www.LinuxHowtos.org howtos, tips&tricks and tutorials for linux

from small one page howto to huge articles all in one place

Other .linuxhowtos.org sites: toolsntoys.linuxhowtos.org
gentoo.linuxhowtos.org
forums.linuxhowtos.org

poll results

Last additions:

Disable Anti-Aliasing fonts

words:

186

views:

7664

userrating:

no votes yet

May 25th. 2007:

Words

491

Views

8878

why adblockers are bad

handy one-liners for sed (Unix stream editor)

Tutorial:

handy one-liners for sed (Unix stream editor)

words:

4078

views:

23806

userrating:

no votes yet

rotating apache logfiles with cronolog

words:

294

views:

9112

userrating:

no votes yet

You are here: manpages

clamd.conf

Section: Clam AntiVirus (5)
Updated: February 12, 2007
Index Return to Main Contents

NAME

clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION

clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

The file consists of comments and options with arguments. Each line which starts with a hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of the form Option Argument. The arguments are of the following types:

BOOL: Boolean value (yes/no or true/false or 1/0).
STRING: String without blank characters.
SIZE: Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.
NUMBER: Unsigned integer.

DIRECTIVES

When some option is not used (commented out or not included in the configuration file at all) clamd takes a default action.

Example: If this option is set clamd will not run.
LogFile STRING: Enable logging to selected file.
Default: no
LogFileUnlock BOOL: Disable a system lock that protects against running clamd with the same configuration file multiple times.
Default: no
LogFileMaxSize SIZE: Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
Default: 1M
LogTime BOOL: Log time for each message.
Default: no
LogClean BOOL: Log clean files.
Default: no
LogSyslog BOOL: Use system logger (can work together with LogFile).
Default: no
LogFacility STRING: Specify the type of syslog messages - please refer to 'man syslog' for facility names.
Default: LOG_LOCAL6
LogVerbose BOOL: Enable verbose logging.
Default: no
PidFile STRING: Save the process identifier of a listening daemon (main thread) to a specified file.
Default: no
TemporaryDirectory STRING: Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp).
DatabaseDirectory STRING: Path to a directory containing database files.
Default: /var/lib/clamav
LocalSocket STRING: Path to a local (Unix) socket the daemon will listen on.
Default: no
FixStaleSocket BOOL: Remove stale socket after unclean shutdown.
Default: yes
TCPSocket NUMBER: TCP port number the daemon will listen on.
Default: no
TCPAddr STRING: TCP socket address to bind to. By default clamd binds to INADDR_ANY.
Default: no
MaxConnectionQueueLength NUMBER: Maximum length the queue of pending connections may grow to.
Default: 15
MaxThreads NUMBER: Maximum number of threads running at the same time.
Default: 10
ReadTimeout NUMBER: Waiting for data from a client socket will timeout after this time (seconds).
Default: 120
IdleTimeout NUMBER: Waiting for a new job will timeout after this time (seconds).
Default: 30
MaxDirectoryRecursion NUMBER: Maximum depth directories are scanned at.
Default: 15
FollowDirectorySymlinks BOOL: Follow directory symlinks.
Default: no
FollowFileSymlinks BOOL: Follow regular file symlinks.
Default: no
SelfCheck NUMBER: Perform a database check.
Default: 1800
VirusEvent COMMAND: Execute COMMAND when a virus is found. In the command string %v will be replaced with the virus name.
Default: no
ExitOnOOM BOOL: Stop daemon when libclamav reports out of memory condition.
Default: no
User STRING: Run as another user (clamd must be started by root to make this option working).
Default: no
AllowSupplementaryGroups BOOL: Initialize supplementary group access (clamd must be started by root).
Default: no
Foreground BOOL: Don't fork into background.
Default: no
Debug BOOL: Enable debug messages from libclamav.
LeaveTemporaryFiles BOOL: Do not remove temporary files (for debug purpose).
Default: no
StreamMaxLength SIZE: Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximum attachment size.
Default: 10M
StreamMinPort NUMBER: Limit data port range.
Default: 1024
StreamMaxPort NUMBER: Limit data port range.
Default: 2048
DetectPUA: Detect Possibly Unwanted Applications.
Default: No
AlgorithmicDetection BOOL: In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option controls the algorithmic detection.
Default: yes
ScanPE BOOL: PE stands for Portable Executable - it's an executable file format used in all 32 and 64-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
Default: yes
ScanELF BOOL: Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning of ELF files.
Default: yes
DetectBrokenExecutables BOOL: With this option clamd will try to detect broken executables (both PE and ELF) and mark them as Broken.Executable.
Default: no
ScanOLE2 BOOL: This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.
Default: yes
ScanPDF BOOL: This option enables scanning within PDF files.
Default: no
ScanHTML BOOL: Enables HTML detection and normalisation.
Default: yes
ScanMail BOOL: Enable scanning of mail files.
Default: yes
MailFollowURLs BOOL: If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: no
MailMaxRecursion NUMBER (OBSOLETE): WARNING: This option is no longer accepted. See MaxRecursion.
PhishingSignatures BOOL: With this option enabled ClamAV will try to detect phishing attempts by using signatures.
Default: yes
PhishingScanURLs BOOL: Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
Default: yes
PhishingAlwaysBlockSSLMismatch BOOL: Always block SSL mismatches in URLs, even if the URL isn't in the database. This can lead to false positives.
Default: no
PhishingAlwaysBlockCloak BOOL: Always block cloaked URLs, even if URL isn't in database. This can lead to false positives.
Default: no
ScanArchive BOOL: Enable archive scanning.
Default: yes
ArchiveMaxFileSize (OBSOLETE): WARNING: This option is no longer accepted. See MaxFileSize and MaxScanSize.
ArchiveMaxRecursion (OBSOLETE): WARNING: This option is no longer accepted. See MaxRecursion.
ArchiveMaxFiles (OBSOLETE): WARNING: This option is no longer accepted. See MaxFiles.
ArchiveMaxCompressionRatio (OBSOLETE): WARNING: This option is no longer accepted.
ArchiveBlockMax (OBSOLETE): WARNING: This option is no longer accepted.
ArchiveLimitMemoryUsage BOOL: Use slower decompression algorithm which uses less memory. This option only affects the bzip2 decompressor.
Default: no
ArchiveBlockEncrypted BOOL: Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
Default: no
MaxScanSize SIZE: Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 100M
MaxFileSize SIZE: Files larger than this limit won't be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container). Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 25M
MaxRecursion NUMBER: Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 16
MaxFiles NUMBER: Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 10000
ClamukoScanOnAccess BOOL: Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
Default: no
ClamukoScanOnOpen BOOL: Scan files on open.
Default: no
ClamukoScanOnClose BOOL: Scan files on close.
Default: no.
ClamukoScanOnExec BOOL: Scan files on execute.
Default: no
ClamukoIncludePath STRING: Set the include paths (all files and directories inside them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
Default: no
ClamukoExcludePath STRING: Set the exclude paths. All subdirectories will also be excluded.
Default: no
ClamukoMaxFileSize SIZE: Ignore files larger than SIZE.
Default: 5M