1clamd.conf(5)                   Clam AntiVirus                   clamd.conf(5)
2
3
4

NAME

6       clamd.conf - Configuration file for Clam AntiVirus Daemon
7

DESCRIPTION

9       clamd.conf configures the Clam AntiVirus daemon, clamd(8).
10

FILE FORMAT

12       The  file  consists  of  comments and options with arguments. Each line
13       which starts with a hash (#) symbol is ignored by the  parser.  Options
14       and  arguments  are case sensitive and of the form Option Argument. The
15       arguments are of the following types:
16
17       BOOL   Boolean value (yes/no or true/false or 1/0).
18
19       STRING String without blank characters.
20
21       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers  for  megabytes
22              and  'K' or 'k' for kilobytes. To specify the size in bytes just
23              don't use modifiers.
24
25       NUMBER Unsigned integer.
26

DIRECTIVES

28       When some option is not used (commented out or not included in the con‐
29       figuration file at all) clamd takes a default action.
30
31       Example
32              If this option is set clamd will not run.
33
34       LogFile STRING
35              Save all reports to a log file.
36              Default: disabled
37
38       LogFileUnlock BOOL
39              By  default the log file is locked for writing and only a single
40              daemon process can write to it. This option disables the lock.
41              Default: no
42
43       LogFileMaxSize SIZE
44              Maximum size of the log file.
45              Value of 0 disables the limit.
46              Default: 1048576
47
48       LogTime BOOL
49              Log time for each message.
50              Default: no
51
52       LogClean BOOL
53              Log all clean files.
54              Useful in debugging but drastically increases the log size.
55              Default: no
56
57       LogSyslog BOOL
58              Use the system logger (can work together with LogFile).
59              Default: no
60
61       LogFacility STRING
62              Type of syslog messages
63              Please refer to 'man syslog' for facility names.
64              Default: LOG_LOCAL6
65
66       LogVerbose BOOL
67              Enable verbose logging.
68              Default: no
69
70       LogRotate BOOL
71              Rotate log file. Requires LogFileMaxSize  option  set  prior  to
72              this option.
73              Default: no
74
75       ExtendedDetectionInfo BOOL
76              Log  additional information about the infected file, such as its
77              size and hash, together with the virus name.
78              Default: no
79
80       PidFile STRING
81              Save the process identifier of a listening daemon (main  thread)
82              to a specified file.
83              Default: disabled
84
85       TemporaryDirectory STRING
86              This  option  allows  you to change the default temporary direc‐
87              tory.
88              Default: system specific (usually /tmp or /var/tmp).
89
90       DatabaseDirectory STRING
91              This option allows you to change the default database directory.
92              If  you enable it, please make sure it points to the same direc‐
93              tory in both clamd and freshclam.
94              Default: defined at configuration (/usr/local/share/clamav)
95
96       OfficialDatabaseOnly BOOL
97              Only load  the  official  signatures  published  by  the  ClamAV
98              project.
99              Default: no
100
101       LocalSocket STRING
102              Path to a local (Unix) socket the daemon will listen on.
103              Default: disabled
104
105       LocalSocketGroup STRING
106              Sets the group ownership on the unix socket.
107              Default: the primary group of the user running clamd
108
109       LocalSocketMode STRING
110              Sets the permissions on the unix socket to the specified mode.
111              Default: socket is world readable and writable
112
113       FixStaleSocket BOOL
114              Remove stale socket after unclean shutdown.
115              Default: yes
116
117       TCPSocket NUMBER
118              TCP port number the daemon will listen on.
119              Default: disabled
120
121       TCPAddr STRING
122              By default clamd binds to INADDR_ANY.
123              This  option  allows you to restrict the TCP address and provide
124              some degree of protection from the outside  world.  This  option
125              can  be  specified multiple times in order to listen on multiple
126              IPs. IPv6 is now supported.
127              Default: disabled
128
129       MaxConnectionQueueLength NUMBER
130              Maximum length the queue of pending connections may grow to.
131              Default: 200
132
133       StreamMaxLength SIZE
134              Close the STREAM session when the data size limit is exceeded.
135              The value should match your MTA's limit for the maximum  attach‐
136              ment size.
137              Default: 100M
138
139       StreamMinPort NUMBER
140              The STREAM command uses an FTP-like protocol.
141              This option sets the lower boundary for the port range.
142              Default: 1024
143
144       StreamMaxPort NUMBER
145              This option sets the upper boundary for the port range.
146              Default: 2048
147
148       MaxThreads NUMBER
149              Maximum number of threads running at the same time.
150              Default: 10
151
152       ReadTimeout NUMBER
153              This  option  specifies  the time (in seconds) after which clamd
154              should timeout if a client doesn't provide any data.
155              Default: 120
156
157       CommandReadTimeout NUMBER
158              This option specifies the time (in seconds)  after  which  clamd
159              should  timeout  if a client doesn't provide any initial command
160              after connecting.  The default is set to 30  to  avoid  timeouts
161              with  TCP  sockets  when  processing large messages.  If using a
162              Unix socket, the value can be changed to 5.  Note:  the  timeout
163              for  subsequents  commands,  and/or  data chunks is specified by
164              ReadTimeout.
165              Default: 30
166
167       SendBufTimeout NUMBER
168              This option specifies how long to wait (in milliseconds) if  the
169              send buffer is full.  Keep this value low to prevent clamd hang‐
170              ing.
171              Default: 500
172
173       MaxQueue NUMBER
174              Maximum number of queued items (including those being  processed
175              by MaxThreads threads).  It is recommended to have this value at
176              least twice MaxThreads if possible.
177              WARNING: you shouldn't increase this too much to  avoid  running
178              out  of  file  descriptors, the following condition should hold:
179              MaxThreads*MaxRecursion  +  MaxQueue  -   MaxThreads   +   6   <
180              RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
181              descriptors (usually 1024), set by ulimit -n.
182              Default: 100
183
184       IdleTimeout NUMBER
185              This option specifies how long (in seconds) the  process  should
186              wait for a new job.
187              Default: 30
188
189       ExcludePath REGEX
190              Don't  scan files and directories matching REGEX. This directive
191              can be used multiple times.
192              Default: disabled
193
194       MaxDirectoryRecursion NUMBER
195              Maximum depth directories are scanned at.
196              Default: 15
197
198       FollowDirectorySymlinks BOOL
199              Follow directory symlinks.
200              Default: no
201
202       CrossFilesystems BOOL
203              Scan files and directories on other filesystems.
204              Default: yes
205
206       FollowFileSymlinks BOOL
207              Follow regular file symlinks.
208              Default: no
209
210       SelfCheck NUMBER
211              This option specifies the time intervals (in seconds)  in  which
212              clamd should perform a database check.
213              Default: 600
214
215       ConcurrentDatabaseReload BOOL
216              Enable    non-blocking    (multi-threaded/concurrent)   database
217              reloads. This feature will temporarily load  a  second  scanning
218              engine  while  scanning  continues  using the first engine. Once
219              loaded, the new engine takes over. The old engine is removed  as
220              soon as all scans using the old engine have completed. This fea‐
221              ture requires more RAM, so this option is provided in case users
222              are  willing  to block scans during reload in exchange for lower
223              RAM requirements.
224              Default: yes
225
226       VirusEvent COMMAND
227              Execute a command when a virus is found. In the  command  string
228              %v  will be replaced with the virus name and %f will be replaced
229              with the file name.   Additionally,  two  environment  variables
230              will  be  defined:  $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEV‐
231              ENT_VIRUSNAME.
232              Default: disabled
233
234       ExitOnOOM BOOL
235              Stop daemon when libclamav reports out of memory condition.
236              Default: no
237
238       AllowAllMatchScan BOOL
239              Permit use of the ALLMATCHSCAN command.
240              Default: yes
241
242       Foreground BOOL
243              Don't fork into background.
244              Default: no
245
246       Debug BOOL
247              Enable debug messages from libclamav.
248              Default: no
249
250       LeaveTemporaryFiles BOOL
251              Do not remove temporary files (for debugging purpose).
252              Default: no
253
254       GenerateMetadataJson BOOL
255              Record metadata about the file being scanned.  Scan metadata  is
256              useful  for file analysis purposes and for debugging scan behav‐
257              ior.  The JSON metadata will be printed after the scan  is  com‐
258              plete if Debug is enabled.  A metadata.json file will be written
259              to the scan temp directory if LeaveTemporaryFiles is enabled.
260              Default: no
261
262       User STRING
263              Run the daemon as a specified user (the process must be  started
264              by root).
265              Default: disabled
266
267       Bytecode BOOL
268              With  this  option  enabled  ClamAV  will load bytecode from the
269              database. It is highly recommended you keep this  option  turned
270              on, otherwise you may miss detections for many new viruses.
271              Default: yes
272
273       BytecodeSecurity STRING
274              Set bytecode security level.
275              Possible values:
276                  TrustSigned  -  trust  bytecode  loaded  from signed .c[lv]d
277                  files and insert runtime safety checks for  bytecode  loaded
278                  from other sources,
279                  Paranoid  -  don't trust any bytecode, insert runtime checks
280                  for all.
281              Recommended: TrustSigned, because bytecode in .cvd files already
282              has these checks.
283              Default: TrustSigned
284
285       BytecodeTimeout NUMBER
286              Set bytecode timeout in milliseconds.
287              Default: 10000
288
289       BytecodeUnsigned BOOL
290              Allow  loading  bytecode  from  outside digitally signed .c[lv]d
291              files.  **Caution**: You should NEVER  run  bytecode  signatures
292              from  untrusted  sources.  Doing so may result in arbitrary code
293              execution.
294              Default: no
295
296       BytecodeMode STRING
297              Set bytecode execution mode.
298              Possible values:
299                  Auto - automatically choose JIT if possible, fallback to in‐
300                  terpreter
301                  ForceJIT - always choose JIT, fail if not possible
302                  ForceInterpreter - always choose interpreter
303                  Test  -  run  with  both JIT and interpreter and compare re‐
304                  sults. Make all failures fatal.
305              Default: Auto
306
307       DetectPUA BOOL
308              Detect Possibly Unwanted Applications.
309              Default: No
310
311       ExcludePUA CATEGORY
312              Exclude a specific PUA category. This directive can be used mul‐
313              tiple  times.  See  https://docs.clamav.net/faq/faq-pua.html for
314              the complete list of PUA categories.
315              Default: disabled
316
317       IncludePUA CATEGORY
318              Only include a specific PUA category. This directive can be used
319              multiple times. See https://docs.clamav.net/faq/faq-pua.html for
320              the complete list of PUA categories.
321              Default: disabled
322
323       HeuristicAlerts BOOL
324              In some cases (eg. complex malware, exploits in  graphic  files,
325              and  others), ClamAV uses special algorithms to provide accurate
326              detection. This option controls the algorithmic detection.
327              Default: yes
328
329       HeuristicScanPrecedence BOOL
330              Allow heuristic match to take precedence.  When  enabled,  if  a
331              heuristic   scan  (such  as  phishingScan)  detects  a  possible
332              virus/phishing it will stop scanning  immediately.  Recommended,
333              saves  CPU  scan-time. When disabled, virus/phishing detected by
334              heuristic scans will be reported only at the end of a  scan.  If
335              an  archive  contains both a heuristically detected virus/phish‐
336              ing, and a real malware, the real malware will be reported. Keep
337              this  disabled  if you intend to handle "*.Heuristics.*" viruses
338              differently from "real" malware. If a non-heuristically-detected
339              virus  (signature-based) is found first, the scan is interrupted
340              immediately, regardless of this config option.
341              Default: no
342
343       ScanPE BOOL
344              PE stands for Portable Executable - it's an executable file for‐
345              mat used in all 32 and 64-bit versions of Windows operating sys‐
346              tems. This option allows ClamAV to perform a deeper analysis  of
347              executable  files  and  it's  also required for decompression of
348              popular executable packers such as UPX.
349              If you turn off this option, the original files  will  still  be
350              scanned, but without additional processing.
351              Default: yes
352
353       ScanELF BOOL
354              Executable and Linking Format is a standard format for UN*X exe‐
355              cutables. This option allows you to control the scanning of  ELF
356              files.
357              If  you  turn  off this option, the original files will still be
358              scanned, but without additional processing.
359              Default: yes
360
361       ScanMail BOOL
362              Enable scanning of mail files.
363              If you turn off this option, the original files  will  still  be
364              scanned, but without parsing individual messages/attachments.
365              Default: yes
366
367       ScanPartialMessages BOOL
368              Scan  RFC1341  messages split over many emails. You will need to
369              periodically clean up $TemporaryDirectory/clamav-partial  direc‐
370              tory. WARNING: This option may open your system to a DoS attack.
371              Never use it on loaded servers.
372              Default: no
373
374       PhishingSignatures BOOL
375              Enable email signature-based phishing detection.
376              Default: yes
377
378       PhishingScanURLs BOOL
379              Enable URL signature-based phishing detection (Heuristics.Phish‐
380              ing.Email.*)
381              Default: yes
382
383       StructuredDataDetection BOOL
384              Enable the DLP module.
385              Default: no
386
387       StructuredMinCreditCardCount NUMBER
388              This  option sets the lowest number of Credit Card numbers found
389              in a file to generate a detect.
390              Default: 3
391
392       StructuredCCOnly BOOL
393              With this option enabled the DLP module will  search  for  valid
394              Credit  Card0umbers only. Debit and Private Label cards will not
395              be searched.
396              Default: No
397
398       StructuredMinSSNCount NUMBER
399              This option sets the lowest number of  Social  Security  Numbers
400              found in a file to generate a detect.
401              Default: 3
402
403       StructuredSSNFormatNormal BOOL
404              With  this  option  enabled the DLP module will search for valid
405              SSNs formatted as xxx-yy-zzzz.
406              Default: Yes
407
408       StructuredSSNFormatStripped BOOL
409              With this option enabled the DLP module will  search  for  valid
410              SSNs formatted as xxxyyzzzz.
411              Default: No
412
413       ScanHTML BOOL
414              Perform  HTML/JavaScript/ScriptEncoder normalisation and decryp‐
415              tion.
416              If you turn off this option, the original files  will  still  be
417              scanned, but without additional processing.
418              Default: yes
419
420       ScanOLE2 BOOL
421              This  option  enables  scanning of OLE2 files, such as Microsoft
422              Office documents and .msi files.
423              If you turn off this option, the original files  will  still  be
424              scanned, but without additional processing.
425              Default: yes
426
427       ScanPDF BOOL
428              This option enables scanning within PDF files.
429              If  you  turn  off this option, the original files will still be
430              scanned, but without additional processing.
431              Default: yes
432
433       ScanSWF BOOL
434              This option enables scanning within SWF files.
435              If you turn off this option, the original files  will  still  be
436              scanned, but without decoding and additional processing.
437              Default: yes
438
439       ScanXMLDOCS BOOL
440              This  option enables scanning xml-based document files supported
441              by libclamav.
442              If you turn off this option, the original files  will  still  be
443              scanned, but without additional processing.
444              Default: yes
445
446       ScanHWP3 BOOL
447              This option enables scanning HWP3 files.
448              If  you  turn  off this option, the original files will still be
449              scanned, but without additional processing.
450              Default: yes
451
452       ScanArchive BOOL
453              Scan within archives and compressed files.
454              If you turn off this option, the original files  will  still  be
455              scanned, but without unpacking and additional processing.
456              Default: yes
457
458       AlertBrokenExecutables BOOL
459              Alert on broken executable files (PE & ELF).
460              Default: no
461
462       AlertBrokenMedia BOOL
463              Alert on broken graphics files (JPEG, TIFF, PNG, GIF).
464              Default: no
465
466       AlertEncrypted BOOL
467              Alert  on  encrypted  archives  and  documents  (encrypted .zip,
468              .7zip, .rar, .pdf).
469              Default: no
470
471       AlertEncryptedArchive BOOL
472              Alert on encrypted archives (encrypted .zip, .7zip, .rar).
473              Default: no
474
475       AlertEncryptedDoc BOOL
476              Alert on encrypted documents (encrypted .pdf).
477              Default: no
478
479       AlertOLE2Macros BOOL
480              Alert on OLE2 files containing VBA macros  (Heuristics.OLE2.Con‐
481              tainsMacros).
482              Default: no
483
484       AlertExceedsMax BOOL
485              When  AlertExceedsMax  is  set, files exceeding the MaxFileSize,
486              MaxScanSize, or MaxRecursion limit  will  be  flagged  with  the
487              virus name starting with "Heuristics.Limits.Exceeded".
488              Default: no
489
490       AlertPhishingSSLMismatch BOOL
491              Alert on emails containing SSL mismatches in URLs (might lead to
492              false positives!).
493              Default: no
494
495       AlertPhishingCloak BOOL
496              Alert on emails containing cloaked  URLs  (might  lead  to  some
497              false positives).
498              Default: no
499
500       AlertPartitionIntersection BOOL
501              Alert on raw DMG image files containing partition intersections.
502              Default: no
503
504       ForceToDisk
505              This  option  causes memory or nested map scans to dump the con‐
506              tent to disk.
507              If you turn on this option, more data is written to disk and  is
508              available  when the leave-temps option is enabled at the cost of
509              more disk writes.
510              Default: no
511
512       MaxScanTime SIZE
513              This option sets the maximum amount of time a scan may  take  to
514              complete.  The value is in milliseconds. The value of 0 disables
515              the limit. WARNING: disabling this limit or setting it too  high
516              may  result allow scanning of certain files to lock up the scan‐
517              ning process/threads resulting in a Denial of Service.
518              Default: 120000
519
520       MaxScanSize SIZE
521              Sets the maximum amount of data to be  scanned  for  each  input
522              file.  Archives  and  other containers are recursively extracted
523              and scanned up to this value. The size of an  archive  plus  the
524              sum  of  the  sizes of all files within archive count toward the
525              scan size. For example, a 1M uncompressed archive  containing  a
526              single  1M  inner  file  counts  as 2M toward the max scan size.
527              Warning: disabling this limit or setting it too high may  result
528              in severe damage to the system.
529              Default: 400M
530
531       MaxFileSize SIZE
532              Files larger than this limit won't be scanned. Affects the input
533              file itself as well as files contained inside it (when the input
534              file is an archive, a document or some other kind of container).
535              Warning: disabling this limit or setting it too high may  result
536              in  severe  damage  to  the system. Technical design limitations
537              prevent ClamAV from scanning files greater than  2  GB  at  this
538              time.
539              Default: 100M
540
541       MaxRecursion NUMBER
542              Nested  archives  are scanned recursively, e.g. if a Zip archive
543              contains a RAR file, all files within it will also  be  scanned.
544              This  options specifies how deeply the process should be contin‐
545              ued. Warning: setting this limit too high may result  in  severe
546              damage to the system.
547              Default: 17
548
549       MaxFiles NUMBER
550              Number  of files to be scanned within an archive, a document, or
551              any other kind of container. Warning: disabling  this  limit  or
552              setting it too high may result in severe damage to the system.
553              Default: 10000
554
555       MaxEmbeddedPE SIZE
556              This  option sets the maximum size of a file to check for embed‐
557              ded PE.
558              Files larger than this value will skip the  additional  analysis
559              step.
560              Negative values are not allowed.
561              Default: 40M
562
563       MaxHTMLNormalize SIZE
564              This option sets the maximum size of a HTML file to normalize.
565              HTML  files  larger  than  this  value will not be normalized or
566              scanned.
567              Negative values are not allowed.
568              Default: 40M
569
570       MaxHTMLNoTags SIZE
571              This option sets the maximum size of a normalized HTML  file  to
572              scan.
573              HTML  files  larger than this value after normalization will not
574              be scanned.
575              Negative values are not allowed.
576              Default: 8M
577
578       MaxScriptNormalize SIZE
579              This option sets the maximum size of a script file to normalize.
580              Script content larger than this value will not be normalized  or
581              scanned.
582              Negative values are not allowed.
583              Default: 20M
584
585       MaxZipTypeRcg SIZE
586              This  option  sets  the  maximum size of a ZIP file to reanalyze
587              type recognition.
588              ZIP files larger than this value will skip the  step  to  poten‐
589              tially reanalyze as PE.
590              Negative values are not allowed.
591              WARNING: setting this limit too high may result in severe damage
592              or impact performance.
593              Default: 1M
594
595       MaxPartitions SIZE
596              This option sets the maximum number of partitions of a raw  disk
597              image to be scanned.
598              Raw  disk  images with more partitions than this value will have
599              up to the value partitions scanned.
600              Negative values are not allowed.
601              WARNING: setting this limit too high may result in severe damage
602              or impact performance.
603              Default: 50
604
605       MaxIconsPE SIZE
606              This  option  sets the maximum number of icons within a PE to be
607              scanned.
608              PE files with more icons than this value will  have  up  to  the
609              value number icons scanned.
610              Negative values are not allowed.
611              WARNING: setting this limit too high may result in severe damage
612              or impact performance.
613              Default: 100
614
615       MaxRecHWP3 NUMBER
616              This option sets the maximum recursive  calls  to  HWP3  parsing
617              function.
618              HWP3  files  using  more  than this limit will be terminated and
619              alert the user.
620              Scans will be unable to scan any HWP3 attachments if the  recur‐
621              sive limit is reached.
622              Negative values are not allowed.
623              WARNING: setting this limit too high may result in severe damage
624              or impact performance.
625              Default: 16
626
627       PCREMatchLimit NUMBER
628              This option sets the maximum calls to the  PCRE  match  function
629              during an instance of regex matching.
630              Instances  using  more  than  this  limit will be terminated and
631              alert the user but the scan will continue.
632              For more information on match_limit, see the PCRE documentation.
633              Negative values are not allowed.
634              WARNING: setting this limit too high may severely impact perfor‐
635              mance.
636              Default: 10000
637
638       PCRERecMatchLimit NUMBER
639              This  option  sets the maximum recursive calls to the PCRE match
640              function during an instance of regex matching.
641              Instances using more than this  limit  will  be  terminated  and
642              alert the user but the scan will continue.
643              For more information on match_limit_recursion, see the PCRE doc‐
644              umentation.
645              Negative values are not allowed and values > PCREMatchLimit  are
646              superfluous.
647              WARNING: setting this limit too high may severely impact perfor‐
648              mance.
649              Default: 2000
650
651       PCREMaxFileSize SIZE
652              This option sets the maximum filesize  for  which  PCRE  subsigs
653              will be executed.
654              Files  exceeding  this limit will not have PCRE subsigs executed
655              unless a subsig is encompassed to a smaller buffer.
656              Negative values are not allowed.
657              Setting this value to zero disables the limit.
658              WARNING: setting this limit too high or  disabling  it  may  se‐
659              verely impact performance.
660              Default: 100M
661
662       OnAccessIncludePath STRING
663              This  option  specifies a directory (including all files and di‐
664              rectories inside it), which should be scanned  on  access.  This
665              option can be used multiple times.
666              Default: disabled
667
668       OnAccessExcludePath STRING
669              This  option  allows  excluding directories from on-access scan‐
670              ning. It can be used multiple times.
671              Default: disabled
672
673       OnAccessExcludeRootUID BOOL
674              With this option you can exclude the root UID (0). Processes run
675              under  root  will be able to access all files without triggering
676              scans or permission denied events.
677              Note that if clamd cannot check the uid of the process that gen‐
678              erated an on-access scan event (e.g., because OnAccessPrevention
679              was not enabled, and the process  already  exited),  clamd  will
680              perform  a  scan.   Thus,  setting OnAccessExcludeRootUID is not
681              guaranteed to prevent every access by the root user  from  trig‐
682              gering a scan (unless OnAccessPrevention is enabled).
683              Default: no
684
685       OnAccessExcludeUID NUMBER
686              With  this  option you can exclude specific UIDs. Processes with
687              these UIDs will be able to access all files  without  triggering
688              scans or permission denied events.
689              This option can be used multiple times (one per line).
690              Note:  using  a  value of 0 on any line will disable this option
691              entirely. To exclude the root UID (0) please enable the OnAcces‐
692              sExcludeRootUID option.
693              Also note that if clamd cannot check the uid of the process that
694              generated an on-access scan event (e.g., because OnAccessPreven‐
695              tion  was  not  enabled,  and the process already exited), clamd
696              will perform a scan.  Thus, setting  OnAccessExcludeUID  is  not
697              guaranteed  to  prevent  every  access by the specified uid from
698              triggering a scan (unless OnAccessPrevention is enabled).
699              Default: disabled
700
701       OnAccessExcludeUname STRING
702              This option allows exclusions via user names when using the  on-
703              access  scanning  client. It can be used multiple times, and has
704              the same potential race condition limitations of the OnAccessEx‐
705              cludeUID option.
706              Default: disabled
707
708       OnAccessMaxFileSize SIZE
709              Files larger than this value will not be scanned in on access.
710              Default: 5M
711
712       OnAccessMaxThreads NUMBER
713              Max  number  of  scanning  threads  to  allocate to the OnAccess
714              thread pool at startup. These threads are the  ones  responsible
715              for  creating a connection with the daemon and kicking off scan‐
716              ning after an event has been  processed.  To  prevent  clamonacc
717              from  consuming  all  clamd's  resources  keep  this  lower than
718              clamd's max threads.
719              Default: 5
720
721       OnAccessCurlTimeout NUMBER
722              Max amount of time (in milliseconds) that  the  OnAccess  client
723              should  spend  for every connect, send, and recieve attempt when
724              communicating with clamd via curl.
725              Default: 5000 (5 seconds)
726
727       OnAccessMountPath STRING
728              Specifies a mount point (including all files and directories un‐
729              der  it),  which should be scanned on access. This option can be
730              used multiple times.
731              Default: disabled
732
733       OnAccessDisableDDD BOOL
734              Disables the dynamic directory determination system which allows
735              for recursively watching include paths.
736              Default: no
737
738       OnAccessPrevention BOOL
739              Enables fanotify blocking when malicious files are found.
740              Default: disabled
741
742       OnAccessRetryAttempts NUMBER
743              Number of times the OnAccess client will retry a failed scan due
744              to connection problems (or other issues).
745              Default: 0
746
747       OnAccessDenyOnError BOOL
748              When using prevention, if this option is turned on,  any  errors
749              that occur during  scanning will result in the event attempt be‐
750              ing denied. This could potentially lead to unwanted  system  be‐
751              haviour with certain configurations, so the client defaults this
752              to off and prefers allowing access events in  case  of  scan  or
753              connection error.
754              Default: no
755
756       OnAccessExtraScanning BOOL
757              Toggles  extra  scanning and notifications when a file or direc‐
758              tory is created or moved.
759              Requires the  DDD system to kick-off extra scans.
760              Default: no
761
762       DisableCertCheck BOOL
763              Disable authenticode certificate chain verification in PE files.
764              Default: no
765

NOTES

767       All options expressing a size are limited to max 4GB. Values in  excess
768       will be reset to the maximum.
769

FILES

771       /etc/clamd.d/scan.conf
772

AUTHORS

774       Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
775

SEE ALSO

777       clamd(8),    clamdscan(1),   clamav-milter(8),   freshclam(1),   fresh‐
778       clam.conf(5)
779
780
781
782ClamAV 1.0.4                   December 4, 2013                  clamd.conf(5)
Impressum