Content-type: text/html
Man page of clamd.conf
clamd.conf
Section: Clam AntiVirus (5)
Updated: February 12, 2007
Index
Return to Main Contents
NAME
clamd.conf - Configuration file for Clam AntiVirus Daemon
DESCRIPTION
clamd.conf configures the Clam AntiVirus daemon, clamd(8).
FILE FORMAT
The file consists of comments and options with arguments. Each line which starts with a hash (#) symbol is ignored by the parser. Options and arguments are case sensitive and of the form Option Argument. The arguments are of the following types:
- BOOL
-
Boolean value (yes/no or true/false or 1/0).
- STRING
-
String without blank characters.
- SIZE
-
Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.
- NUMBER
-
Unsigned integer.
DIRECTIVES
When some option is not used (commented out or not included in the configuration file at all) clamd takes a default action.
- Example
-
If this option is set clamd will not run.
- LogFile STRING
-
Enable logging to selected file.
Default: no
- LogFileUnlock BOOL
-
Disable a system lock that protects against running clamd with the same configuration file multiple times.
Default: no
- LogFileMaxSize SIZE
-
Limit the size of the log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
Default: 1M
- LogTime BOOL
-
Log time for each message.
Default: no
- LogClean BOOL
-
Log clean files.
Default: no
- LogSyslog BOOL
-
Use system logger (can work together with LogFile).
Default: no
- LogFacility STRING
-
Specify the type of syslog messages - please refer to 'man syslog' for facility names.
Default: LOG_LOCAL6
- LogVerbose BOOL
-
Enable verbose logging.
Default: no
- PidFile STRING
-
Save the process identifier of a listening daemon (main thread) to a specified file.
Default: no
- TemporaryDirectory STRING
-
Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp).
- DatabaseDirectory STRING
-
Path to a directory containing database files.
Default: /var/lib/clamav/
- LocalSocket STRING
-
Path to a local (Unix) socket the daemon will listen on.
Default: no
- FixStaleSocket BOOL
-
Remove stale socket after unclean shutdown.
Default: yes
- TCPSocket NUMBER
-
TCP port number the daemon will listen on.
Default: no
- TCPAddr STRING
-
TCP socket address to bind to. By default clamd binds to INADDR_ANY.
Default: no
- MaxConnectionQueueLength NUMBER
-
Maximum length the queue of pending connections may grow to.
Default: 15
- MaxThreads NUMBER
-
Maximum number of threads running at the same time.
Default: 10
- ReadTimeout NUMBER
-
Waiting for data from a client socket will timeout after this time (seconds).
Default: 120
- CommandReadTimeout NUMBER
-
This option specifies the time (in seconds) after which clamd should
timeout if a client doesn't provide any initial command after connecting.
Note: the timeout for subsequents commands, and/or data chunks is specified by
ReadTimeout.
Default: 5
- SendBufTimeout NUMBER
-
This option specifies how long to wait (in miliseconds) if the send buffer is full.
Keep this value low to prevent clamd hanging.
Default: 500
- MaxQueue NUMBER
-
Maximum number of queued items (including those being processed by MaxThreads threads).
It is recommended to have this value at least twice MaxThreads if possible.
WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
the following condition should hold:
MaxThreads*MaxRecursion + MaxQueue - MaxThreads + 6 < RLIMIT_NOFILE.
RLIMIT_NOFILE is the maximum number of open file descriptors (usually 1024), set
by ulimit -n.
Default: 100
- IdleTimeout NUMBER
-
Waiting for a new job will timeout after this time (seconds).
Default: 30
- ExcludePath REGEX
-
Don't scan files and directories matching REGEX. This directive can be used multiple times.
Default: scan all
- MaxDirectoryRecursion NUMBER
-
Maximum depth directories are scanned at.
Default: 15
- FollowDirectorySymlinks BOOL
-
Follow directory symlinks.
Default: no
- FollowFileSymlinks BOOL
-
Follow regular file symlinks.
Default: no
- SelfCheck NUMBER
-
Perform a database check.
Default: 1800
- VirusEvent COMMAND
-
Execute COMMAND when a virus is found. In the command string %v will be replaced with the virus name.
Default: no
- ExitOnOOM BOOL
-
Stop daemon when libclamav reports out of memory condition.
Default: no
- User STRING
-
Run as another user (clamd must be started by root to make this option working).
Default: no
- AllowSupplementaryGroups BOOL
-
Initialize supplementary group access (clamd must be started by root).
Default: no
- Foreground BOOL
-
Don't fork into background.
Default: no
- Debug BOOL
-
Enable debug messages from libclamav.
- LeaveTemporaryFiles BOOL
-
Do not remove temporary files (for debug purpose).
Default: no
- StreamMaxLength SIZE
-
Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximum attachment size.
Default: 10M
- StreamMinPort NUMBER
-
Limit data port range.
Default: 1024
- StreamMaxPort NUMBER
-
Limit data port range.
Default: 2048
- DetectPUA
-
Detect Possibly Unwanted Applications.
Default: No
- ExcludePUA CATEGORY
-
Exclude a specific PUA category. This directive can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA categories.
Default: Load all categories (if DetectPUA is activated)
- IncludePUA CATEGORY
-
Only include a specific PUA category. This directive can be used multiple times. See http://www.clamav.net/support/pua for the complete list of PUA categories.
Default: Load all categories (if DetectPUA is activated)
- AlgorithmicDetection BOOL
-
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option controls the algorithmic detection.
Default: yes
- ScanPE BOOL
-
PE stands for Portable Executable - it's an executable file format used in all 32 and 64-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
Default: yes
- ScanELF BOOL
-
Executable and Linking Format is a standard format for UN*X executables. This option allows you to control the scanning of ELF files.
Default: yes
- DetectBrokenExecutables BOOL
-
With this option clamd will try to detect broken executables (both PE and ELF) and mark them as Broken.Executable.
Default: no
- ScanOLE2 BOOL
-
This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.
Default: yes
- ScanPDF BOOL
-
This option enables scanning within PDF files.
Default: yes
- ScanHTML BOOL
-
Enables HTML detection and normalisation.
Default: yes
- ScanMail BOOL
-
Enable scanning of mail files.
Default: yes
- MailFollowURLs BOOL
-
If an email contains URLs ClamAV can download and scan them. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: no
- ScanPartialMessages BOOL
-
Scan RFC1341 messages split over many emails. You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. WARNING: This option may open your system to a DoS attack. Never use it on loaded servers.
Default: no
- MailMaxRecursion NUMBER (OBSOLETE)
-
WARNING: This option is no longer accepted. See MaxRecursion.
- PhishingSignatures BOOL
-
With this option enabled ClamAV will try to detect phishing attempts by using signatures.
Default: yes
- PhishingScanURLs BOOL
-
Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
Default: yes
- PhishingAlwaysBlockSSLMismatch BOOL
-
Always block SSL mismatches in URLs, even if the URL isn't in the database. This can lead to false positives.
Default: no
- PhishingAlwaysBlockCloak BOOL
-
Always block cloaked URLs, even if URL isn't in database. This can lead to false positives.
Default: no
- HeuristicScanPrecedence BOOL
-
Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phishing it will stop scanning immediately. Recommended, saves CPU scan-time. When disabled, virus/phishing detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phishing, and a real malware, the real malware will be reported. Keep this disabled if you intend to handle "*.Heuristics.*" viruses differently from "real" malware. If a non-heuristically-detected virus (signature-based) is found first, the scan is interrupted immediately, regardless of this config option.
Default: no
- StructuredDataDetection BOOL
-
Enable the DLP module.
Default: no
- StructuredMinCreditCardCount NUMBER
-
This option sets the lowest number of Credit Card numbers found in a file to generate a detect.
Default: 3
- StructuredMinSSNCount NUMBER
-
This option sets the lowest number of Social Security Numbers found in a file to generate a detect.
Default: 3
- StructuredSSNFormatNormal BOOL
-
With this option enabled the DLP module will search for valid SSNs formatted as xxx-yy-zzzz.
Default: Yes
- StructuredSSNFormatStripped BOOL
-
With this option enabled the DLP module will search for valid SSNs formatted as xxxyyzzzz.
Default: No
- ScanArchive BOOL
-
Enable archive scanning.
Default: yes
- ArchiveMaxFileSize (OBSOLETE)
-
WARNING: This option is no longer accepted. See MaxFileSize and MaxScanSize.
- ArchiveMaxRecursion (OBSOLETE)
-
WARNING: This option is no longer accepted. See MaxRecursion.
- ArchiveMaxFiles (OBSOLETE)
-
WARNING: This option is no longer accepted. See MaxFiles.
- ArchiveMaxCompressionRatio (OBSOLETE)
-
WARNING: This option is no longer accepted.
- ArchiveBlockMax (OBSOLETE)
-
WARNING: This option is no longer accepted.
- ArchiveLimitMemoryUsage BOOL
-
Use slower decompression algorithm which uses less memory. This option only affects the bzip2 decompressor.
Default: no
- ArchiveBlockEncrypted BOOL
-
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
Default: no
- MaxScanSize SIZE
-
Sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 100M
- MaxFileSize SIZE
-
Files larger than this limit won't be scanned. Affects the input file itself as well as files contained inside it (when the input file is an archive, a document or some other kind of container). Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 25M
- MaxRecursion NUMBER
-
Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 16
- MaxFiles NUMBER
-
Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.
Default: 10000
- ClamukoScanOnAccess BOOL
-
Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
Default: no
- ClamukoScanOnOpen BOOL
-
Scan files on open.
Default: no
- ClamukoScanOnClose BOOL
-
Scan files on close.
Default: no.
- ClamukoScanOnExec BOOL
-
Scan files on execute.
Default: no
- ClamukoIncludePath STRING
-
Set the include paths (all files and directories inside them will be scanned). You can have multiple ClamukoIncludePath directives but each directory must be added in a separate line).
Default: no
- ClamukoExcludePath STRING
-
Set the exclude paths. All subdirectories will also be excluded.
Default: no
- ClamukoMaxFileSize SIZE
-
Ignore files larger than SIZE.
Default: 5M
NOTES
All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum.
FILES
/etc/clamav/clamd.conf
AUTHOR
Tomasz Kojm <tkojm@clamav.net>
SEE ALSO
clamd(8), clamdscan(1), clamav-milter(8), clamscan(1), freshclam(1), sigtool(1)
Index
- NAME
-
- DESCRIPTION
-
- FILE FORMAT
-
- DIRECTIVES
-
- NOTES
-
- FILES
-
- AUTHOR
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 04:16:04 GMT, September 24, 2010