Manual Reference Pages  - clamd.conf (5)

NAME

clamd.conf - Configuration file for Clam AntiVirus Daemon

CONTENTS

DESCRIPTION

clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

The file consists of comments and options with arguments. Each line that starts with a hash (#) symbol is a comment. Options and arguments are case sensitive and of the form Option Argument. The (possibly optional) arguments are are of the following types:
STRING String without blank characters.
SIZE Size in bytes. You can use ’M’ or ’m’ modifiers for megabytes and ’K’ or ’k’ for kilobytes.
NUMBER Unsigned integer.

DIRECTIVES

When an option is not used (hashed or doesn’t exist in the configuration file) clamd takes a default action.
Example
  If this option is set clamd will not run.
LogFile STRING
  Enable logging to selected file.
Default: disabled
LogFileUnlock
  Disable a system lock that protects against running clamd with a same configuration file multiple times.
Default: disabled
LogFileMaxSize SIZE
  Limit the size of a log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
Default: 1M
LogTime
  Log time with each message.
Default: disabled
LogClean
  Log clean files.
Default: disabled
LogSyslog
  Use system logger (can work together with LogFile).
Default: disabled
LogFacility
  Specify the type of syslog messages - please refer to ’man syslog’ for facility names.
Default: LOG_LOCAL6
LogVerbose
  Enable verbose logging.
Default: disabled
PidFile STRING
  Save the process identifier of a listening daemon (main thread) to a specified file.
Default: disabled
TemporaryDirectory STRING
  Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp).
DatabaseDirectory STRING
  Path to a directory containing database files.
Default: /usr/local/clamav/share/clamav
LocalSocket STRING
  Path to a local (Unix) socket the daemon will listen on.
Default: disabled
FixStaleSocket
  Remove stale socket after unclean shutdown.
Default: disabled
TCPSocket NUMBER
  TCP port number the daemon will listen on.
Default: disabled
TCPAddr STRING
  TCP socket address to bind to. By default clamd binds to INADDR_ANY.
Default: disabled
MaxConnectionQueueLength NUMBER
  Maximum length the queue of pending connections may grow to.
Default: 15
MaxThreads NUMBER
  Maximal number of threads running at the same time.
Default: 10
ReadTimeout NUMBER
  Waiting for data from a client socket will timeout after this time (seconds).
Default: 120
IdleTimeout NUMBER
  Waiting for a new job will timeout after this time (seconds).
Default: 30
MaxDirectoryRecursion NUMBER
  Maximal depth directories are scanned at.
Default: 15
FollowDirectorySymlinks
  Follow directory symlinks.
Default: disabled
FollowFileSymlinks
  Follow regular file symlinks.
Default: disabled
SelfCheck NUMBER
  Do internal sanity checks every NUMBER seconds.
Default: 1800
VirusEvent COMMAND
  Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.
Default: disabled
ExitOnOOM
  Stop daemon when libclamav reports out of memory condition.
Default: disabled
User STRING
  Run as selected user.
Default: disabled
AllowSupplementaryGroups
  Initialize supplementary group access (clamd must be started by root).
Default: disabled
Foreground
  Don’t fork into background.
Default: disabled
Debug Enable debug messages from libclamav.
LeaveTemporaryFiles
  Do not remove temporary files (for debug purposes).
Default: disabled
StreamMaxLength SIZE
  Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the maximal limit for data transfered to remote daemon when scanning a single file. It should match your MTA’s limit for a maximal attachment size.
Default: 10M
StreamMinPort NUMBER
  Limit data port range.
Default: 1024
StreamMaxPort NUMBER
  Limit data port range.
Default: 2048
DisableDefaultScanOptions
  By default clamd uses scan options recommended by libclamav. This option disables recommended options and allows you to enable selected options. DO NOT ENABLE IT unless you know what you are doing.
Default: disabled
ScanPE PE stands for Portable Executable - it’s an executable file format used in all 32-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it’s also required for decompression of popular executable packers such as UPX.
Default: enabled
DetectBrokenExecutables
  With this option clamd will try to detect broken executables and mark them as Broken.Executable.
Default: disabled
ScanOLE2
  Enables scanning of Microsoft Office document macros.
Default: enabled
ScanHTML
  Enables HTML detection and normalisation.
Default: enabled
ScanMail
  Enable scanning of mail files.
Default: enabled
MailFollowURLs
  If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: disabled
ScanArchive
  Enable archive scanning.
Default: enabled
ScanRAR
  Enable scanning of RAR archives. Due to license issues libclamav does not support RAR 3.0 archives (only the old 2.0 format is supported). Because some users report stability problems with unrarlib it’s disabled by default and must be enabled in the config file.
Default: disabled
ArchiveMaxFileSize SIZE
  Files in archives larger than this limit won’t be scanned. Value of 0 disables the limit.
Default: 10M
ArchiveMaxRecursion NUMBER
  Limit archive recursion level. Value of 0 disables the limit.
Default: 8
ArchiveMaxFiles NUMBER
  Number of files to be scanned within archive. Value of 0 disables the limit.
Default: 1000
ArchiveMaxCompressionRatio NUMBER
  Analyze compression ratio of every file in an archive and mark potential archive bombs as viruses (0 disables the limit).
Default: 250
ArchiveLimitMemoryUsage
  Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
Default: disabled
ArchiveBlockEncrypted
  Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
Default: disabled
ArchiveBlockMax
  Mark archives as viruses (e.g RAR.ExceededFileSize, Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached.
Default: disabled
ClamukoScanOnAccess
  Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
Default: disabled
ClamukoScanOnOpen
  Scan files on open.
Default: disabled
ClamukoScanOnClose
  Scan files on close.
Default: disabled.
ClamukoScanOnExec
  Scan files on execute.
Default: disabled
ClamukoIncludePath STRING
  Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
Default: disabled
ClamukoExcludePath
  Set the exclude paths. All subdirectories will also be excluded.
Default: disabled
ClamukoMaxFileSize SIZE
  Don’t scan files larger than SIZE.
Default: 5M
ClamukoScanArchive
  Enable archive scanning. It uses ArchiveMax* limits.
Default: disabled

FILES

/usr/local/clamav/etc/clamd.conf

AUTHOR

Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

clamd(8), clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamav-milter(8)


Tomasz Kojm clamd.conf (5) February 13, 2005
Generated by manServer 1.07 from e:\usr\local\clamav\share\man\man5\clamd.conf.5 using man macros.