1clamd.conf(5)                   Clam AntiVirus                   clamd.conf(5)
2
3
4

NAME

6       clamd.conf - Configuration file for Clam AntiVirus Daemon
7

DESCRIPTION

9       clamd.conf configures the Clam AntiVirus daemon, clamd(8).
10

FILE FORMAT

12       The  file  consists  of  comments and options with arguments. Each line
13       which starts with a hash (#) symbol is ignored by the  parser.  Options
14       and  arguments  are case sensitive and of the form Option Argument. The
15       arguments are of the following types:
16
17       BOOL   Boolean value (yes/no or true/false or 1/0).
18
19       STRING String without blank characters.
20
21       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers  for  megabytes
22              and  'K' or 'k' for kilobytes. To specify the size in bytes just
23              don't use modifiers.
24
25       NUMBER Unsigned integer.
26

DIRECTIVES

28       When some option is not used (commented out or not included in the con‐
29       figuration file at all) clamd takes a default action.
30
31       Example
32              If this option is set clamd will not run.
33
34       LogFile STRING
35              Save all reports to a log file.
36              Default: disabled
37
38       LogFileUnlock BOOL
39              By  default the log file is locked for writing and only a single
40              daemon process can write to it. This option disables the lock.
41              Default: no
42
43       LogFileMaxSize SIZE
44              Maximum size of the log file.
45              Value of 0 disables the limit.
46              Default: 1048576
47
48       LogTime BOOL
49              Log time for each message.
50              Default: no
51
52       LogClean BOOL
53              Log all clean files.
54              Useful in debugging but drastically increases the log size.
55              Default: no
56
57       LogSyslog BOOL
58              Use the system logger (can work together with LogFile).
59              Default: no
60
61       LogFacility STRING
62              Type of syslog messages
63              Please refer to 'man syslog' for facility names.
64              Default: LOG_LOCAL6
65
66       LogVerbose BOOL
67              Enable verbose logging.
68              Default: no
69
70       LogRotate BOOL
71              Rotate log file. Requires LogFileMaxSize  option  set  prior  to
72              this option.
73              Default: no
74
75       ExtendedDetectionInfo BOOL
76              Log  additional information about the infected file, such as its
77              size and hash, together with the virus name.
78              Default: no
79
80       PidFile STRING
81              Save the process identifier of a listening daemon (main  thread)
82              to a specified file.
83              Default: disabled
84
85       TemporaryDirectory STRING
86              This  option  allows  you to change the default temporary direc‐
87              tory.
88              Default: system specific (usually /tmp or /var/tmp).
89
90       DatabaseDirectory STRING
91              This option allows you to change the default database directory.
92              If  you enable it, please make sure it points to the same direc‐
93              tory in both clamd and freshclam.
94              Default: defined at configuration (/usr/local/share/clamav)
95
96       OfficialDatabaseOnly BOOL
97              Only load  the  official  signatures  published  by  the  ClamAV
98              project.
99              Default: no
100
101       LocalSocket STRING
102              Path to a local (Unix) socket the daemon will listen on.
103              Default: disabled
104
105       LocalSocketGroup STRING
106              Sets the group ownership on the unix socket.
107              Default: the primary group of the user running clamd
108
109       LocalSocketMode STRING
110              Sets the permissions on the unix socket to the specified mode.
111              Default: socket is world readable and writable
112
113       FixStaleSocket BOOL
114              Remove stale socket after unclean shutdown.
115              Default: yes
116
117       TCPSocket NUMBER
118              TCP port number the daemon will listen on.
119              Default: disabled
120
121       TCPAddr STRING
122              By default clamd binds to INADDR_ANY.
123              This  option  allows you to restrict the TCP address and provide
124              some degree of protection from the outside  world.  This  option
125              can  be  specified multiple times in order to listen on multiple
126              IPs. IPv6 is now supported.
127              Default: disabled
128
129       MaxConnectionQueueLength NUMBER
130              Maximum length the queue of pending connections may grow to.
131              Default: 200
132
133       StreamMaxLength SIZE
134              Close the STREAM session when the data size limit is exceeded.
135              The value should match your MTA's limit for the maximum  attach‐
136              ment size.
137              Default: 25M
138
139       StreamMinPort NUMBER
140              The STREAM command uses an FTP-like protocol.
141              This option sets the lower boundary for the port range.
142              Default: 1024
143
144       StreamMaxPort NUMBER
145              This option sets the upper boundary for the port range.
146              Default: 2048
147
148       MaxThreads NUMBER
149              Maximum number of threads running at the same time.
150              Default: 10
151
152       ReadTimeout NUMBER
153              This  option  specifies  the time (in seconds) after which clamd
154              should timeout if a client doesn't provide any data.
155              Default: 120
156
157       CommandReadTimeout NUMBER
158              This option specifies the time (in seconds)  after  which  clamd
159              should  timeout  if a client doesn't provide any initial command
160              after connecting.  The default is set to 30  to  avoid  timeouts
161              with  TCP  sockets  when  processing large messages.  If using a
162              Unix socket, the value can be changed to 5.  Note:  the  timeout
163              for  subsequents  commands,  and/or  data chunks is specified by
164              ReadTimeout.
165              Default: 30
166
167       SendBufTimeout NUMBER
168              This option specifies how long to wait (in milliseconds) if  the
169              send buffer is full.  Keep this value low to prevent clamd hang‐
170              ing.
171              Default: 500
172
173       MaxQueue NUMBER
174              Maximum number of queued items (including those being  processed
175              by MaxThreads threads).  It is recommended to have this value at
176              least twice MaxThreads if possible.
177              WARNING: you shouldn't increase this too much to  avoid  running
178              out  of  file  descriptors, the following condition should hold:
179              MaxThreads*MaxRecursion  +  MaxQueue  -   MaxThreads   +   6   <
180              RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
181              descriptors (usually 1024), set by ulimit -n.
182              Default: 100
183
184       IdleTimeout NUMBER
185              This option specifies how long (in seconds) the  process  should
186              wait for a new job.
187              Default: 30
188
189       ExcludePath REGEX
190              Don't  scan files and directories matching REGEX. This directive
191              can be used multiple times.
192              Default: disabled
193
194       MaxDirectoryRecursion NUMBER
195              Maximum depth directories are scanned at.
196              Default: 15
197
198       FollowDirectorySymlinks BOOL
199              Follow directory symlinks.
200              Default: no
201
202       CrossFilesystems BOOL
203              Scan files and directories on other filesystems.
204              Default: yes
205
206       FollowFileSymlinks BOOL
207              Follow regular file symlinks.
208              Default: no
209
210       SelfCheck NUMBER
211              This option specifies the time intervals (in seconds)  in  which
212              clamd should perform a database check.
213              Default: 600
214
215       ConcurrentDatabaseReload BOOL
216              Enable    non-blocking    (multi-threaded/concurrent)   database
217              reloads. This feature will temporarily load  a  second  scanning
218              engine  while  scanning  continues  using the first engine. Once
219              loaded, the new engine takes over. The old engine is removed  as
220              soon as all scans using the old engine have completed. This fea‐
221              ture requires more RAM, so this option is provided in case users
222              are  willing  to block scans during reload in exchange for lower
223              RAM requirements.
224              Default: yes
225
226       VirusEvent COMMAND
227              Execute a command when a virus is found. In the  command  string
228              %v will be replaced with the virus name. Additionally, two envi‐
229              ronment variables will be defined: $CLAM_VIRUSEVENT_FILENAME and
230              $CLAM_VIRUSEVENT_VIRUSNAME.
231              Default: disabled
232
233       ExitOnOOM BOOL
234              Stop daemon when libclamav reports out of memory condition.
235              Default: no
236
237       AllowAllMatchScan BOOL
238              Permit use of the ALLMATCHSCAN command.
239              Default: yes
240
241       Foreground BOOL
242              Don't fork into background.
243              Default: no
244
245       Debug BOOL
246              Enable debug messages from libclamav.
247              Default: no
248
249       LeaveTemporaryFiles BOOL
250              Do not remove temporary files (for debugging purpose).
251              Default: no
252
253       User STRING
254              Run  the daemon as a specified user (the process must be started
255              by root).
256              Default: disabled
257
258       Bytecode BOOL
259              With this option enabled ClamAV  will  load  bytecode  from  the
260              database.  It  is highly recommended you keep this option turned
261              on, otherwise you may miss detections for many new viruses.
262              Default: yes
263
264       BytecodeSecurity STRING
265              Set bytecode security level.
266              Possible values:
267                  TrustSigned - trust  bytecode  loaded  from  signed  .c[lv]d
268                  files  and  insert runtime safety checks for bytecode loaded
269                  from other sources,
270                  Paranoid - don't trust any bytecode, insert  runtime  checks
271                  for all.
272              Recommended: TrustSigned, because bytecode in .cvd files already
273              has these checks.
274              Default: TrustSigned
275
276       BytecodeTimeout NUMBER
277              Set bytecode timeout in milliseconds.
278              Default: 5000
279
280       BytecodeUnsigned BOOL
281              Allow loading bytecode from  outside  digitally  signed  .c[lv]d
282              files.   **Caution**:  You  should NEVER run bytecode signatures
283              from untrusted sources.  Doing so may result in  arbitrary  code
284              execution.
285              Default: no
286
287       BytecodeMode STRING
288              Set bytecode execution mode.
289              Possible values:
290                  Auto  -  automatically  choose  JIT if possible, fallback to
291                  interpreter
292                  ForceJIT - always choose JIT, fail if not possible
293                  ForceInterpreter - always choose interpreter
294                  Test -  run  with  both  JIT  and  interpreter  and  compare
295                  results. Make all failures fatal.
296              Default: Auto
297
298       DetectPUA BOOL
299              Detect Possibly Unwanted Applications.
300              Default: No
301
302       ExcludePUA CATEGORY
303              Exclude a specific PUA category. This directive can be used mul‐
304              tiple times.  See  https://www.clamav.net/documents/potentially-
305              unwanted-applications-pua  for  the  complete  list of PUA cate‐
306              gories.
307              Default: disabled
308
309       IncludePUA CATEGORY
310              Only include a specific PUA category. This directive can be used
311              multiple   times.   See  https://www.clamav.net/documents/poten
312              tially-unwanted-applications-pua for the complete  list  of  PUA
313              categories.
314              Default: disabled
315
316       HeuristicAlerts BOOL
317              In  some  cases (eg. complex malware, exploits in graphic files,
318              and others), ClamAV uses special algorithms to provide  accurate
319              detection. This option controls the algorithmic detection.
320              Default: yes
321
322       HeuristicScanPrecedence BOOL
323              Allow  heuristic  match  to  take precedence. When enabled, if a
324              heuristic  scan  (such  as  phishingScan)  detects  a   possible
325              virus/phishing  it  will stop scanning immediately. Recommended,
326              saves CPU scan-time. When disabled, virus/phishing  detected  by
327              heuristic  scans  will be reported only at the end of a scan. If
328              an archive contains both a heuristically  detected  virus/phish‐
329              ing, and a real malware, the real malware will be reported. Keep
330              this disabled if you intend to handle  "*.Heuristics.*"  viruses
331              differently from "real" malware. If a non-heuristically-detected
332              virus (signature-based) is found first, the scan is  interrupted
333              immediately, regardless of this config option.
334              Default: no
335
336       ScanPE BOOL
337              PE stands for Portable Executable - it's an executable file for‐
338              mat used in all 32 and 64-bit versions of Windows operating sys‐
339              tems.  This option allows ClamAV to perform a deeper analysis of
340              executable files and it's also  required  for  decompression  of
341              popular executable packers such as UPX.
342              If  you  turn  off this option, the original files will still be
343              scanned, but without additional processing.
344              Default: yes
345
346       ScanELF BOOL
347              Executable and Linking Format is a standard format for UN*X exe‐
348              cutables.  This option allows you to control the scanning of ELF
349              files.
350              If you turn off this option, the original files  will  still  be
351              scanned, but without additional processing.
352              Default: yes
353
354       ScanMail BOOL
355              Enable scanning of mail files.
356              If  you  turn  off this option, the original files will still be
357              scanned, but without parsing individual messages/attachments.
358              Default: yes
359
360       ScanPartialMessages BOOL
361              Scan RFC1341 messages split over many emails. You will  need  to
362              periodically  clean up $TemporaryDirectory/clamav-partial direc‐
363              tory. WARNING: This option may open your system to a DoS attack.
364              Never use it on loaded servers.
365              Default: no
366
367       PhishingSignatures BOOL
368              Enable email signature-based phishing detection.
369              Default: yes
370
371       PhishingScanURLs BOOL
372              Enable  URL signature-based phishing detection (Phishing.Heuris‐
373              tics.Email.*)
374              Default: yes
375
376       StructuredDataDetection BOOL
377              Enable the DLP module.
378              Default: no
379
380       StructuredMinCreditCardCount NUMBER
381              This option sets the lowest number of Credit Card numbers  found
382              in a file to generate a detect.
383              Default: 3
384
385       StructuredCCOnly BOOL
386              With  this  option  enabled the DLP module will search for valid
387              Credit Card0umbers only. Debit and Private Label cards will  not
388              be searched.
389              Default: No
390
391       StructuredMinSSNCount NUMBER
392              This  option  sets  the lowest number of Social Security Numbers
393              found in a file to generate a detect.
394              Default: 3
395
396       StructuredSSNFormatNormal BOOL
397              With this option enabled the DLP module will  search  for  valid
398              SSNs formatted as xxx-yy-zzzz.
399              Default: Yes
400
401       StructuredSSNFormatStripped BOOL
402              With  this  option  enabled the DLP module will search for valid
403              SSNs formatted as xxxyyzzzz.
404              Default: No
405
406       ScanHTML BOOL
407              Perform HTML/JavaScript/ScriptEncoder normalisation and  decryp‐
408              tion.
409              If  you  turn  off this option, the original files will still be
410              scanned, but without additional processing.
411              Default: yes
412
413       ScanOLE2 BOOL
414              This option enables scanning of OLE2 files,  such  as  Microsoft
415              Office documents and .msi files.
416              If  you  turn  off this option, the original files will still be
417              scanned, but without additional processing.
418              Default: yes
419
420       ScanPDF BOOL
421              This option enables scanning within PDF files.
422              If you turn off this option, the original files  will  still  be
423              scanned, but without additional processing.
424              Default: yes
425
426       ScanSWF BOOL
427              This option enables scanning within SWF files.
428              If  you  turn  off this option, the original files will still be
429              scanned, but without decoding and additional processing.
430              Default: yes
431
432       ScanXMLDOCS BOOL
433              This option enables scanning xml-based document files  supported
434              by libclamav.
435              If  you  turn  off this option, the original files will still be
436              scanned, but without additional processing.
437              Default: yes
438
439       ScanHWP3 BOOL
440              This option enables scanning HWP3 files.
441              If you turn off this option, the original files  will  still  be
442              scanned, but without additional processing.
443              Default: yes
444
445       ScanArchive BOOL
446              Scan within archives and compressed files.
447              If  you  turn  off this option, the original files will still be
448              scanned, but without unpacking and additional processing.
449              Default: yes
450
451       AlertBrokenExecutables BOOL
452              Alert on broken executable files (PE & ELF).
453              Default: no
454
455       AlertBrokenMedia BOOL
456              Alert on broken graphics files (JPEG, TIFF, PNG, GIF).
457              Default: no
458
459       AlertEncrypted BOOL
460              Alert on  encrypted  archives  and  documents  (encrypted  .zip,
461              .7zip, .rar, .pdf).
462              Default: no
463
464       AlertEncryptedArchive BOOL
465              Alert on encrypted archives (encrypted .zip, .7zip, .rar).
466              Default: no
467
468       AlertEncryptedDoc BOOL
469              Alert on encrypted documents (encrypted .pdf).
470              Default: no
471
472       AlertOLE2Macros BOOL
473              Alert  on OLE2 files containing VBA macros (Heuristics.OLE2.Con‐
474              tainsMacros).
475              Default: no
476
477       AlertExceedsMax BOOL
478              Alert on files that exceed max file size, max scan size, or  max
479              recursion limit (Heuristics.Limits.Exceeded).
480              Default: no
481
482       AlertPhishingSSLMismatch BOOL
483              Alert on emails containing SSL mismatches in URLs (might lead to
484              false positives!).
485              Default: no
486
487       AlertPhishingCloak BOOL
488              Alert on emails containing cloaked  URLs  (might  lead  to  some
489              false positives).
490              Default: no
491
492       AlertPartitionIntersection BOOL
493              Alert on raw DMG image files containing partition intersections.
494              Default: no
495
496       ForceToDisk
497              This  option  causes memory or nested map scans to dump the con‐
498              tent to disk.
499              If you turn on this option, more data is written to disk and  is
500              available  when the leave-temps option is enabled at the cost of
501              more disk writes.
502              Default: no
503
504       MaxScanTime SIZE
505              This option sets the maximum amount of time a scan may  take  to
506              complete.  The value is in milliseconds. The value of 0 disables
507              the limit. WARNING: disabling this limit or setting it too  high
508              may  result allow scanning of certain files to lock up the scan‐
509              ning process/threads resulting in a Denial of Service.
510              Default: 12000
511
512       MaxScanSize SIZE
513              Sets the maximum amount of data to be  scanned  for  each  input
514              file.  Archives  and  other containers are recursively extracted
515              and scanned up to this value. The size of an  archive  plus  the
516              sum  of  the  sizes of all files within archive count toward the
517              scan size. For example, a 1M uncompressed archive  containing  a
518              single  1M  inner  file  counts  as 2M toward the max scan size.
519              Warning: disabling this limit or setting it too high may  result
520              in severe damage to the system.
521              Default: 100M
522
523       MaxFileSize SIZE
524              Files larger than this limit won't be scanned. Affects the input
525              file itself as well as files contained inside it (when the input
526              file is an archive, a document or some other kind of container).
527              Warning: disabling this limit or setting it too high may  result
528              in  severe  damage  to  the system. Technical design limitations
529              prevent ClamAV from scanning files greater than  2  GB  at  this
530              time.
531              Default: 25M
532
533       MaxRecursion NUMBER
534              Nested  archives  are scanned recursively, e.g. if a Zip archive
535              contains a RAR file, all files within it will also  be  scanned.
536              This  options specifies how deeply the process should be contin‐
537              ued. Warning: setting this limit too high may result  in  severe
538              damage to the system.
539              Default: 16
540
541       MaxFiles NUMBER
542              Number  of files to be scanned within an archive, a document, or
543              any other kind of container. Warning: disabling  this  limit  or
544              setting it too high may result in severe damage to the system.
545              Default: 10000
546
547       MaxEmbeddedPE SIZE
548              This  option sets the maximum size of a file to check for embed‐
549              ded PE.
550              Files larger than this value will skip the  additional  analysis
551              step.
552              Negative values are not allowed.
553              Default: 10M
554
555       MaxHTMLNormalize SIZE
556              This option sets the maximum size of a HTML file to normalize.
557              HTML  files  larger  than  this  value will not be normalized or
558              scanned.
559              Negative values are not allowed.
560              Default: 10M
561
562       MaxHTMLNoTags SIZE
563              This option sets the maximum size of a normalized HTML  file  to
564              scan.
565              HTML  files  larger than this value after normalization will not
566              be scanned.
567              Negative values are not allowed.
568              Default: 2M
569
570       MaxScriptNormalize SIZE
571              This option sets the maximum size of a script file to normalize.
572              Script content larger than this value will not be normalized  or
573              scanned.
574              Negative values are not allowed.
575              Default: 5M
576
577       MaxZipTypeRcg SIZE
578              This  option  sets  the  maximum size of a ZIP file to reanalyze
579              type recognition.
580              ZIP files larger than this value will skip the  step  to  poten‐
581              tially reanalyze as PE.
582              Negative values are not allowed.
583              WARNING: setting this limit too high may result in severe damage
584              or impact performance.
585              Default: 1M
586
587       MaxPartitions SIZE
588              This option sets the maximum number of partitions of a raw  disk
589              image to be scanned.
590              Raw  disk  images with more partitions than this value will have
591              up to the value partitions scanned.
592              Negative values are not allowed.
593              WARNING: setting this limit too high may result in severe damage
594              or impact performance.
595              Default: 50
596
597       MaxIconsPE SIZE
598              This  option  sets the maximum number of icons within a PE to be
599              scanned.
600              PE files with more icons than this value will  have  up  to  the
601              value number icons scanned.
602              Negative values are not allowed.
603              WARNING: setting this limit too high may result in severe damage
604              or impact performance.
605              Default: 100
606
607       MaxRecHWP3 NUMBER
608              This option sets the maximum recursive  calls  to  HWP3  parsing
609              function.
610              HWP3  files  using  more  than this limit will be terminated and
611              alert the user.
612              Scans will be unable to scan any HWP3 attachments if the  recur‐
613              sive limit is reached.
614              Negative values are not allowed.
615              WARNING: setting this limit too high may result in severe damage
616              or impact performance.
617              Default: 16
618
619       PCREMatchLimit NUMBER
620              This option sets the maximum calls to the  PCRE  match  function
621              during an instance of regex matching.
622              Instances  using  more  than  this  limit will be terminated and
623              alert the user but the scan will continue.
624              For more information on match_limit, see the PCRE documentation.
625              Negative values are not allowed.
626              WARNING: setting this limit too high may severely impact perfor‐
627              mance.
628              Default: 10000
629
630       PCRERecMatchLimit NUMBER
631              This  option  sets the maximum recursive calls to the PCRE match
632              function during an instance of regex matching.
633              Instances using more than this  limit  will  be  terminated  and
634              alert the user but the scan will continue.
635              For more information on match_limit_recursion, see the PCRE doc‐
636              umentation.
637              Negative values are not allowed and values > PCREMatchLimit  are
638              superfluous.
639              WARNING: setting this limit too high may severely impact perfor‐
640              mance.
641              Default: 2000
642
643       PCREMaxFileSize SIZE
644              This option sets the maximum filesize  for  which  PCRE  subsigs
645              will be executed.
646              Files  exceeding  this limit will not have PCRE subsigs executed
647              unless a subsig is encompassed to a smaller buffer.
648              Negative values are not allowed.
649              Setting this value to zero disables the limit.
650              WARNING: setting this limit too high or disabling it may severe‐
651              ly impact performance.
652              Default: 25M
653
654       OnAccessIncludePath STRING
655              This  option  specifies  a  directory  (including  all files and
656              directories inside it), which should be scanned on access.  This
657              option can be used multiple times.
658              Default: disabled
659
660       OnAccessExcludePath STRING
661              This  option  allows  excluding directories from on-access scan‐
662              ning. It can be used multiple times.
663              Default: disabled
664
665       OnAccessExcludeRootUID BOOL
666              With this option you can whitelist the root UID  (0).  Processes
667              run under root will be able to access all files without trigger‐
668              ing scans or permission denied events.
669              Note that if clamd cannot check the uid of the process that gen‐
670              erated an on-access scan event (e.g., because OnAccessPrevention
671              was not enabled, and the process  already  exited),  clamd  will
672              perform  a  scan.   Thus,  setting OnAccessExcludeRootUID is not
673              guaranteed to prevent every access by the root user  from  trig‐
674              gering a scan (unless OnAccessPrevention is enabled).
675              Default: no
676
677       OnAccessExcludeUID NUMBER
678              With this option you can whitelist specific UIDs. Processes with
679              these UIDs will be able to access all files  without  triggering
680              scans or permission denied events.
681              This option can be used multiple times (one per line).
682              Note:  using  a  value of 0 on any line will disable this option
683              entirely. To whitelist the root UID (0) please enable the  OnAc‐
684              cessExcludeRootUID option.
685              Also note that if clamd cannot check the uid of the process that
686              generated an on-access scan event (e.g., because OnAccessPreven‐
687              tion  was  not  enabled,  and the process already exited), clamd
688              will perform a scan.  Thus, setting  OnAccessExcludeUID  is  not
689              guaranteed  to  prevent  every  access by the specified uid from
690              triggering a scan (unless OnAccessPrevention is enabled).
691              Default: disabled
692
693       OnAccessExcludeUname STRING
694              This option allows exclusions via user names when using the  on-
695              access  scanning  client. It can be used multiple times, and has
696              the same potential race condition limitations of the OnAccessEx‐
697              cludeUID option.
698              Default: disabled
699
700       OnAccessMaxFileSize SIZE
701              Files larger than this value will not be scanned in on access.
702              Default: 5M
703
704       OnAccessMaxThreads NUMBER
705              Max  number  of  scanning  threads  to  allocate to the OnAccess
706              thread pool at startup. These threads are the  ones  responsible
707              for  creating a connection with the daemon and kicking off scan‐
708              ning after an event has been  processed.  To  prevent  clamonacc
709              from  consuming  all  clamd's  resources  keep  this  lower than
710              clamd's max threads.
711              Default: 5
712
713       OnAccessCurlTimeout NUMBER
714              Max amount of time (in milliseconds) that  the  OnAccess  client
715              should  spend  for every connect, send, and recieve attempt when
716              communicating with clamd via curl.
717              Default: 5000 (5 seconds)
718
719       OnAccessMountPath STRING
720              Specifies a mount point (including  all  files  and  directories
721              under it), which should be scanned on access. This option can be
722              used multiple times.
723              Default: disabled
724
725       OnAccessDisableDDD BOOL
726              Disables the dynamic directory determination system which allows
727              for recursively watching include paths.
728              Default: no
729
730       OnAccessPrevention BOOL
731              Enables fanotify blocking when malicious files are found.
732              Default: disabled
733
734       OnAccessRetryAttempts NUMBER
735              Number of times the OnAccess client will retry a failed scan due
736              to connection problems (or other issues).
737              Default: 0
738
739       OnAccessDenyOnError BOOL
740              When using prevention, if this option is turned on,  any  errors
741              that  occur  during   scanning  will result in the event attempt
742              being denied. This could potentially lead to unwanted system be‐
743              haviour with certain configurations, so the client defaults this
744              to off and prefers allowing access events in  case  of  scan  or
745              connection error.
746              Default: no
747
748       OnAccessExtraScanning BOOL
749              Toggles  extra  scanning and notifications when a file or direc‐
750              tory is created or moved.
751              Requires the  DDD system to kick-off extra scans.
752              Default: no
753
754       DisableCertCheck BOOL
755              Disable authenticode certificate chain verification in PE files.
756              Default: no
757

NOTES

759       All options expressing a size are limited to max 4GB. Values in  excess
760       will be reset to the maximum.
761

FILES

763       /etc/clamd.d/scan.conf
764

AUTHORS

766       Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
767

SEE ALSO

769       clamd(8),    clamdscan(1),   clamav-milter(8),   freshclam(1),   fresh‐
770       clam.conf(5)
771
772
773
774ClamAV 0.103.2                 December 4, 2013                  clamd.conf(5)
Impressum