSocket BOOL
              Remove stale socket after unclean shutdown.
              Default: yes

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: no

       TCPAddr STRING
              TCP socket address to bind to. By default clamd binds to INADDR_ANY.
              Default: no

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 200

       MaxThreads NUMBER
              Maximum number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting for data from a client socket will timeout after this time (seconds).
              Default: 120

       CommandReadTimeout NUMBER
              This option specifies the time (in seconds) after which clamd should timeout  if  a
              client doesn't provide any initial command after connecting.  Note: the timeout for
              subsequents commands, and/or data chunks is specified by ReadTimeout.
              Default: 5

       SendBufTimeout NUMBER
              This option specifies how long to wait (in milliseconds)  if  the  send  buffer  is
              full.  Keep this value low to prevent clamd hanging.
              Default: 500

       MaxQueue NUMBER
              Maximum  number  of  queued  items  (including  those being processed by MaxThreads
              threads).  It is recommended to have  this  value  at  least  twice  MaxThreads  if
              possible.
              WARNING:  you  shouldn't  increase  this  too  much  to  avoid  running out of file
              descriptors,  the  following  condition  should  hold:  MaxThreads*MaxRecursion   +
              MaxQueue  - MaxThreads + 6 < RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of
              open file descriptors (usually 1024), set by ulimit -n.
              Default: 100

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       ExcludePath REGEX
              Don't scan files and  directories  matching  REGEX.  This  directive  can  be  used
              multiple times.
              Default: scan all

       MaxDirectoryRecursion NUMBER
              Maximum depth directories are scanned at.
              Default: 15

       FollowDirectorySymlinks BOOL
              Follow directory symlinks.
              Default: no

       CrossFilesystems BOOL
              Scan files and directories on other filesystems.
              Default: yes

       FollowFileSymlinks BOOL
              Follow regular file symlinks.
              Default: no

       SelfCheck NUMBER
              Perform a database check.
              Default: 1800

       VirusEvent COMMAND
              Execute  COMMAND  when  a virus is found. In the command string %v will be replaced
              with the virus name.
              Default: no

       ExitOnOOM BOOL
              Stop daemon when libclamav reports out of memory condition.
              Default: no

       User STRING
              Run as another user (clamd must be started by root to make this option working).
              Default: no

       AllowSupplementaryGroups BOOL
              Initialize supplementary group access (clamd must be started by root).
              Default: no

       Foreground BOOL
              Don't fork into background.
              Default: no

       Debug BOOL
              Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
              Do not remove temporary files (for debug purpose).
              Default: no

       StreamMaxLength SIZE
              Clamd uses FTP-like protocol to receive data from remote clients. If you are  using
              clamav-milter  to balance load between remote clamd daemons on firewall servers you
              may need to tune the Stream* options. This option allows you to specify  the  upper
              limit for data size that will be transfered to remote daemon when scanning a single
              file. It should match your MTA's limit for a maximum attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

       Bytecode BOOL
              With this option enabled ClamAV will load bytecode from the database. It is  highly
              recommended  you  keep this option turned on, otherwise you may miss detections for
              many new viruses.
              Default: yes

       BytecodeSecurity STRING
              Set bytecode security level. Possible values: TrustSigned:  trust  bytecode  loaded
              from signed .c[lv]d files and insert runtime safety checks for bytecode loaded from
              other sources, Paranoid: don't trust any bytecode, insert runtime checks  for  all.
              The  recommended setting is TrustSigned, because bytecode in .cvd files already has
              safety checks inserted into it.
              Default: TrustSigned

       BytecodeUnsigned BOOL
              Allow loading bytecode from outside digitally signed .c[lv]d files.
              Default: no

       BytecodeTimeout NUMBER
              Set bytecode timeout in milliseconds.
              Default: 5000

       DetectPUA BOOL
              Detect Possibly Unwanted Applications.
              Default: No

       ExcludePUA CATEGORY
              Exclude a specific PUA category. This directive can be  used  multiple  times.  See
              http://www.clamav.net/support/pua for the complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
              Only  include  a  specific PUA category. This directive can be used multiple times.
              See http://www.clamav.net/support/pua for the complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
              In some cases (eg. complex malware, exploits in graphic files, and others),  ClamAV
              uses  special  algorithms  to  provide accurate detection. This option controls the
              algorithmic detection.
              Default: yes

       ScanPE BOOL
              PE stands for Portable Executable - it's an executable file format used in  all  32
              and  64-bit  versions  of  Windows  operating systems. This option allows ClamAV to
              perform  a  deeper  analysis  of  executable  files  and  it's  also  required  for
              decompression of popular executable packers such as UPX.
              Default: yes

       ScanELF BOOL
              Executable  and  Linking  Format  is  a  standard format for UN*X executables. This
              option allows you to control the scanning of ELF files.
              Default: yes

       DetectBrokenExecutables BOOL
              With this option clamd will try to detect broken executables (both PE and ELF)  and
              mark them as Broken.Executable.
              Default: no

       ScanOLE2 BOOL
              This  option enables scanning of OLE2 files, such as Microsoft Office documents and
              .msi files.
              Default: yes

       OLE2BlockMacros BOOL
              With this option enabled OLE2 files with VBA macros, which  were  not  detected  by
              signatures will be marked as "Heuristics.OLE2.ContainsMacros".
              Default: no

       ScanPDF BOOL
              This option enables scanning within PDF files.
              Default: yes

       ScanHTML BOOL
              Enables HTML detection and normalisation.
              Default: yes

       ScanMail BOOL
              Enable scanning of mail files.
              Default: yes

       ScanPartialMessages BOOL
              Scan  RFC1341  messages split over many emails. You will need to periodically clean
              up $TemporaryDirectory/clamav-partial directory. WARNING: This option may open your
              system to a DoS attack. Never use it on loaded servers.
              Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
              With  this  option  enabled  ClamAV  will  try to detect phishing attempts by using
              signatures.
              Default: yes

       PhishingScanURLs BOOL
              Scan URLs found in mails for phishing attempts using heuristics. This will classify
              "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
              Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
              Always  block  SSL  mismatches in URLs, even if the URL isn't in the database. This
              can lead to false positives.
              Default: no

       PhishingAlwaysBlockCloak BOOL
              Always block cloaked URLs, even if URL isn't in database. This can  lead  to  false
              positives.
              Default: no

       HeuristicScanPrecedence BOOL
              Allow  heuristic  match to take precedence. When enabled, if a heuristic scan (such
              as  phishingScan)  detects  a  possible  virus/phishing  it  will   stop   scanning
              immediately.  Recommended,  saves  CPU  scan-time.  When  disabled,  virus/phishing
              detected by heuristic scans will be reported only at the  end  of  a  scan.  If  an
              archive  contains both a heuristically detected virus/phishing, and a real malware,
              the real malware will be reported. Keep this  disabled  if  you  intend  to  handle
              "*.Heuristics.*"  viruses  differently from "real" malware. If a non-heuristically-
              detected  virus  (signature-based)  is  found  first,  the  scan   is   interrupted
              immediately, regardless of this config option.
              Default: no

       StructuredDataDetection BOOL
              Enable the DLP module.
              Default: no

       StructuredMinCreditCardCount NUMBER
              This  option  sets  the  lowest  number  of  Credit Card numbers found in a file to
              generate a detect.
              Default: 3

       StructuredMinSSNCount NUMBER
              This option sets the lowest number of Social Security Numbers found in  a  file  to
              generate a detect.
              Default: 3

       StructuredSSNFormatNormal BOOL
              With  this  option  enabled  the DLP module will search for valid SSNs formatted as
              xxx-yy-zzzz.
              Default: Yes

       StructuredSSNFormatStripped BOOL
              With this option enabled the DLP module will search for  valid  SSNs  formatted  as
              xxxyyzzzz.
              Default: No

       ScanArchive BOOL
              Enable archive scanning.
              Default: yes

       ArchiveMaxFileSize (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxFileSize and MaxScanSize.

       ArchiveMaxRecursion (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage (OBSOLETE)
              WARNING: This option is no longer accepted.
              Default: no

       ArchiveBlockEncrypted BOOL
              Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
              Default: no

       MaxScanSize SIZE
              Sets  the  maximum  amount  of data to be scanned for each input file. Archives and
              other containers are recursively extracted and scanned up to this  value.  Warning:
              disabling  this  limit  or  setting  it too high may result in severe damage to the
              system.
              Default: 100M

       MaxFileSize SIZE
              Files larger than this limit won't be scanned. Affects the  input  file  itself  as
              well as files contained inside it (when the input file is an archive, a document or
              some other kind of container). Warning: disabling this limit or setting it too high
              may result in severe damage to the system.
              Default: 25M

       MaxRecursion NUMBER
              Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file,
              all files within it will also be scanned. This options  specifies  how  deeply  the
              process  should  be  continued.  Warning: setting this limit too high may result in
              severe damage to the system.
              Default: 16

       MaxFiles NUMBER
              Number of files to be scanned within an archive, a document, or any other  kind  of
              container.  Warning:  disabling  this  limit  or  setting it too high may result in
              severe damage to the system.
              Default: 10000

       ClamukoScanOnAccess BOOL
              Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
              Default: no

       ClamukoScannerCount NUMBER
              The number of scanner threads that will be started (DazukoFS only). Having multiple
              scanner  threads allows Clamuko to serve multiple processes simultaneously. This is
              particularly beneficial on SMP machines.
              Default: 3

       ClamukoScanOnOpen BOOL
              Scan files on open.
              Default: no

       ClamukoScanOnClose BOOL
              Scan files on close.
              Default: no.

       ClamukoScanOnExec BOOL
              Scan files on execute.
              Default: no

       ClamukoIncludePath STRING
              Set the include paths (all files and directories inside them will be scanned).  You
              can have multiple ClamukoIncludePath directives but each directory must be added in
              a separate line).
              Default: no

       ClamukoExcludePath STRING
              Set the exclude paths. All subdirectories will also be excluded.
              Default: no ClamukoExcludeUID NUMBER With this option you  can  whitelist  specific
              UIDs.  Processes  with these UIDs will be able to access all files. This option can
              be used multiple times (one per line).
              Default: no

       ClamukoMaxFileSize SIZE
              Ignore files larger than SIZE.
              Default: 5M

NOTES

       All options expressing a size are limited to max 4GB. Values in excess will be resetted to
       the maximum.

FILES

       /etc/clamav/clamd.conf

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamd(8), clamdscan(1), clamav-milter(8), freshclam(1), freshclam.conf(5)