2 ## Example config file for the Clam AV daemon
3 ## Please read the clamd.conf(5) manual before editing this file.
7 # Comment or remove the line below.
10 # Uncomment this option to enable logging.
11 # LogFile must be writable for the user running daemon.
12 # A full path is required.
14 #LogFile /tmp/clamd.log
16 # By default the log file is locked for writing - the lock protects against
17 # running clamd multiple times (if want to run another clamd, please
18 # copy the configuration file, change the LogFile variable, and run
19 # the daemon with --config-file option).
20 # This option disables log file locking.
24 # Maximum size of the log file.
25 # Value of 0 disables the limit.
26 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
27 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
28 # in bytes just don't use modifiers.
32 # Log time with each message.
36 # Also log clean files. Useful in debugging but drastically increases the
41 # Use system logger (can work together with LogFile).
45 # Specify the type of syslog messages - please refer to 'man syslog'
50 # Enable verbose logging.
54 # This option allows you to save a process identifier of the listening
55 # daemon (main thread).
57 PidFile /var/run/clamd.pid
59 # Optional path to the global temporary directory.
60 # Default: system specific (usually /tmp or /var/tmp).
61 TemporaryDirectory /tmp
63 # Path to the database directory.
64 # Default: hardcoded (depends on installation options)
65 DatabaseDirectory /var/lib/clamav
67 # The daemon works in a local OR a network mode. Due to security reasons we
68 # recommend the local mode.
70 # Path to a local socket file the daemon will listen on.
71 # Default: disabled (must be specified by a user)
72 #LocalSocket /var/run/clamd.socket
74 # Remove stale socket after unclean shutdown.
83 # By default we bind to INADDR_ANY, probably not wise.
84 # Enable the following to provide some degree of protection
85 # from the outside world.
89 # Maximum length the queue of pending connections may grow to.
91 MaxConnectionQueueLength 15
93 # Clamd uses FTP-like protocol to receive data from remote clients.
94 # If you are using clamav-milter to balance load between remote clamd daemons
95 # on firewall servers you may need to tune the options below.
97 # Close the connection when the data size limit is exceeded.
98 # The value should match your MTA's limit for a maximum attachment size.
108 # Maximum number of threads running at the same time.
112 # Waiting for data from a client socket will timeout after this time (seconds).
113 # Value of 0 disables the timeout.
117 # Waiting for a new job will timeout after this time (seconds).
121 # Maximum depth directories are scanned at.
123 #MaxDirectoryRecursion 20
125 # Follow directory symlinks.
127 #FollowDirectorySymlinks yes
129 # Follow regular file symlinks.
131 #FollowFileSymlinks yes
133 # Perform a database check.
134 # Default: 1800 (30 min)
137 # Execute a command when virus is found. In the command string %v will
138 # be replaced with the virus name.
140 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
142 # Run as another user (clamd must be started by root for this option to work)
143 # Default: don't drop privileges
146 # Initialize supplementary group access (clamd must be started by root).
148 AllowSupplementaryGroups yes
150 # Stop daemon when libclamav reports out of memory condition.
153 # Don't fork into background.
157 # Enable debug messages in libclamav.
161 # Do not remove temporary files (for debug purposes).
163 #LeaveTemporaryFiles yes
165 # Detect Possibly Unwanted Applications.
169 # In some cases (eg. complex malware, exploits in graphic files, and others),
170 # ClamAV uses special algorithms to provide accurate detection. This option
171 # controls the algorithmic detection.
173 AlgorithmicDetection yes
180 # PE stands for Portable Executable - it's an executable file format used
181 # in all 32 and 64-bit versions of Windows operating systems. This option allows
182 # ClamAV to perform a deeper analysis of executable files and it's also
183 # required for decompression of popular executable packers such as UPX, FSG,
188 # Executable and Linking Format is a standard format for UN*X executables.
189 # This option allows you to control the scanning of ELF files.
193 # With this option clamav will try to detect broken executables (both PE and
194 # ELF) and mark them as Broken.Executable.
196 DetectBrokenExecutables yes
203 # This option enables scanning of OLE2 files, such as Microsoft Office
204 # documents and .msi files.
208 # This option enables scanning within PDF files.
217 # Enable internal e-mail scanner.
221 # If an email contains URLs ClamAV can download and scan them.
222 # WARNING: This option may open your system to a DoS attack.
223 # Never use it on loaded servers.
227 # Recursion level limit for the mail scanner.
229 #MailMaxRecursion 128
231 # With this option enabled ClamAV will try to detect phishing attempts by using
234 PhishingSignatures yes
236 # Scan URLs found in mails for phishing attempts using heuristics.
240 # Use phishing detection only for domains listed in the .pdb database. It is
241 # not recommended to have this option turned off, because scanning of all
242 # domains may lead to many false positives!
244 PhishingRestrictedScan yes
246 # Always block SSL mismatches in URLs, even if the URL isn't in the database.
247 # This can lead to false positives.
250 #PhishingAlwaysBlockSSLMismatch no
252 # Always block cloaked URLs, even if URL isn't in database.
253 # This can lead to false positives.
256 #PhishingAlwaysBlockCloak no
263 # Perform HTML normalisation and decryption of MS Script Encoder code.
272 # ClamAV can scan within archives and compressed files.
276 # The options below protect your system against Denial of Service attacks
277 # using archive bombs.
279 # Files in archives larger than this limit won't be scanned.
280 # Value of 0 disables the limit.
282 ArchiveMaxFileSize 15M
284 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
285 # file, all files within it will also be scanned. This options specifies how
286 # deeply the process should be continued.
287 # Value of 0 disables the limit.
289 ArchiveMaxRecursion 10
291 # Number of files to be scanned within an archive.
292 # Value of 0 disables the limit.
294 #ArchiveMaxFiles 1500
296 # If a file in an archive is compressed more than ArchiveMaxCompressionRatio
297 # times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
298 # Value of 0 disables the limit.
300 #ArchiveMaxCompressionRatio 300
302 # Use slower but memory efficient decompression algorithm.
303 # only affects the bzip2 decompressor.
305 ArchiveLimitMemoryUsage yes
307 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
309 ArchiveBlockEncrypted Yes
311 # Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
312 # if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
317 # Enable support for Sensory Networks' NodalCore hardware accelerator.
319 #NodalCoreAcceleration yes
324 ## WARNING: This is experimental software. It is very likely it will hang
328 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
330 #ClamukoScanOnAccess yes
332 # Set access mask for Clamuko.
334 #ClamukoScanOnOpen yes
335 #ClamukoScanOnClose yes
336 #ClamukoScanOnExec yes
338 # Set the include paths (all files inside them will be scanned). You can have
339 # multiple ClamukoIncludePath directives but each directory must be added
340 # in a seperate line.
342 #ClamukoIncludePath /home
343 #ClamukoIncludePath /students
345 # Set the exclude paths. All subdirectories are also excluded.
347 #ClamukoExcludePath /home/bofh
349 # Don't scan files larger than ClamukoMaxFileSize
350 # Value of 0 disables the limit.
352 #ClamukoMaxFileSize 10M