clamd.conf - Configuration file for Clam AntiVirus Daemon
clamd.conf configures the Clam AntiVirus daemon, clamd(8).
The file consists of comments and options with arguments. Each line that starts with a hash (#) symbol is a comment. Options and arguments are case sensitive and of the form Option Argument. The (possibly optional) arguments are are of the following types:
STRING String without blank characters. SIZE Size in bytes. You can use M or m modifiers for megabytes and K or k for kilobytes. NUMBER Unsigned integer.
When an option is not used (hashed or doesnt exist in the configuration file) clamd takes a default action.
Example If this option is set clamd will not run. LogFile STRING Enable logging to selected file.
Default: disabledLogFileUnlock Disable a system lock that protects against running clamd with a same configuration file multiple times.
Default: disabledLogFileMaxSize SIZE Limit the size of a log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
Default: 1MLogTime Log time with each message.
Default: disabledLogClean Log clean files.
Default: disabledLogSyslog Use system logger (can work together with LogFile).
Default: disabledLogFacility Specify the type of syslog messages - please refer to man syslog for facility names.
Default: LOG_LOCAL6LogVerbose Enable verbose logging.
Default: disabledPidFile STRING Save the process identifier of a listening daemon (main thread) to a specified file.
Default: disabledTemporaryDirectory STRING Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp).DatabaseDirectory STRING Path to a directory containing database files.
Default: /usr/local/clamav/share/clamavLocalSocket STRING Path to a local (Unix) socket the daemon will listen on.
Default: disabledFixStaleSocket Remove stale socket after unclean shutdown.
Default: disabledTCPSocket NUMBER TCP port number the daemon will listen on.
Default: disabledTCPAddr STRING TCP socket address to bind to. By default clamd binds to INADDR_ANY.
Default: disabledMaxConnectionQueueLength NUMBER Maximum length the queue of pending connections may grow to.
Default: 15MaxThreads NUMBER Maximal number of threads running at the same time.
Default: 10ReadTimeout NUMBER Waiting for data from a client socket will timeout after this time (seconds).
Default: 120IdleTimeout NUMBER Waiting for a new job will timeout after this time (seconds).
Default: 30MaxDirectoryRecursion NUMBER Maximal depth directories are scanned at.
Default: 15FollowDirectorySymlinks Follow directory symlinks.
Default: disabledFollowFileSymlinks Follow regular file symlinks.
Default: disabledSelfCheck NUMBER Do internal sanity checks every NUMBER seconds.
Default: 1800VirusEvent COMMAND Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.
Default: disabledExitOnOOM Stop daemon when libclamav reports out of memory condition.
Default: disabledUser STRING Run as selected user.
Default: disabledAllowSupplementaryGroups Initialize supplementary group access (clamd must be started by root).
Default: disabledForeground Dont fork into background.
Default: disabledDebug Enable debug messages from libclamav. LeaveTemporaryFiles Do not remove temporary files (for debug purposes).
Default: disabledStreamMaxLength SIZE Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the maximal limit for data transfered to remote daemon when scanning a single file. It should match your MTAs limit for a maximal attachment size.
Default: 10MStreamMinPort NUMBER Limit data port range.
Default: 1024StreamMaxPort NUMBER Limit data port range.
Default: 2048DisableDefaultScanOptions By default clamd uses scan options recommended by libclamav. This option disables recommended options and allows you to enable selected options. DO NOT ENABLE IT unless you know what you are doing.
Default: disabledScanPE PE stands for Portable Executable - its an executable file format used in all 32-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and its also required for decompression of popular executable packers such as UPX.
Default: enabledDetectBrokenExecutables With this option clamd will try to detect broken executables and mark them as Broken.Executable.
Default: disabledScanOLE2 Enables scanning of Microsoft Office document macros.
Default: enabledScanHTML Enables HTML detection and normalisation.
Default: enabledScanMail Enable scanning of mail files.
Default: enabledMailFollowURLs If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: disabledScanArchive Enable archive scanning.
Default: enabledScanRAR Enable scanning of RAR archives. Due to license issues libclamav does not support RAR 3.0 archives (only the old 2.0 format is supported). Because some users report stability problems with unrarlib its disabled by default and must be enabled in the config file.
Default: disabledArchiveMaxFileSize SIZE Files in archives larger than this limit wont be scanned. Value of 0 disables the limit.
Default: 10MArchiveMaxRecursion NUMBER Limit archive recursion level. Value of 0 disables the limit.
Default: 8ArchiveMaxFiles NUMBER Number of files to be scanned within archive. Value of 0 disables the limit.
Default: 1000ArchiveMaxCompressionRatio NUMBER Analyze compression ratio of every file in an archive and mark potential archive bombs as viruses (0 disables the limit).
Default: 250ArchiveLimitMemoryUsage Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
Default: disabledArchiveBlockEncrypted Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
Default: disabledArchiveBlockMax Mark archives as viruses (e.g RAR.ExceededFileSize, Zip.ExceededFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached.
Default: disabledClamukoScanOnAccess Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
Default: disabledClamukoScanOnOpen Scan files on open.
Default: disabledClamukoScanOnClose Scan files on close.
Default: disabled.ClamukoScanOnExec Scan files on execute.
Default: disabledClamukoIncludePath STRING Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
Default: disabledClamukoExcludePath Set the exclude paths. All subdirectories will also be excluded.
Default: disabledClamukoMaxFileSize SIZE Dont scan files larger than SIZE.
Default: 5MClamukoScanArchive Enable archive scanning. It uses ArchiveMax* limits.
Default: disabled
/usr/local/clamav/etc/clamd.conf
Tomasz Kojm <tkojm@clamav.net>
clamd(8), clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamav-milter(8)
Tomasz Kojm | clamd.conf (5) | February 13, 2005 |