clamd.conf man page on Mandriva

Man page or keyword search:  
man Server   17060 pages
apropos Keyword Search (all sections)
Output format
Mandriva logo
[printable version]

clamd.conf(5)			Clam AntiVirus			 clamd.conf(5)

NAME
       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION
       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT
       The  file  consists  of	comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers	for  megabytes
	      and 'K' or 'k' for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES
       When some option is not used (commented out or not included in the con‐
       figuration file at all) clamd takes a default action.

       Example
	      If this option is set clamd will not run.

       LogFile STRING
	      Enable logging to selected file.
	      Default: no

       LogFileUnlock BOOL
	      Disable a system lock that protects against running  clamd  with
	      the same configuration file multiple times.
	      Default: no

       LogFileMaxSize SIZE
	      Limit the size of the log file. The logger will be automatically
	      disabled if the file is greater than SIZE. Value of  0  disables
	      the limit.
	      Default: 1M

       LogTime BOOL
	      Log time for each message.
	      Default: no

       LogClean BOOL
	      Log clean files.
	      Default: no

       LogSyslog BOOL
	      Use system logger (can work together with LogFile).
	      Default: no

       LogFacility STRING
	      Specify  the type of syslog messages - please refer to 'man sys‐
	      log' for facility names.
	      Default: LOG_LOCAL6

       LogVerbose BOOL
	      Enable verbose logging.
	      Default: no

       ExtendedDetectionInfo BOOL
	      Provide additional information about the infected file, such  as
	      its  size	 and  hash,  together with the virus name. It's recom‐
	      mended to enable this option along with SubmitDetectionStats  in
	      freshclam.conf.
	      Default: no

       PidFile STRING
	      Save  the process identifier of a listening daemon (main thread)
	      to a specified file.
	      Default: no

       TemporaryDirectory STRING
	      Optional path to the global temporary directory.
	      Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
	      Path to a directory containing database files.

       OfficialDatabaseOnly BOOL
	      Only load	 the  official	signatures  published  by  the	ClamAV
	      project.
	      Default: no

       LocalSocket STRING
	      Path to a local (Unix) socket the daemon will listen on.
	      Default: no

       LocalSocketGroup STRING
	      Sets the group ownership on the unix socket.
	      Default: the primary group of the user running clamd

       LocalSocketMode STRING
	      Sets the permissions on the unix socket to the specified mode.
	      Default: socket is world readable and writable

       FixStaleSocket BOOL
	      Remove stale socket after unclean shutdown.
	      Default: yes

       TCPSocket NUMBER
	      TCP port number the daemon will listen on.
	      Default: no

       TCPAddr STRING
	      TCP  socket  address  to	bind  to.  By  default	clamd binds to
	      INADDR_ANY.
	      Default: no

       MaxConnectionQueueLength NUMBER
	      Maximum length the queue of pending connections may grow to.
	      Default: 15

       MaxThreads NUMBER
	      Maximum number of threads running at the same time.
	      Default: 10

       ReadTimeout NUMBER
	      Waiting for data from a client socket will  timeout  after  this
	      time (seconds).
	      Default: 120

       CommandReadTimeout NUMBER
	      This  option  specifies  the time (in seconds) after which clamd
	      should timeout if a client doesn't provide any  initial  command
	      after  connecting.   Note: the timeout for subsequents commands,
	      and/or data chunks is specified by ReadTimeout.
	      Default: 5

       SendBufTimeout NUMBER
	      This option specifies how long to wait (in milliseconds) if  the
	      send buffer is full.  Keep this value low to prevent clamd hang‐
	      ing.
	      Default: 500

       MaxQueue NUMBER
	      Maximum number of queued items (including those being  processed
	      by MaxThreads threads).  It is recommended to have this value at
	      least twice MaxThreads if possible.
	      WARNING: you shouldn't increase this too much to	avoid  running
	      out  of  file  descriptors, the following condition should hold:
	      MaxThreads*MaxRecursion  +  MaxQueue  -	MaxThreads   +	 6   <
	      RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
	      descriptors (usually 1024), set by ulimit -n.
	      Default: 100

       IdleTimeout NUMBER
	      Waiting for a new job will timeout after this time (seconds).
	      Default: 30

       ExcludePath REGEX
	      Don't scan files and directories matching REGEX. This  directive
	      can be used multiple times.
	      Default: scan all

       MaxDirectoryRecursion NUMBER
	      Maximum depth directories are scanned at.
	      Default: 15

       FollowDirectorySymlinks BOOL
	      Follow directory symlinks.
	      Default: no

       CrossFilesystems BOOL
	      Scan files and directories on other filesystems.
	      Default: yes

       FollowFileSymlinks BOOL
	      Follow regular file symlinks.
	      Default: no

       SelfCheck NUMBER
	      Perform a database check.
	      Default: 1800

       VirusEvent COMMAND
	      Execute  COMMAND when a virus is found. In the command string %v
	      will be replaced with the virus name.
	      Default: no

       ExitOnOOM BOOL
	      Stop daemon when libclamav reports out of memory condition.
	      Default: no

       User STRING
	      Run as another user (clamd must be started by root to make  this
	      option working).
	      Default: no

       AllowSupplementaryGroups BOOL
	      Initialize  supplementary group access (clamd must be started by
	      root).
	      Default: no

       Foreground BOOL
	      Don't fork into background.
	      Default: no

       Debug BOOL
	      Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
	      Do not remove temporary files (for debug purpose).
	      Default: no

       StreamMaxLength SIZE
	      Clamd  uses  FTP-like  protocol  to  receive  data  from	remote
	      clients.	If you are using clamav-milter to balance load between
	      remote clamd daemons on firewall servers you may	need  to  tune
	      the Stream* options. This option allows you to specify the upper
	      limit for data size that will be	transfered  to	remote	daemon
	      when  scanning  a	 single file. It should match your MTA's limit
	      for a maximum attachment size.
	      Default: 10M

       StreamMinPort NUMBER
	      Limit data port range.
	      Default: 1024

       StreamMaxPort NUMBER
	      Limit data port range.
	      Default: 2048

       Bytecode BOOL
	      With this option enabled ClamAV  will  load  bytecode  from  the
	      database.	 It  is highly recommended you keep this option turned
	      on, otherwise you may miss detections for many new viruses.
	      Default: yes

       BytecodeSecurity STRING
	      Set bytecode security level. Possible values: None: no  security
	      at  all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYS‐
	      TEMS, TrustSigned: trust bytecode	 loaded	 from  signed  .c[lv]d
	      files  and insert runtime safety checks for bytecode loaded from
	      other sources, Paranoid: don't trust any bytecode,  insert  run‐
	      time  checks  for	 all.  The recommended setting is TrustSigned,
	      because  bytecode	 in  .cvd  files  already  has	safety	checks
	      inserted into it.
	      Default: TrustSigned

       BytecodeTimeout NUMBER
	      Set bytecode timeout in milliseconds.
	      Default: 60000

       DetectPUA BOOL
	      Detect Possibly Unwanted Applications.
	      Default: No

       ExcludePUA CATEGORY
	      Exclude a specific PUA category. This directive can be used mul‐
	      tiple times. See http://www.clamav.net/support/pua for the  com‐
	      plete list of PUA categories.
	      Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
	      Only include a specific PUA category. This directive can be used
	      multiple times. See  http://www.clamav.net/support/pua  for  the
	      complete list of PUA categories.
	      Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
	      In  some	cases (eg. complex malware, exploits in graphic files,
	      and others), ClamAV uses special algorithms to provide  accurate
	      detection. This option controls the algorithmic detection.
	      Default: yes

       ScanPE BOOL
	      PE stands for Portable Executable - it's an executable file for‐
	      mat used in all 32 and 64-bit versions of Windows operating sys‐
	      tems.  This option allows ClamAV to perform a deeper analysis of
	      executable files and it's also  required	for  decompression  of
	      popular executable packers such as UPX.
	      Default: yes

       ScanELF BOOL
	      Executable and Linking Format is a standard format for UN*X exe‐
	      cutables. This option allows you to control the scanning of  ELF
	      files.
	      Default: yes

       DetectBrokenExecutables BOOL
	      With  this  option  clamd	 will try to detect broken executables
	      (both PE and ELF) and mark them as Broken.Executable.
	      Default: no

       ScanOLE2 BOOL
	      This option enables scanning of OLE2 files,  such	 as  Microsoft
	      Office documents and .msi files.
	      Default: yes

       ScanPDF BOOL
	      This option enables scanning within PDF files.
	      Default: yes

       ScanHTML BOOL
	      Enables HTML detection and normalisation.
	      Default: yes

       ScanMail BOOL
	      Enable scanning of mail files.
	      Default: yes

       ScanPartialMessages BOOL
	      Scan  RFC1341  messages split over many emails. You will need to
	      periodically clean up $TemporaryDirectory/clamav-partial	direc‐
	      tory. WARNING: This option may open your system to a DoS attack.
	      Never use it on loaded servers.
	      Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
	      With this option enabled ClamAV  will  try  to  detect  phishing
	      attempts by using signatures.
	      Default: yes

       PhishingScanURLs BOOL
	      Scan URLs found in mails for phishing attempts using heuristics.
	      This will classify "Possibly Unwanted" phishing emails as Phish‐
	      ing.Heuristics.Email.*
	      Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
	      Always  block  SSL  mismatches in URLs, even if the URL isn't in
	      the database. This can lead to false positives.
	      Default: no

       PhishingAlwaysBlockCloak BOOL
	      Always block cloaked URLs, even if URL isn't in  database.  This
	      can lead to false positives.
	      Default: no

       HeuristicScanPrecedence BOOL
	      Allow  heuristic	match  to  take precedence. When enabled, if a
	      heuristic	 scan  (such  as  phishingScan)	 detects  a   possible
	      virus/phishing  it  will stop scanning immediately. Recommended,
	      saves CPU scan-time. When disabled, virus/phishing  detected  by
	      heuristic	 scans	will be reported only at the end of a scan. If
	      an archive contains both a heuristically	detected  virus/phish‐
	      ing, and a real malware, the real malware will be reported. Keep
	      this disabled if you intend to handle  "*.Heuristics.*"  viruses
	      differently from "real" malware. If a non-heuristically-detected
	      virus (signature-based) is found first, the scan is  interrupted
	      immediately, regardless of this config option.
	      Default: no

       StructuredDataDetection BOOL
	      Enable the DLP module.
	      Default: no

       StructuredMinCreditCardCount NUMBER
	      This  option sets the lowest number of Credit Card numbers found
	      in a file to generate a detect.
	      Default: 3

       StructuredMinSSNCount NUMBER
	      This option sets the lowest number of  Social  Security  Numbers
	      found in a file to generate a detect.
	      Default: 3

       StructuredSSNFormatNormal BOOL
	      With  this  option  enabled the DLP module will search for valid
	      SSNs formatted as xxx-yy-zzzz.
	      Default: Yes

       StructuredSSNFormatStripped BOOL
	      With this option enabled the DLP module will  search  for	 valid
	      SSNs formatted as xxxyyzzzz.
	      Default: No

       ScanArchive BOOL
	      Enable archive scanning.
	      Default: yes

       ArchiveMaxFileSize (OBSOLETE)
	      WARNING:	This option is no longer accepted. See MaxFileSize and
	      MaxScanSize.

       ArchiveMaxRecursion (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
	      WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
	      WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage (OBSOLETE)
	      WARNING: This option is no longer accepted.
	      Default: no

       ArchiveBlockEncrypted BOOL
	      Mark   encrypted	  archives    as    viruses    (Encrypted.Zip,
	      Encrypted.RAR).
	      Default: no

       MaxScanSize SIZE
	      Sets  the	 maximum  amount  of data to be scanned for each input
	      file. Archives and other containers  are	recursively  extracted
	      and  scanned  up to this value. Warning: disabling this limit or
	      setting it too high may result in severe damage to the system.
	      Default: 100M

       MaxFileSize SIZE
	      Files larger than this limit won't be scanned. Affects the input
	      file itself as well as files contained inside it (when the input
	      file is an archive, a document or some other kind of container).
	      Warning:	disabling this limit or setting it too high may result
	      in severe damage to the system.
	      Default: 25M

       MaxRecursion NUMBER
	      Nested archives are scanned recursively, e.g. if a  Zip  archive
	      contains	a  RAR file, all files within it will also be scanned.
	      This options specifies how deeply the process should be  contin‐
	      ued.  Warning:  setting this limit too high may result in severe
	      damage to the system.
	      Default: 16

       MaxFiles NUMBER
	      Number of files to be scanned within an archive, a document,  or
	      any  other  kind	of container. Warning: disabling this limit or
	      setting it too high may result in severe damage to the system.
	      Default: 10000

       ClamukoScanOnAccess BOOL
	      Enable Clamuko. Dazuko (/dev/dazuko) must be configured and run‐
	      ning.
	      Default: no

       ClamukoScannerCount NUMBER
	      The  number  of  scanner	threads that will be started (DazukoFS
	      only). Having multiple scanner threads allows Clamuko  to	 serve
	      multiple	processes simultaneously. This is particularly benefi‐
	      cial on SMP machines.
	      Default: 3

       ClamukoScanOnOpen BOOL
	      Scan files on open.
	      Default: no

       ClamukoScanOnClose BOOL
	      Scan files on close.
	      Default: no.

       ClamukoScanOnExec BOOL
	      Scan files on execute.
	      Default: no

       ClamukoIncludePath STRING
	      Set the include paths (all files	and  directories  inside  them
	      will  be	scanned).  You	can  have  multiple ClamukoIncludePath
	      directives but each directory must be added in a separate line).
	      Default: no

       ClamukoExcludePath STRING
	      Set the exclude paths. All subdirectories will also be excluded.
	      Default: no

       ClamukoMaxFileSize SIZE
	      Ignore files larger than SIZE.
	      Default: 5M

NOTES
       All options expressing a size are limited to max 4GB. Values in	excess
       will be resetted to the maximum.

FILES
       /etc/clamd.conf

AUTHOR
       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO
       clamd(8),    clamdscan(1),   clamav-milter(8),	freshclam(1),	fresh‐
       clam.conf(5)

ClamAV 0.96.3		       February 12, 2007		 clamd.conf(5)
[top]

List of man pages available for Mandriva

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net