1clamd.conf(5)                   Clam AntiVirus                   clamd.conf(5)
2
3
4

NAME

6       clamd.conf - Configuration file for Clam AntiVirus Daemon
7

DESCRIPTION

9       clamd.conf configures the Clam AntiVirus daemon, clamd(8).
10

FILE FORMAT

12       The  file  consists  of  comments and options with arguments. Each line
13       which starts with a hash (#) symbol is ignored by the  parser.  Options
14       and  arguments  are case sensitive and of the form Option Argument. The
15       arguments are of the following types:
16
17       BOOL   Boolean value (yes/no or true/false or 1/0).
18
19       STRING String without blank characters.
20
21       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers  for  megabytes
22              and  'K' or 'k' for kilobytes. To specify the size in bytes just
23              don't use modifiers.
24
25       NUMBER Unsigned integer.
26

DIRECTIVES

28       When some option is not used (commented out or not included in the con‐
29       figuration file at all) clamd takes a default action.
30
31       Example
32              If this option is set clamd will not run.
33
34       LogFile STRING
35              Save all reports to a log file.
36              Default: disabled
37
38       LogFileUnlock BOOL
39              By  default the log file is locked for writing and only a single
40              daemon process can write to it. This option disables the lock.
41              Default: no
42
43       LogFileMaxSize SIZE
44              Maximum size of the log file.
45              Value of 0 disables the limit.
46              Default: 1048576
47
48       LogTime BOOL
49              Log time for each message.
50              Default: no
51
52       LogClean BOOL
53              Log all clean files.
54              Useful in debugging but drastically increases the log size.
55              Default: no
56
57       LogSyslog BOOL
58              Use the system logger (can work together with LogFile).
59              Default: no
60
61       LogFacility STRING
62              Type of syslog messages
63              Please refer to 'man syslog' for facility names.
64              Default: LOG_LOCAL6
65
66       LogVerbose BOOL
67              Enable verbose logging.
68              Default: no
69
70       LogRotate BOOL
71              Rotate log file. Requires LogFileMaxSize  option  set  prior  to
72              this option.
73              Default: no
74
75       ExtendedDetectionInfo BOOL
76              Log  additional information about the infected file, such as its
77              size and hash, together with the virus name.
78              Default: no
79
80       PidFile STRING
81              Save the process identifier of a listening daemon (main  thread)
82              to a specified file.
83              Default: disabled
84
85       TemporaryDirectory STRING
86              This  option  allows  you to change the default temporary direc‐
87              tory.
88              Default: system specific (usually /tmp or /var/tmp).
89
90       DatabaseDirectory STRING
91              This option allows you to change the default database directory.
92              If  you enable it, please make sure it points to the same direc‐
93              tory in both clamd and freshclam.
94              Default: defined at configuration (/usr/local/share/clamav)
95
96       OfficialDatabaseOnly BOOL
97              Only load  the  official  signatures  published  by  the  ClamAV
98              project.
99              Default: no
100
101       LocalSocket STRING
102              Path to a local (Unix) socket the daemon will listen on.
103              Default: disabled
104
105       LocalSocketGroup STRING
106              Sets the group ownership on the unix socket.
107              Default: the primary group of the user running clamd
108
109       LocalSocketMode STRING
110              Sets the permissions on the unix socket to the specified mode.
111              Default: socket is world readable and writable
112
113       FixStaleSocket BOOL
114              Remove stale socket after unclean shutdown.
115              Default: yes
116
117       TCPSocket NUMBER
118              TCP port number the daemon will listen on.
119              Default: disabled
120
121       TCPAddr STRING
122              By default clamd binds to INADDR_ANY.
123              This  option  allows you to restrict the TCP address and provide
124              some degree of protection from the outside  world.  This  option
125              can  be  specified multiple times in order to listen on multiple
126              IPs. IPv6 is now supported.
127              Default: disabled
128
129       MaxConnectionQueueLength NUMBER
130              Maximum length the queue of pending connections may grow to.
131              Default: 200
132
133       StreamMaxLength SIZE
134              Close the STREAM session when the data size limit is exceeded.
135              The value should match your MTA's limit for the maximum  attach‐
136              ment size.
137              Default: 25M
138
139       StreamMinPort NUMBER
140              The STREAM command uses an FTP-like protocol.
141              This option sets the lower boundary for the port range.
142              Default: 1024
143
144       StreamMaxPort NUMBER
145              This option sets the upper boundary for the port range.
146              Default: 2048
147
148       MaxThreads NUMBER
149              Maximum number of threads running at the same time.
150              Default: 10
151
152       ReadTimeout NUMBER
153              This  option  specifies  the time (in seconds) after which clamd
154              should timeout if a client doesn't provide any data.
155              Default: 120
156
157       CommandReadTimeout NUMBER
158              This option specifies the time (in seconds)  after  which  clamd
159              should  timeout  if a client doesn't provide any initial command
160              after connecting.  The default is set to 30  to  avoid  timeouts
161              with  TCP  sockets  when  processing large messages.  If using a
162              Unix socket, the value can be changed to 5.  Note:  the  timeout
163              for  subsequents  commands,  and/or  data chunks is specified by
164              ReadTimeout.
165              Default: 30
166
167       SendBufTimeout NUMBER
168              This option specifies how long to wait (in milliseconds) if  the
169              send buffer is full.  Keep this value low to prevent clamd hang‐
170              ing.
171              Default: 500
172
173       MaxQueue NUMBER
174              Maximum number of queued items (including those being  processed
175              by MaxThreads threads).  It is recommended to have this value at
176              least twice MaxThreads if possible.
177              WARNING: you shouldn't increase this too much to  avoid  running
178              out  of  file  descriptors, the following condition should hold:
179              MaxThreads*MaxRecursion  +  MaxQueue  -   MaxThreads   +   6   <
180              RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
181              descriptors (usually 1024), set by ulimit -n.
182              Default: 100
183
184       IdleTimeout NUMBER
185              This option specifies how long (in seconds) the  process  should
186              wait for a new job.
187              Default: 30
188
189       ExcludePath REGEX
190              Don't  scan files and directories matching REGEX. This directive
191              can be used multiple times.
192              Default: disabled
193
194       MaxDirectoryRecursion NUMBER
195              Maximum depth directories are scanned at.
196              Default: 15
197
198       FollowDirectorySymlinks BOOL
199              Follow directory symlinks.
200              Default: no
201
202       CrossFilesystems BOOL
203              Scan files and directories on other filesystems.
204              Default: yes
205
206       FollowFileSymlinks BOOL
207              Follow regular file symlinks.
208              Default: no
209
210       SelfCheck NUMBER
211              This option specifies the time intervals (in seconds)  in  which
212              clamd should perform a database check.
213              Default: 600
214
215       ConcurrentDatabaseReload BOOL
216              Enable    non-blocking    (multi-threaded/concurrent)   database
217              reloads. This feature will temporarily load  a  second  scanning
218              engine  while  scanning  continues  using the first engine. Once
219              loaded, the new engine takes over. The old engine is removed  as
220              soon as all scans using the old engine have completed. This fea‐
221              ture requires more RAM, so this option is provided in case users
222              are  willing  to block scans during reload in exchange for lower
223              RAM requirements.
224              Default: yes
225
226       VirusEvent COMMAND
227              Execute a command when a virus is found. In the  command  string
228              %v will be replaced with the virus name. Additionally, two envi‐
229              ronment variables will be defined: $CLAM_VIRUSEVENT_FILENAME and
230              $CLAM_VIRUSEVENT_VIRUSNAME.
231              Default: disabled
232
233       ExitOnOOM BOOL
234              Stop daemon when libclamav reports out of memory condition.
235              Default: no
236
237       AllowAllMatchScan BOOL
238              Permit use of the ALLMATCHSCAN command.
239              Default: yes
240
241       Foreground BOOL
242              Don't fork into background.
243              Default: no
244
245       Debug BOOL
246              Enable debug messages from libclamav.
247              Default: no
248
249       LeaveTemporaryFiles BOOL
250              Do not remove temporary files (for debugging purpose).
251              Default: no
252
253       User STRING
254              Run  the daemon as a specified user (the process must be started
255              by root).
256              Default: disabled
257
258       Bytecode BOOL
259              With this option enabled ClamAV  will  load  bytecode  from  the
260              database.  It  is highly recommended you keep this option turned
261              on, otherwise you may miss detections for many new viruses.
262              Default: yes
263
264       BytecodeSecurity STRING
265              Set bytecode security level.
266              Possible values:
267                  TrustSigned - trust  bytecode  loaded  from  signed  .c[lv]d
268                  files  and  insert runtime safety checks for bytecode loaded
269                  from other sources,
270                  Paranoid - don't trust any bytecode, insert  runtime  checks
271                  for all.
272              Recommended: TrustSigned, because bytecode in .cvd files already
273              has these checks.
274              Default: TrustSigned
275
276       BytecodeTimeout NUMBER
277              Set bytecode timeout in milliseconds.
278              Default: 5000
279
280       BytecodeUnsigned BOOL
281              Allow loading bytecode from  outside  digitally  signed  .c[lv]d
282              files.   **Caution**:  You  should NEVER run bytecode signatures
283              from untrusted sources.  Doing so may result in  arbitrary  code
284              execution.
285              Default: no
286
287       BytecodeMode STRING
288              Set bytecode execution mode.
289              Possible values:
290                  Auto - automatically choose JIT if possible, fallback to in‐
291                  terpreter
292                  ForceJIT - always choose JIT, fail if not possible
293                  ForceInterpreter - always choose interpreter
294                  Test - run with both JIT and  interpreter  and  compare  re‐
295                  sults. Make all failures fatal.
296              Default: Auto
297
298       DetectPUA BOOL
299              Detect Possibly Unwanted Applications.
300              Default: No
301
302       ExcludePUA CATEGORY
303              Exclude a specific PUA category. This directive can be used mul‐
304              tiple times.  See  https://docs.clamav.net/faq/faq-pua.html  for
305              the complete list of PUA categories.
306              Default: disabled
307
308       IncludePUA CATEGORY
309              Only include a specific PUA category. This directive can be used
310              multiple times. See https://docs.clamav.net/faq/faq-pua.html for
311              the complete list of PUA categories.
312              Default: disabled
313
314       HeuristicAlerts BOOL
315              In  some  cases (eg. complex malware, exploits in graphic files,
316              and others), ClamAV uses special algorithms to provide  accurate
317              detection. This option controls the algorithmic detection.
318              Default: yes
319
320       HeuristicScanPrecedence BOOL
321              Allow  heuristic  match  to  take precedence. When enabled, if a
322              heuristic  scan  (such  as  phishingScan)  detects  a   possible
323              virus/phishing  it  will stop scanning immediately. Recommended,
324              saves CPU scan-time. When disabled, virus/phishing  detected  by
325              heuristic  scans  will be reported only at the end of a scan. If
326              an archive contains both a heuristically  detected  virus/phish‐
327              ing, and a real malware, the real malware will be reported. Keep
328              this disabled if you intend to handle  "*.Heuristics.*"  viruses
329              differently from "real" malware. If a non-heuristically-detected
330              virus (signature-based) is found first, the scan is  interrupted
331              immediately, regardless of this config option.
332              Default: no
333
334       ScanPE BOOL
335              PE stands for Portable Executable - it's an executable file for‐
336              mat used in all 32 and 64-bit versions of Windows operating sys‐
337              tems.  This option allows ClamAV to perform a deeper analysis of
338              executable files and it's also  required  for  decompression  of
339              popular executable packers such as UPX.
340              If  you  turn  off this option, the original files will still be
341              scanned, but without additional processing.
342              Default: yes
343
344       ScanELF BOOL
345              Executable and Linking Format is a standard format for UN*X exe‐
346              cutables.  This option allows you to control the scanning of ELF
347              files.
348              If you turn off this option, the original files  will  still  be
349              scanned, but without additional processing.
350              Default: yes
351
352       ScanMail BOOL
353              Enable scanning of mail files.
354              If  you  turn  off this option, the original files will still be
355              scanned, but without parsing individual messages/attachments.
356              Default: yes
357
358       ScanPartialMessages BOOL
359              Scan RFC1341 messages split over many emails. You will  need  to
360              periodically  clean up $TemporaryDirectory/clamav-partial direc‐
361              tory. WARNING: This option may open your system to a DoS attack.
362              Never use it on loaded servers.
363              Default: no
364
365       PhishingSignatures BOOL
366              Enable email signature-based phishing detection.
367              Default: yes
368
369       PhishingScanURLs BOOL
370              Enable URL signature-based phishing detection (Heuristics.Phish‐
371              ing.Email.*)
372              Default: yes
373
374       StructuredDataDetection BOOL
375              Enable the DLP module.
376              Default: no
377
378       StructuredMinCreditCardCount NUMBER
379              This option sets the lowest number of Credit Card numbers  found
380              in a file to generate a detect.
381              Default: 3
382
383       StructuredCCOnly BOOL
384              With  this  option  enabled the DLP module will search for valid
385              Credit Card0umbers only. Debit and Private Label cards will  not
386              be searched.
387              Default: No
388
389       StructuredMinSSNCount NUMBER
390              This  option  sets  the lowest number of Social Security Numbers
391              found in a file to generate a detect.
392              Default: 3
393
394       StructuredSSNFormatNormal BOOL
395              With this option enabled the DLP module will  search  for  valid
396              SSNs formatted as xxx-yy-zzzz.
397              Default: Yes
398
399       StructuredSSNFormatStripped BOOL
400              With  this  option  enabled the DLP module will search for valid
401              SSNs formatted as xxxyyzzzz.
402              Default: No
403
404       ScanHTML BOOL
405              Perform HTML/JavaScript/ScriptEncoder normalisation and  decryp‐
406              tion.
407              If  you  turn  off this option, the original files will still be
408              scanned, but without additional processing.
409              Default: yes
410
411       ScanOLE2 BOOL
412              This option enables scanning of OLE2 files,  such  as  Microsoft
413              Office documents and .msi files.
414              If  you  turn  off this option, the original files will still be
415              scanned, but without additional processing.
416              Default: yes
417
418       ScanPDF BOOL
419              This option enables scanning within PDF files.
420              If you turn off this option, the original files  will  still  be
421              scanned, but without additional processing.
422              Default: yes
423
424       ScanSWF BOOL
425              This option enables scanning within SWF files.
426              If  you  turn  off this option, the original files will still be
427              scanned, but without decoding and additional processing.
428              Default: yes
429
430       ScanXMLDOCS BOOL
431              This option enables scanning xml-based document files  supported
432              by libclamav.
433              If  you  turn  off this option, the original files will still be
434              scanned, but without additional processing.
435              Default: yes
436
437       ScanHWP3 BOOL
438              This option enables scanning HWP3 files.
439              If you turn off this option, the original files  will  still  be
440              scanned, but without additional processing.
441              Default: yes
442
443       ScanArchive BOOL
444              Scan within archives and compressed files.
445              If  you  turn  off this option, the original files will still be
446              scanned, but without unpacking and additional processing.
447              Default: yes
448
449       AlertBrokenExecutables BOOL
450              Alert on broken executable files (PE & ELF).
451              Default: no
452
453       AlertBrokenMedia BOOL
454              Alert on broken graphics files (JPEG, TIFF, PNG, GIF).
455              Default: no
456
457       AlertEncrypted BOOL
458              Alert on  encrypted  archives  and  documents  (encrypted  .zip,
459              .7zip, .rar, .pdf).
460              Default: no
461
462       AlertEncryptedArchive BOOL
463              Alert on encrypted archives (encrypted .zip, .7zip, .rar).
464              Default: no
465
466       AlertEncryptedDoc BOOL
467              Alert on encrypted documents (encrypted .pdf).
468              Default: no
469
470       AlertOLE2Macros BOOL
471              Alert  on OLE2 files containing VBA macros (Heuristics.OLE2.Con‐
472              tainsMacros).
473              Default: no
474
475       AlertExceedsMax BOOL
476              When AlertExceedsMax is set, files  exceeding  the  MaxFileSize,
477              MaxScanSize,  or  MaxRecursion  limit  will  be flagged with the
478              virus name starting with "Heuristics.Limits.Exceeded".
479              Default: no
480
481       AlertPhishingSSLMismatch BOOL
482              Alert on emails containing SSL mismatches in URLs (might lead to
483              false positives!).
484              Default: no
485
486       AlertPhishingCloak BOOL
487              Alert  on  emails  containing  cloaked  URLs (might lead to some
488              false positives).
489              Default: no
490
491       AlertPartitionIntersection BOOL
492              Alert on raw DMG image files containing partition intersections.
493              Default: no
494
495       ForceToDisk
496              This option causes memory or nested map scans to dump  the  con‐
497              tent to disk.
498              If  you turn on this option, more data is written to disk and is
499              available when the leave-temps option is enabled at the cost  of
500              more disk writes.
501              Default: no
502
503       MaxScanTime SIZE
504              This  option  sets the maximum amount of time a scan may take to
505              complete. The value is in milliseconds. The value of 0  disables
506              the  limit. WARNING: disabling this limit or setting it too high
507              may result allow scanning of certain files to lock up the  scan‐
508              ning process/threads resulting in a Denial of Service.
509              Default: 12000
510
511       MaxScanSize SIZE
512              Sets  the  maximum  amount  of data to be scanned for each input
513              file. Archives and other containers  are  recursively  extracted
514              and  scanned  up  to this value. The size of an archive plus the
515              sum of the sizes of all files within archive  count  toward  the
516              scan  size.  For example, a 1M uncompressed archive containing a
517              single 1M inner file counts as 2M  toward  the  max  scan  size.
518              Warning:  disabling this limit or setting it too high may result
519              in severe damage to the system.
520              Default: 100M
521
522       MaxFileSize SIZE
523              Files larger than this limit won't be scanned. Affects the input
524              file itself as well as files contained inside it (when the input
525              file is an archive, a document or some other kind of container).
526              Warning:  disabling this limit or setting it too high may result
527              in severe damage to the  system.  Technical  design  limitations
528              prevent  ClamAV  from  scanning  files greater than 2 GB at this
529              time.
530              Default: 25M
531
532       MaxRecursion NUMBER
533              Nested archives are scanned recursively, e.g. if a  Zip  archive
534              contains  a  RAR file, all files within it will also be scanned.
535              This options specifies how deeply the process should be  contin‐
536              ued.  Warning:  setting this limit too high may result in severe
537              damage to the system.
538              Default: 17
539
540       MaxFiles NUMBER
541              Number of files to be scanned within an archive, a document,  or
542              any  other  kind  of container. Warning: disabling this limit or
543              setting it too high may result in severe damage to the system.
544              Default: 10000
545
546       MaxEmbeddedPE SIZE
547              This option sets the maximum size of a file to check for  embed‐
548              ded PE.
549              Files  larger  than this value will skip the additional analysis
550              step.
551              Negative values are not allowed.
552              Default: 10M
553
554       MaxHTMLNormalize SIZE
555              This option sets the maximum size of a HTML file to normalize.
556              HTML files larger than this value  will  not  be  normalized  or
557              scanned.
558              Negative values are not allowed.
559              Default: 10M
560
561       MaxHTMLNoTags SIZE
562              This  option  sets the maximum size of a normalized HTML file to
563              scan.
564              HTML files larger than this value after normalization  will  not
565              be scanned.
566              Negative values are not allowed.
567              Default: 2M
568
569       MaxScriptNormalize SIZE
570              This option sets the maximum size of a script file to normalize.
571              Script  content larger than this value will not be normalized or
572              scanned.
573              Negative values are not allowed.
574              Default: 5M
575
576       MaxZipTypeRcg SIZE
577              This option sets the maximum size of a  ZIP  file  to  reanalyze
578              type recognition.
579              ZIP  files  larger  than this value will skip the step to poten‐
580              tially reanalyze as PE.
581              Negative values are not allowed.
582              WARNING: setting this limit too high may result in severe damage
583              or impact performance.
584              Default: 1M
585
586       MaxPartitions SIZE
587              This  option sets the maximum number of partitions of a raw disk
588              image to be scanned.
589              Raw disk images with more partitions than this value  will  have
590              up to the value partitions scanned.
591              Negative values are not allowed.
592              WARNING: setting this limit too high may result in severe damage
593              or impact performance.
594              Default: 50
595
596       MaxIconsPE SIZE
597              This option sets the maximum number of icons within a PE  to  be
598              scanned.
599              PE  files  with  more  icons than this value will have up to the
600              value number icons scanned.
601              Negative values are not allowed.
602              WARNING: setting this limit too high may result in severe damage
603              or impact performance.
604              Default: 100
605
606       MaxRecHWP3 NUMBER
607              This  option  sets  the  maximum recursive calls to HWP3 parsing
608              function.
609              HWP3 files using more than this limit  will  be  terminated  and
610              alert the user.
611              Scans  will be unable to scan any HWP3 attachments if the recur‐
612              sive limit is reached.
613              Negative values are not allowed.
614              WARNING: setting this limit too high may result in severe damage
615              or impact performance.
616              Default: 16
617
618       PCREMatchLimit NUMBER
619              This  option  sets  the maximum calls to the PCRE match function
620              during an instance of regex matching.
621              Instances using more than this  limit  will  be  terminated  and
622              alert the user but the scan will continue.
623              For more information on match_limit, see the PCRE documentation.
624              Negative values are not allowed.
625              WARNING: setting this limit too high may severely impact perfor‐
626              mance.
627              Default: 10000
628
629       PCRERecMatchLimit NUMBER
630              This option sets the maximum recursive calls to the  PCRE  match
631              function during an instance of regex matching.
632              Instances  using  more  than  this  limit will be terminated and
633              alert the user but the scan will continue.
634              For more information on match_limit_recursion, see the PCRE doc‐
635              umentation.
636              Negative  values are not allowed and values > PCREMatchLimit are
637              superfluous.
638              WARNING: setting this limit too high may severely impact perfor‐
639              mance.
640              Default: 2000
641
642       PCREMaxFileSize SIZE
643              This  option  sets  the  maximum filesize for which PCRE subsigs
644              will be executed.
645              Files exceeding this limit will not have PCRE  subsigs  executed
646              unless a subsig is encompassed to a smaller buffer.
647              Negative values are not allowed.
648              Setting this value to zero disables the limit.
649              WARNING:  setting  this  limit  too high or disabling it may se‐
650              verely impact performance.
651              Default: 25M
652
653       OnAccessIncludePath STRING
654              This option specifies a directory (including all files  and  di‐
655              rectories  inside  it),  which should be scanned on access. This
656              option can be used multiple times.
657              Default: disabled
658
659       OnAccessExcludePath STRING
660              This option allows excluding directories  from  on-access  scan‐
661              ning. It can be used multiple times.
662              Default: disabled
663
664       OnAccessExcludeRootUID BOOL
665              With  this  option you can whitelist the root UID (0). Processes
666              run under root will be able to access all files without trigger‐
667              ing scans or permission denied events.
668              Note that if clamd cannot check the uid of the process that gen‐
669              erated an on-access scan event (e.g., because OnAccessPrevention
670              was  not  enabled,  and  the process already exited), clamd will
671              perform a scan.  Thus,  setting  OnAccessExcludeRootUID  is  not
672              guaranteed  to  prevent every access by the root user from trig‐
673              gering a scan (unless OnAccessPrevention is enabled).
674              Default: no
675
676       OnAccessExcludeUID NUMBER
677              With this option you can whitelist specific UIDs. Processes with
678              these  UIDs  will be able to access all files without triggering
679              scans or permission denied events.
680              This option can be used multiple times (one per line).
681              Note: using a value of 0 on any line will  disable  this  option
682              entirely.  To whitelist the root UID (0) please enable the OnAc‐
683              cessExcludeRootUID option.
684              Also note that if clamd cannot check the uid of the process that
685              generated an on-access scan event (e.g., because OnAccessPreven‐
686              tion was not enabled, and the  process  already  exited),  clamd
687              will  perform  a  scan.  Thus, setting OnAccessExcludeUID is not
688              guaranteed to prevent every access by  the  specified  uid  from
689              triggering a scan (unless OnAccessPrevention is enabled).
690              Default: disabled
691
692       OnAccessExcludeUname STRING
693              This  option allows exclusions via user names when using the on-
694              access scanning client. It can be used multiple times,  and  has
695              the same potential race condition limitations of the OnAccessEx‐
696              cludeUID option.
697              Default: disabled
698
699       OnAccessMaxFileSize SIZE
700              Files larger than this value will not be scanned in on access.
701              Default: 5M
702
703       OnAccessMaxThreads NUMBER
704              Max number of scanning  threads  to  allocate  to  the  OnAccess
705              thread  pool  at startup. These threads are the ones responsible
706              for creating a connection with the daemon and kicking off  scan‐
707              ning  after  an  event  has been processed. To prevent clamonacc
708              from consuming  all  clamd's  resources  keep  this  lower  than
709              clamd's max threads.
710              Default: 5
711
712       OnAccessCurlTimeout NUMBER
713              Max  amount  of  time (in milliseconds) that the OnAccess client
714              should spend for every connect, send, and recieve  attempt  when
715              communicating with clamd via curl.
716              Default: 5000 (5 seconds)
717
718       OnAccessMountPath STRING
719              Specifies a mount point (including all files and directories un‐
720              der it), which should be scanned on access. This option  can  be
721              used multiple times.
722              Default: disabled
723
724       OnAccessDisableDDD BOOL
725              Disables the dynamic directory determination system which allows
726              for recursively watching include paths.
727              Default: no
728
729       OnAccessPrevention BOOL
730              Enables fanotify blocking when malicious files are found.
731              Default: disabled
732
733       OnAccessRetryAttempts NUMBER
734              Number of times the OnAccess client will retry a failed scan due
735              to connection problems (or other issues).
736              Default: 0
737
738       OnAccessDenyOnError BOOL
739              When  using  prevention, if this option is turned on, any errors
740              that occur during  scanning will result in the event attempt be‐
741              ing  denied.  This could potentially lead to unwanted system be‐
742              haviour with certain configurations, so the client defaults this
743              to  off  and  prefers  allowing access events in case of scan or
744              connection error.
745              Default: no
746
747       OnAccessExtraScanning BOOL
748              Toggles extra scanning and notifications when a file  or  direc‐
749              tory is created or moved.
750              Requires the  DDD system to kick-off extra scans.
751              Default: no
752
753       DisableCertCheck BOOL
754              Disable authenticode certificate chain verification in PE files.
755              Default: no
756

NOTES

758       All  options expressing a size are limited to max 4GB. Values in excess
759       will be reset to the maximum.
760

FILES

762       /etc/clamd.d/scan.conf
763

AUTHORS

765       Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
766

SEE ALSO

768       clamd(8),   clamdscan(1),   clamav-milter(8),   freshclam(1),    fresh‐
769       clam.conf(5)
770
771
772
773ClamAV 0.103.4                 December 4, 2013                  clamd.conf(5)
Impressum