Man Linux: Main Page and Category List

NAME

       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION

       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT

       The  file  consists  of  comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers  for  megabytes
              and 'K' or 'k' for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES

       When  some  option  is  not  used (commented out or not included in the
       configuration file at all) clamd takes a default action.

       Example
              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: no

       LogFileUnlock BOOL
              Disable a system lock that protects against running  clamd  with
              the same configuration file multiple times.
              Default: no

       LogFileMaxSize SIZE
              Limit the size of the log file. The logger will be automatically
              disabled if the file is greater than SIZE. Value of  0  disables
              the limit.
              Default: 1M

       LogTime BOOL
              Log time for each message.
              Default: no

       LogClean BOOL
              Log clean files.
              Default: no

       LogSyslog BOOL
              Use system logger (can work together with LogFile).
              Default: no

       LogFacility STRING
              Specify  the  type  of  syslog  messages  - please refer to 'man
              syslog' for facility names.
              Default: LOG_LOCAL6

       LogVerbose BOOL
              Enable verbose logging.
              Default: no

       PidFile STRING
              Save the process identifier of a listening daemon (main  thread)
              to a specified file.
              Default: no

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.

       OfficialDatabaseOnly BOOL
              Only  load  the  official  signatures  published  by  the ClamAV
              project.
              Default: no

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: no

       LocalSocketGroup STRING
              Sets the group ownership on the unix socket.
              Default: the primary group of the user running clamd

       LocalSocketMode STRING
              Sets the permissions on the unix socket to the specified mode.
              Default: socket is world readable and writable

       FixStaleSocket BOOL
              Remove stale socket after unclean shutdown.
              Default: yes

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: no

       TCPAddr STRING
              TCP socket address  to  bind  to.  By  default  clamd  binds  to
              INADDR_ANY.
              Default: no

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 15

       MaxThreads NUMBER
              Maximum number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting  for  data  from a client socket will timeout after this
              time (seconds).
              Default: 120

       CommandReadTimeout NUMBER
              This option specifies the time (in seconds)  after  which  clamd
              should  timeout  if a client doesn't provide any initial command
              after connecting.  Note: the timeout for  subsequents  commands,
              and/or data chunks is specified by ReadTimeout.
              Default: 5

       SendBufTimeout NUMBER
              This  option specifies how long to wait (in milliseconds) if the
              send buffer is full.  Keep  this  value  low  to  prevent  clamd
              hanging.
              Default: 500

       MaxQueue NUMBER
              Maximum  number of queued items (including those being processed
              by MaxThreads threads).  It is recommended to have this value at
              least twice MaxThreads if possible.
              WARNING:  you  shouldn't increase this too much to avoid running
              out of file descriptors, the following  condition  should  hold:
              MaxThreads*MaxRecursion   +   MaxQueue   -   MaxThreads  +  6  <
              RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
              descriptors (usually 1024), set by ulimit -n.
              Default: 100

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       ExcludePath REGEX
              Don't  scan files and directories matching REGEX. This directive
              can be used multiple times.
              Default: scan all

       MaxDirectoryRecursion NUMBER
              Maximum depth directories are scanned at.
              Default: 15

       FollowDirectorySymlinks BOOL
              Follow directory symlinks.
              Default: no

       CrossFilesystems BOOL
              Scan files and directories on other filesystems.
              Default: yes

       FollowFileSymlinks BOOL
              Follow regular file symlinks.
              Default: no

       SelfCheck NUMBER
              Perform a database check.
              Default: 1800

       VirusEvent COMMAND
              Execute COMMAND when a virus is found. In the command string  %v
              will be replaced with the virus name.
              Default: no

       ExitOnOOM BOOL
              Stop daemon when libclamav reports out of memory condition.
              Default: no

       User STRING
              Run  as another user (clamd must be started by root to make this
              option working).
              Default: no

       AllowSupplementaryGroups BOOL
              Initialize supplementary group access (clamd must be started  by
              root).
              Default: no

       Foreground BOOL
              Don't fork into background.
              Default: no

       Debug BOOL
              Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
              Do not remove temporary files (for debug purpose).
              Default: no

       StreamMaxLength SIZE
              Clamd  uses  FTP-like  protocol  to  receive  data  from  remote
              clients. If you are using clamav-milter to balance load  between
              remote  clamd  daemons  on firewall servers you may need to tune
              the Stream* options. This option allows you to specify the upper
              limit  for  data  size  that will be transfered to remote daemon
              when scanning a single file. It should match  your  MTA's  limit
              for a maximum attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

       Bytecode BOOL
              With  this  option  enabled  ClamAV  will load bytecode from the
              database. It is highly recommended you keep this  option  turned
              on, otherwise you may miss detections for many new viruses.
              Default: yes

       BytecodeSecurity STRING
              Set  bytecode security level. Possible values: None: no security
              at all, meant for debugging.  DO  NOT  USE  THIS  ON  PRODUCTION
              SYSTEMS,  TrustSigned: trust bytecode loaded from signed .c[lv]d
              files and insert runtime safety checks for bytecode loaded  from
              other  sources,  Paranoid:  don't  trust  any  bytecode,  insert
              runtime checks for all. The recommended setting is  TrustSigned,
              because  bytecode  in  .cvd  files  already  has  safety  checks
              inserted into it.
              Default: TrustSigned

       BytecodeTimeout NUMBER
              Set bytecode timeout in milliseconds.
              Default: 60000

       DetectPUA BOOL
              Detect Possibly Unwanted Applications.
              Default: No

       ExcludePUA CATEGORY
              Exclude a specific PUA category.  This  directive  can  be  used
              multiple  times.  See  http://www.clamav.net/support/pua for the
              complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
              Only include a specific PUA category. This directive can be used
              multiple  times.  See  http://www.clamav.net/support/pua for the
              complete list of PUA categories.
              Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
              In some cases (eg. complex malware, exploits in  graphic  files,
              and  others), ClamAV uses special algorithms to provide accurate
              detection. This option controls the algorithmic detection.
              Default: yes

       ScanPE BOOL
              PE stands for Portable Executable  -  it's  an  executable  file
              format  used  in all 32 and 64-bit versions of Windows operating
              systems. This option allows ClamAV to perform a deeper  analysis
              of  executable files and it's also required for decompression of
              popular executable packers such as UPX.
              Default: yes

       ScanELF BOOL
              Executable and Linking Format is  a  standard  format  for  UN*X
              executables.  This  option allows you to control the scanning of
              ELF files.
              Default: yes

       DetectBrokenExecutables BOOL
              With this option clamd will try  to  detect  broken  executables
              (both PE and ELF) and mark them as Broken.Executable.
              Default: no

       ScanOLE2 BOOL
              This  option  enables  scanning of OLE2 files, such as Microsoft
              Office documents and .msi files.
              Default: yes

       ScanPDF BOOL
              This option enables scanning within PDF files.
              Default: yes

       ScanHTML BOOL
              Enables HTML detection and normalisation.
              Default: yes

       ScanMail BOOL
              Enable scanning of mail files.
              Default: yes

       ScanPartialMessages BOOL
              Scan RFC1341 messages split over many emails. You will  need  to
              periodically    clean    up   $TemporaryDirectory/clamav-partial
              directory. WARNING: This option may open your system  to  a  DoS
              attack. Never use it on loaded servers.
              Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
              With  this  option  enabled  ClamAV  will try to detect phishing
              attempts by using signatures.
              Default: yes

       PhishingScanURLs BOOL
              Scan URLs found in mails for phishing attempts using heuristics.
              This  will  classify  "Possibly  Unwanted"  phishing  emails  as
              Phishing.Heuristics.Email.*
              Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
              Always block SSL mismatches in URLs, even if the  URL  isn't  in
              the database. This can lead to false positives.
              Default: no

       PhishingAlwaysBlockCloak BOOL
              Always  block  cloaked URLs, even if URL isn't in database. This
              can lead to false positives.
              Default: no

       HeuristicScanPrecedence BOOL
              Allow heuristic match to take precedence.  When  enabled,  if  a
              heuristic   scan  (such  as  phishingScan)  detects  a  possible
              virus/phishing it will stop scanning  immediately.  Recommended,
              saves  CPU  scan-time. When disabled, virus/phishing detected by
              heuristic scans will be reported only at the end of a  scan.  If
              an    archive    contains    both   a   heuristically   detected
              virus/phishing, and a real malware, the  real  malware  will  be
              reported.   Keep   this   disabled   if  you  intend  to  handle
              "*.Heuristics.*" viruses  differently from "real" malware. If  a
              non-heuristically-detected   virus  (signature-based)  is  found
              first, the scan is interrupted immediately, regardless  of  this
              config option.
              Default: no

       StructuredDataDetection BOOL
              Enable the DLP module.
              Default: no

       StructuredMinCreditCardCount NUMBER
              This  option sets the lowest number of Credit Card numbers found
              in a file to generate a detect.
              Default: 3

       StructuredMinSSNCount NUMBER
              This option sets the lowest number of  Social  Security  Numbers
              found in a file to generate a detect.
              Default: 3

       StructuredSSNFormatNormal BOOL
              With  this  option  enabled the DLP module will search for valid
              SSNs formatted as xxx-yy-zzzz.
              Default: Yes

       StructuredSSNFormatStripped BOOL
              With this option enabled the DLP module will  search  for  valid
              SSNs formatted as xxxyyzzzz.
              Default: No

       ScanArchive BOOL
              Enable archive scanning.
              Default: yes

       ArchiveMaxFileSize (OBSOLETE)
              WARNING:  This option is no longer accepted. See MaxFileSize and
              MaxScanSize.

       ArchiveMaxRecursion (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
              WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
              WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage (OBSOLETE)
              WARNING: This option is no longer accepted.
              Default: no

       ArchiveBlockEncrypted BOOL
              Mark   encrypted    archives    as    viruses    (Encrypted.Zip,
              Encrypted.RAR).
              Default: no

       MaxScanSize SIZE
              Sets  the  maximum  amount  of data to be scanned for each input
              file. Archives and other containers  are  recursively  extracted
              and  scanned  up to this value. Warning: disabling this limit or
              setting it too high may result in severe damage to the system.
              Default: 100M

       MaxFileSize SIZE
              Files larger than this limit won't be scanned. Affects the input
              file itself as well as files contained inside it (when the input
              file is an archive, a document or some other kind of container).
              Warning:  disabling this limit or setting it too high may result
              in severe damage to the system.
              Default: 25M

       MaxRecursion NUMBER
              Nested archives are scanned recursively, e.g. if a  Zip  archive
              contains  a  RAR file, all files within it will also be scanned.
              This  options  specifies  how  deeply  the  process  should   be
              continued.  Warning:  setting  this limit too high may result in
              severe damage to the system.
              Default: 16

       MaxFiles NUMBER
              Number of files to be scanned within an archive, a document,  or
              any  other  kind  of container. Warning: disabling this limit or
              setting it too high may result in severe damage to the system.
              Default: 10000

       ClamukoScanOnAccess BOOL
              Enable Clamuko. Dazuko  (/dev/dazuko)  must  be  configured  and
              running.
              Default: no

       ClamukoScannerCount NUMBER
              The  number  of  scanner  threads that will be started (DazukoFS
              only). Having multiple scanner threads allows Clamuko  to  serve
              multiple   processes   simultaneously.   This   is  particularly
              beneficial on SMP machines.
              Default: 3

       ClamukoScanOnOpen BOOL
              Scan files on open.
              Default: no

       ClamukoScanOnClose BOOL
              Scan files on close.
              Default: no.

       ClamukoScanOnExec BOOL
              Scan files on execute.
              Default: no

       ClamukoIncludePath STRING
              Set the include paths (all files  and  directories  inside  them
              will  be  scanned).  You  can  have  multiple ClamukoIncludePath
              directives but each directory must be added in a separate line).
              Default: no

       ClamukoExcludePath STRING
              Set the exclude paths. All subdirectories will also be excluded.
              Default: no

       ClamukoMaxFileSize SIZE
              Ignore files larger than SIZE.
              Default: 5M

NOTES

       All options expressing a size are limited to max 4GB. Values in  excess
       will be resetted to the maximum.

FILES

       /etc/clamav/clamd.conf

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamd(8),       clamdscan(1),      clamav-milter(8),      freshclam(1),
       freshclam.conf(5)