1clamd.conf(5) Clam AntiVirus clamd.conf(5)
2
6 clamd.conf - Configuration file for Clam AntiVirus Daemon
7
9 clamd.conf configures the Clam AntiVirus daemon, clamd(8).
10
12 The file consists of comments and options with arguments. Each line
13 which starts with a hash (#) symbol is ignored by the parser. Options
14 and arguments are case sensitive and of the form Option Argument. The
15 arguments are of the following types:
16 BOOL Boolean value (yes/no or true/false or 1/0).
18 STRING String without blank characters.
20 SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes
22 and 'K' or 'k' for kilobytes. To specify the size in bytes just
23 don't use modifiers.
24 NUMBER Unsigned integer.
26
28 When some option is not used (commented out or not included in the con‐
29 figuration file at all) clamd takes a default action.
30 Example
32 If this option is set clamd will not run.
33 LogFile STRING
35 Save all reports to a log file.
36 Default: disabled
37 LogFileUnlock BOOL
39 By default the log file is locked for writing and only a single
40 daemon process can write to it. This option disables the lock.
41 Default: no
42 LogFileMaxSize SIZE
44 Maximum size of the log file.
45 Value of 0 disables the limit.
46 Default: 1048576
47 LogTime BOOL
49 Log time for each message.
50 Default: no
51 LogClean BOOL
53 Log all clean files.
54 Useful in debugging but drastically increases the log size.
55 Default: no
56 LogSyslog BOOL
58 Use the system logger (can work together with LogFile).
59 Default: no
60 LogFacility STRING
62 Type of syslog messages
63 Please refer to 'man syslog' for facility names.
64 Default: LOG_LOCAL6
65 LogVerbose BOOL
67 Enable verbose logging.
68 Default: no
69 LogRotate BOOL
71 Rotate log file. Requires LogFileMaxSize option set prior to
72 this option.
73 Default: no
74 ExtendedDetectionInfo BOOL
76 Log additional information about the infected file, such as its
77 size and hash, together with the virus name.
78 Default: no
79 PidFile STRING
81 Save the process identifier of a listening daemon (main thread)
82 to a specified file.
83 Default: disabled
84 TemporaryDirectory STRING
86 This option allows you to change the default temporary direc‐
87 tory.
88 Default: system specific (usually /tmp or /var/tmp).
89 DatabaseDirectory STRING
91 This option allows you to change the default database directory.
92 If you enable it, please make sure it points to the same direc‐
93 tory in both clamd and freshclam.
94 Default: defined at configuration (/usr/local/share/clamav)
95 OfficialDatabaseOnly BOOL
97 Only load the official signatures published by the ClamAV
98 project.
99 Default: no
100 LocalSocket STRING
102 Path to a local (Unix) socket the daemon will listen on.
103 Default: disabled
104 LocalSocketGroup STRING
106 Sets the group ownership on the unix socket.
107 Default: the primary group of the user running clamd
108 LocalSocketMode STRING
110 Sets the permissions on the unix socket to the specified mode.
111 Default: socket is world readable and writable
112 FixStaleSocket BOOL
114 Remove stale socket after unclean shutdown.
115 Default: yes
116 TCPSocket NUMBER
118 TCP port number the daemon will listen on.
119 Default: disabled
120 TCPAddr STRING
122 By default clamd binds to INADDR_ANY.
123 This option allows you to restrict the TCP address and provide
124 some degree of protection from the outside world. This option
125 can be specified multiple times in order to listen on multiple
126 IPs. IPv6 is now supported.
127 Default: disabled
128 MaxConnectionQueueLength NUMBER
130 Maximum length the queue of pending connections may grow to.
131 Default: 200
132 StreamMaxLength SIZE
134 Close the STREAM session when the data size limit is exceeded.
135 The value should match your MTA's limit for the maximum attach‐
136 ment size.
137 Default: 100M
138 StreamMinPort NUMBER
140 The STREAM command uses an FTP-like protocol.
141 This option sets the lower boundary for the port range.
142 Default: 1024
143 StreamMaxPort NUMBER
145 This option sets the upper boundary for the port range.
146 Default: 2048
147 MaxThreads NUMBER
149 Maximum number of threads running at the same time.
150 Default: 10
151 ReadTimeout NUMBER
153 This option specifies the time (in seconds) after which clamd
154 should timeout if a client doesn't provide any data.
155 Default: 120
156 CommandReadTimeout NUMBER
158 This option specifies the time (in seconds) after which clamd
159 should timeout if a client doesn't provide any initial command
160 after connecting. The default is set to 30 to avoid timeouts
161 with TCP sockets when processing large messages. If using a
162 Unix socket, the value can be changed to 5. Note: the timeout
163 for subsequents commands, and/or data chunks is specified by
164 ReadTimeout.
165 Default: 30
166 SendBufTimeout NUMBER
168 This option specifies how long to wait (in milliseconds) if the
169 send buffer is full. Keep this value low to prevent clamd hang‐
170 ing.
171 Default: 500
172 MaxQueue NUMBER
174 Maximum number of queued items (including those being processed
175 by MaxThreads threads). It is recommended to have this value at
176 least twice MaxThreads if possible.
177 WARNING: you shouldn't increase this too much to avoid running
178 out of file descriptors, the following condition should hold:
179 MaxThreads*MaxRecursion + MaxQueue - MaxThreads + 6 <
180 RLIMIT_NOFILE. RLIMIT_NOFILE is the maximum number of open file
181 descriptors (usually 1024), set by ulimit -n.
182 Default: 100
183 IdleTimeout NUMBER
185 This option specifies how long (in seconds) the process should
186 wait for a new job.
187 Default: 30
188 ExcludePath REGEX
190 Don't scan files and directories matching REGEX. This directive
191 can be used multiple times.
192 Default: disabled
193 MaxDirectoryRecursion NUMBER
195 Maximum depth directories are scanned at.
196 Default: 15
197 FollowDirectorySymlinks BOOL
199 Follow directory symlinks.
200 Default: no
201 CrossFilesystems BOOL
203 Scan files and directories on other filesystems.
204 Default: yes
205 FollowFileSymlinks BOOL
207 Follow regular file symlinks.
208 Default: no
209 SelfCheck NUMBER
211 This option specifies the time intervals (in seconds) in which
212 clamd should perform a database check.
213 Default: 600
214 ConcurrentDatabaseReload BOOL
216 Enable non-blocking (multi-threaded/concurrent) database
217 reloads. This feature will temporarily load a second scanning
218 engine while scanning continues using the first engine. Once
219 loaded, the new engine takes over. The old engine is removed as
220 soon as all scans using the old engine have completed. This fea‐
221 ture requires more RAM, so this option is provided in case users
222 are willing to block scans during reload in exchange for lower
223 RAM requirements.
224 Default: yes
225 VirusEvent COMMAND
227 Execute a command when a virus is found. In the command string
228 %v will be replaced with the virus name and %f will be replaced
229 with the file name. Additionally, two environment variables
230 will be defined: $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEV‐
231 ENT_VIRUSNAME.
232 Default: disabled
233 ExitOnOOM BOOL
235 Stop daemon when libclamav reports out of memory condition.
236 Default: no
237 AllowAllMatchScan BOOL
239 Permit use of the ALLMATCHSCAN command.
240 Default: yes
241 Foreground BOOL
243 Don't fork into background.
244 Default: no
245 Debug BOOL
247 Enable debug messages from libclamav.
248 Default: no
249 LeaveTemporaryFiles BOOL
251 Do not remove temporary files (for debugging purpose).
252 Default: no
253 GenerateMetadataJson BOOL
255 Record metadata about the file being scanned. Scan metadata is
256 useful for file analysis purposes and for debugging scan behav‐
257 ior. The JSON metadata will be printed after the scan is com‐
258 plete if Debug is enabled. A metadata.json file will be written
259 to the scan temp directory if LeaveTemporaryFiles is enabled.
260 Default: no
261 User STRING
263 Run the daemon as a specified user (the process must be started
264 by root).
265 Default: disabled
266 Bytecode BOOL
268 With this option enabled ClamAV will load bytecode from the
269 database. It is highly recommended you keep this option turned
270 on, otherwise you may miss detections for many new viruses.
271 Default: yes
272 BytecodeSecurity STRING
274 Set bytecode security level.
275 Possible values:
276 TrustSigned - trust bytecode loaded from signed .c[lv]d
277 files and insert runtime safety checks for bytecode loaded
278 from other sources,
279 Paranoid - don't trust any bytecode, insert runtime checks
280 for all.
281 Recommended: TrustSigned, because bytecode in .cvd files already
282 has these checks.
283 Default: TrustSigned
284 BytecodeTimeout NUMBER
286 Set bytecode timeout in milliseconds.
287 Default: 10000
288 BytecodeUnsigned BOOL
290 Allow loading bytecode from outside digitally signed .c[lv]d
291 files. **Caution**: You should NEVER run bytecode signatures
292 from untrusted sources. Doing so may result in arbitrary code
293 execution.
294 Default: no
295 BytecodeMode STRING
297 Set bytecode execution mode.
298 Possible values:
299 Auto - automatically choose JIT if possible, fallback to in‐
300 terpreter
301 ForceJIT - always choose JIT, fail if not possible
302 ForceInterpreter - always choose interpreter
303 Test - run with both JIT and interpreter and compare re‐
304 sults. Make all failures fatal.
305 Default: Auto
306 DetectPUA BOOL
308 Detect Possibly Unwanted Applications.
309 Default: No
310 ExcludePUA CATEGORY
312 Exclude a specific PUA category. This directive can be used mul‐
313 tiple times. See https://docs.clamav.net/faq/faq-pua.html for
314 the complete list of PUA categories.
315 Default: disabled
316 IncludePUA CATEGORY
318 Only include a specific PUA category. This directive can be used
319 multiple times. See https://docs.clamav.net/faq/faq-pua.html for
320 the complete list of PUA categories.
321 Default: disabled
322 HeuristicAlerts BOOL
324 In some cases (eg. complex malware, exploits in graphic files,
325 and others), ClamAV uses special algorithms to provide accurate
326 detection. This option controls the algorithmic detection.
327 Default: yes
328 HeuristicScanPrecedence BOOL
330 Allow heuristic match to take precedence. When enabled, if a
331 heuristic scan (such as phishingScan) detects a possible
332 virus/phishing it will stop scanning immediately. Recommended,
333 saves CPU scan-time. When disabled, virus/phishing detected by
334 heuristic scans will be reported only at the end of a scan. If
335 an archive contains both a heuristically detected virus/phish‐
336 ing, and a real malware, the real malware will be reported. Keep
337 this disabled if you intend to handle "*.Heuristics.*" viruses
338 differently from "real" malware. If a non-heuristically-detected
339 virus (signature-based) is found first, the scan is interrupted
340 immediately, regardless of this config option.
341 Default: no
342 ScanPE BOOL
344 PE stands for Portable Executable - it's an executable file for‐
345 mat used in all 32 and 64-bit versions of Windows operating sys‐
346 tems. This option allows ClamAV to perform a deeper analysis of
347 executable files and it's also required for decompression of
348 popular executable packers such as UPX.
349 If you turn off this option, the original files will still be
350 scanned, but without additional processing.
351 Default: yes
352 ScanELF BOOL
354 Executable and Linking Format is a standard format for UN*X exe‐
355 cutables. This option allows you to control the scanning of ELF
356 files.
357 If you turn off this option, the original files will still be
358 scanned, but without additional processing.
359 Default: yes
360 ScanMail BOOL
362 Enable scanning of mail files.
363 If you turn off this option, the original files will still be
364 scanned, but without parsing individual messages/attachments.
365 Default: yes
366 ScanPartialMessages BOOL
368 Scan RFC1341 messages split over many emails. You will need to
369 periodically clean up $TemporaryDirectory/clamav-partial direc‐
370 tory. WARNING: This option may open your system to a DoS attack.
371 Never use it on loaded servers.
372 Default: no
373 PhishingSignatures BOOL
375 Enable email signature-based phishing detection.
376 Default: yes
377 PhishingScanURLs BOOL
379 Enable URL signature-based phishing detection (Heuristics.Phish‐
380 ing.Email.*)
381 Default: yes
382 StructuredDataDetection BOOL
384 Enable the DLP module.
385 Default: no
386 StructuredMinCreditCardCount NUMBER
388 This option sets the lowest number of Credit Card numbers found
389 in a file to generate a detect.
390 Default: 3
391 StructuredCCOnly BOOL
393 With this option enabled the DLP module will search for valid
394 Credit Card0umbers only. Debit and Private Label cards will not
395 be searched.
396 Default: No
397 StructuredMinSSNCount NUMBER
399 This option sets the lowest number of Social Security Numbers
400 found in a file to generate a detect.
401 Default: 3
402 StructuredSSNFormatNormal BOOL
404 With this option enabled the DLP module will search for valid
405 SSNs formatted as xxx-yy-zzzz.
406 Default: Yes
407 StructuredSSNFormatStripped BOOL
409 With this option enabled the DLP module will search for valid
410 SSNs formatted as xxxyyzzzz.
411 Default: No
412 ScanHTML BOOL
414 Perform HTML/JavaScript/ScriptEncoder normalisation and decryp‐
415 tion.
416 If you turn off this option, the original files will still be
417 scanned, but without additional processing.
418 Default: yes
419 ScanOLE2 BOOL
421 This option enables scanning of OLE2 files, such as Microsoft
422 Office documents and .msi files.
423 If you turn off this option, the original files will still be
424 scanned, but without additional processing.
425 Default: yes
426 ScanPDF BOOL
428 This option enables scanning within PDF files.
429 If you turn off this option, the original files will still be
430 scanned, but without additional processing.
431 Default: yes
432 ScanSWF BOOL
434 This option enables scanning within SWF files.
435 If you turn off this option, the original files will still be
436 scanned, but without decoding and additional processing.
437 Default: yes
438 ScanXMLDOCS BOOL
440 This option enables scanning xml-based document files supported
441 by libclamav.
442 If you turn off this option, the original files will still be
443 scanned, but without additional processing.
444 Default: yes
445 ScanHWP3 BOOL
447 This option enables scanning HWP3 files.
448 If you turn off this option, the original files will still be
449 scanned, but without additional processing.
450 Default: yes
451 ScanArchive BOOL
453 Scan within archives and compressed files.
454 If you turn off this option, the original files will still be
455 scanned, but without unpacking and additional processing.
456 Default: yes
457 AlertBrokenExecutables BOOL
459 Alert on broken executable files (PE & ELF).
460 Default: no
461 AlertBrokenMedia BOOL
463 Alert on broken graphics files (JPEG, TIFF, PNG, GIF).
464 Default: no
465 AlertEncrypted BOOL
467 Alert on encrypted archives and documents (encrypted .zip,
468 .7zip, .rar, .pdf).
469 Default: no
470 AlertEncryptedArchive BOOL
472 Alert on encrypted archives (encrypted .zip, .7zip, .rar).
473 Default: no
474 AlertEncryptedDoc BOOL
476 Alert on encrypted documents (encrypted .pdf).
477 Default: no
478 AlertOLE2Macros BOOL
480 Alert on OLE2 files containing VBA macros (Heuristics.OLE2.Con‐
481 tainsMacros).
482 Default: no
483 AlertExceedsMax BOOL
485 When AlertExceedsMax is set, files exceeding the MaxFileSize,
486 MaxScanSize, or MaxRecursion limit will be flagged with the
487 virus name starting with "Heuristics.Limits.Exceeded".
488 Default: no
489 AlertPhishingSSLMismatch BOOL
491 Alert on emails containing SSL mismatches in URLs (might lead to
492 false positives!).
493 Default: no
494 AlertPhishingCloak BOOL
496 Alert on emails containing cloaked URLs (might lead to some
497 false positives).
498 Default: no
499 AlertPartitionIntersection BOOL
501 Alert on raw DMG image files containing partition intersections.
502 Default: no
503 ForceToDisk
505 This option causes memory or nested map scans to dump the con‐
506 tent to disk.
507 If you turn on this option, more data is written to disk and is
508 available when the leave-temps option is enabled at the cost of
509 more disk writes.
510 Default: no
511 MaxScanTime SIZE
513 This option sets the maximum amount of time a scan may take to
514 complete. The value is in milliseconds. The value of 0 disables
515 the limit. WARNING: disabling this limit or setting it too high
516 may result allow scanning of certain files to lock up the scan‐
517 ning process/threads resulting in a Denial of Service.
518 Default: 120000
519 MaxScanSize SIZE
521 Sets the maximum amount of data to be scanned for each input
522 file. Archives and other containers are recursively extracted
523 and scanned up to this value. The size of an archive plus the
524 sum of the sizes of all files within archive count toward the
525 scan size. For example, a 1M uncompressed archive containing a
526 single 1M inner file counts as 2M toward the max scan size.
527 Warning: disabling this limit or setting it too high may result
528 in severe damage to the system.
529 Default: 400M
530 MaxFileSize SIZE
532 Files larger than this limit won't be scanned. Affects the input
533 file itself as well as files contained inside it (when the input
534 file is an archive, a document or some other kind of container).
535 Warning: disabling this limit or setting it too high may result
536 in severe damage to the system. Technical design limitations
537 prevent ClamAV from scanning files greater than 2 GB at this
538 time.
539 Default: 100M
540 MaxRecursion NUMBER
542 Nested archives are scanned recursively, e.g. if a Zip archive
543 contains a RAR file, all files within it will also be scanned.
544 This options specifies how deeply the process should be contin‐
545 ued. Warning: setting this limit too high may result in severe
546 damage to the system.
547 Default: 17
548 MaxFiles NUMBER
550 Number of files to be scanned within an archive, a document, or
551 any other kind of container. Warning: disabling this limit or
552 setting it too high may result in severe damage to the system.
553 Default: 10000
554 MaxEmbeddedPE SIZE
556 This option sets the maximum size of a file to check for embed‐
557 ded PE.
558 Files larger than this value will skip the additional analysis
559 step.
560 Negative values are not allowed.
561 Default: 40M
562 MaxHTMLNormalize SIZE
564 This option sets the maximum size of a HTML file to normalize.
565 HTML files larger than this value will not be normalized or
566 scanned.
567 Negative values are not allowed.
568 Default: 40M
569 MaxHTMLNoTags SIZE
571 This option sets the maximum size of a normalized HTML file to
572 scan.
573 HTML files larger than this value after normalization will not
574 be scanned.
575 Negative values are not allowed.
576 Default: 8M
577 MaxScriptNormalize SIZE
579 This option sets the maximum size of a script file to normalize.
580 Script content larger than this value will not be normalized or
581 scanned.
582 Negative values are not allowed.
583 Default: 20M
584 MaxZipTypeRcg SIZE
586 This option sets the maximum size of a ZIP file to reanalyze
587 type recognition.
588 ZIP files larger than this value will skip the step to poten‐
589 tially reanalyze as PE.
590 Negative values are not allowed.
591 WARNING: setting this limit too high may result in severe damage
592 or impact performance.
593 Default: 1M
594 MaxPartitions SIZE
596 This option sets the maximum number of partitions of a raw disk
597 image to be scanned.
598 Raw disk images with more partitions than this value will have
599 up to the value partitions scanned.
600 Negative values are not allowed.
601 WARNING: setting this limit too high may result in severe damage
602 or impact performance.
603 Default: 50
604 MaxIconsPE SIZE
606 This option sets the maximum number of icons within a PE to be
607 scanned.
608 PE files with more icons than this value will have up to the
609 value number icons scanned.
610 Negative values are not allowed.
611 WARNING: setting this limit too high may result in severe damage
612 or impact performance.
613 Default: 100
614 MaxRecHWP3 NUMBER
616 This option sets the maximum recursive calls to HWP3 parsing
617 function.
618 HWP3 files using more than this limit will be terminated and
619 alert the user.
620 Scans will be unable to scan any HWP3 attachments if the recur‐
621 sive limit is reached.
622 Negative values are not allowed.
623 WARNING: setting this limit too high may result in severe damage
624 or impact performance.
625 Default: 16
626 PCREMatchLimit NUMBER
628 This option sets the maximum calls to the PCRE match function
629 during an instance of regex matching.
630 Instances using more than this limit will be terminated and
631 alert the user but the scan will continue.
632 For more information on match_limit, see the PCRE documentation.
633 Negative values are not allowed.
634 WARNING: setting this limit too high may severely impact perfor‐
635 mance.
636 Default: 10000
637 PCRERecMatchLimit NUMBER
639 This option sets the maximum recursive calls to the PCRE match
640 function during an instance of regex matching.
641 Instances using more than this limit will be terminated and
642 alert the user but the scan will continue.
643 For more information on match_limit_recursion, see the PCRE doc‐
644 umentation.
645 Negative values are not allowed and values > PCREMatchLimit are
646 superfluous.
647 WARNING: setting this limit too high may severely impact perfor‐
648 mance.
649 Default: 2000
650 PCREMaxFileSize SIZE
652 This option sets the maximum filesize for which PCRE subsigs
653 will be executed.
654 Files exceeding this limit will not have PCRE subsigs executed
655 unless a subsig is encompassed to a smaller buffer.
656 Negative values are not allowed.
657 Setting this value to zero disables the limit.
658 WARNING: setting this limit too high or disabling it may se‐
659 verely impact performance.
660 Default: 100M
661 OnAccessIncludePath STRING
663 This option specifies a directory (including all files and di‐
664 rectories inside it), which should be scanned on access. This
665 option can be used multiple times.
666 Default: disabled
667 OnAccessExcludePath STRING
669 This option allows excluding directories from on-access scan‐
670 ning. It can be used multiple times.
671 Default: disabled
672 OnAccessExcludeRootUID BOOL
674 With this option you can exclude the root UID (0). Processes run
675 under root will be able to access all files without triggering
676 scans or permission denied events.
677 Note that if clamd cannot check the uid of the process that gen‐
678 erated an on-access scan event (e.g., because OnAccessPrevention
679 was not enabled, and the process already exited), clamd will
680 perform a scan. Thus, setting OnAccessExcludeRootUID is not
681 guaranteed to prevent every access by the root user from trig‐
682 gering a scan (unless OnAccessPrevention is enabled).
683 Default: no
684 OnAccessExcludeUID NUMBER
686 With this option you can exclude specific UIDs. Processes with
687 these UIDs will be able to access all files without triggering
688 scans or permission denied events.
689 This option can be used multiple times (one per line).
690 Note: using a value of 0 on any line will disable this option
691 entirely. To exclude the root UID (0) please enable the OnAcces‐
692 sExcludeRootUID option.
693 Also note that if clamd cannot check the uid of the process that
694 generated an on-access scan event (e.g., because OnAccessPreven‐
695 tion was not enabled, and the process already exited), clamd
696 will perform a scan. Thus, setting OnAccessExcludeUID is not
697 guaranteed to prevent every access by the specified uid from
698 triggering a scan (unless OnAccessPrevention is enabled).
699 Default: disabled
700 OnAccessExcludeUname STRING
702 This option allows exclusions via user names when using the on-
703 access scanning client. It can be used multiple times, and has
704 the same potential race condition limitations of the OnAccessEx‐
705 cludeUID option.
706 Default: disabled
707 OnAccessMaxFileSize SIZE
709 Files larger than this value will not be scanned in on access.
710 Default: 5M
711 OnAccessMaxThreads NUMBER
713 Max number of scanning threads to allocate to the OnAccess
714 thread pool at startup. These threads are the ones responsible
715 for creating a connection with the daemon and kicking off scan‐
716 ning after an event has been processed. To prevent clamonacc
717 from consuming all clamd's resources keep this lower than
718 clamd's max threads.
719 Default: 5
720 OnAccessCurlTimeout NUMBER
722 Max amount of time (in milliseconds) that the OnAccess client
723 should spend for every connect, send, and recieve attempt when
724 communicating with clamd via curl.
725 Default: 5000 (5 seconds)
726 OnAccessMountPath STRING
728 Specifies a mount point (including all files and directories un‐
729 der it), which should be scanned on access. This option can be
730 used multiple times.
731 Default: disabled
732 OnAccessDisableDDD BOOL
734 Disables the dynamic directory determination system which allows
735 for recursively watching include paths.
736 Default: no
737 OnAccessPrevention BOOL
739 Enables fanotify blocking when malicious files are found.
740 Default: disabled
741 OnAccessRetryAttempts NUMBER
743 Number of times the OnAccess client will retry a failed scan due
744 to connection problems (or other issues).
745 Default: 0
746 OnAccessDenyOnError BOOL
748 When using prevention, if this option is turned on, any errors
749 that occur during scanning will result in the event attempt be‐
750 ing denied. This could potentially lead to unwanted system be‐
751 haviour with certain configurations, so the client defaults this
752 to off and prefers allowing access events in case of scan or
753 connection error.
754 Default: no
755 OnAccessExtraScanning BOOL
757 Toggles extra scanning and notifications when a file or direc‐
758 tory is created or moved.
759 Requires the DDD system to kick-off extra scans.
760 Default: no
761 DisableCertCheck BOOL
763 Disable authenticode certificate chain verification in PE files.
764 Default: no
765
767 All options expressing a size are limited to max 4GB. Values in excess
768 will be reset to the maximum.
769
771 /etc/clamd.d/scan.conf
772
774 Tomasz Kojm <tkojm@clamav.net>, Kevin Lin <klin@sourcefire.com>
775
777 clamd(8), clamdscan(1), clamav-milter(8), freshclam(1), fresh‐
778 clam.conf(5)
779ClamAV 1.0.4 December 4, 2013 clamd.conf(5)