1clamd.conf(5) Clam AntiVirus clamd.conf(5)
2
6 clamd.conf - Configuration file for Clam AntiVirus Daemon
7
9 clamd.conf configures the Clam AntiVirus daemon, clamd(8).
10
12 The file consists of comments and options with arguments. Each line
13 which starts with a hash (#) symbol is ignored by the parser. Options
14 and arguments are case sensitive and of the form Option Argument. The
15 arguments are of the following types:
16 BOOL Boolean value (yes/no or true/false or 1/0).
18 STRING String without blank characters.
20 SIZE Size in bytes. You can use 'M' or 'm' modifiers for megabytes
22 and 'K' or 'k' for kilobytes.
23 NUMBER Unsigned integer.
25
27 When some option is not used (commented out or not included in the con‐
28 figuration file at all) clamd takes a default action.
29 Example
31 If this option is set clamd will not run.
32 LogFile STRING
34 Enable logging to selected file.
35 Default: no
36 LogFileUnlock BOOL
38 Disable a system lock that protects against running clamd with
39 the same configuration file multiple times.
40 Default: no
41 LogFileMaxSize SIZE
43 Limit the size of the log file. The logger will be automatically
44 disabled if the file is greater than SIZE. Value of 0 disables
45 the limit.
46 Default: 1M
47 LogTime BOOL
49 Log time for each message.
50 Default: no
51 LogClean BOOL
53 Log clean files.
54 Default: no
55 LogSyslog BOOL
57 Use system logger (can work together with LogFile).
58 Default: no
59 LogFacility STRING
61 Specify the type of syslog messages - please refer to 'man sys‐
62 log' for facility names.
63 Default: LOG_LOCAL6
64 LogVerbose BOOL
66 Enable verbose logging.
67 Default: no
68 PidFile STRING
70 Save the process identifier of a listening daemon (main thread)
71 to a specified file.
72 Default: no
73 TemporaryDirectory STRING
75 Optional path to the global temporary directory.
76 Default: system specific (usually /tmp or /var/tmp).
77 DatabaseDirectory STRING
79 Path to a directory containing database files.
80 Default: /var/lib/clamav
81 LocalSocket STRING
83 Path to a local (Unix) socket the daemon will listen on.
84 Default: no
85 FixStaleSocket BOOL
87 Remove stale socket after unclean shutdown.
88 Default: yes
89 TCPSocket NUMBER
91 TCP port number the daemon will listen on.
92 Default: no
93 TCPAddr STRING
95 TCP socket address to bind to. By default clamd binds to
96 INADDR_ANY.
97 Default: no
98 MaxConnectionQueueLength NUMBER
100 Maximum length the queue of pending connections may grow to.
101 Default: 15
102 MaxThreads NUMBER
104 Maximum number of threads running at the same time.
105 Default: 10
106 ReadTimeout NUMBER
108 Waiting for data from a client socket will timeout after this
109 time (seconds).
110 Default: 120
111 IdleTimeout NUMBER
113 Waiting for a new job will timeout after this time (seconds).
114 Default: 30
115 MaxDirectoryRecursion NUMBER
117 Maximum depth directories are scanned at.
118 Default: 15
119 FollowDirectorySymlinks BOOL
121 Follow directory symlinks.
122 Default: no
123 FollowFileSymlinks BOOL
125 Follow regular file symlinks.
126 Default: no
127 SelfCheck NUMBER
129 Perform a database check.
130 Default: 1800
131 VirusEvent COMMAND
133 Execute COMMAND when a virus is found. In the command string %v
134 will be replaced with the virus name.
135 Default: no
136 ExitOnOOM BOOL
138 Stop daemon when libclamav reports out of memory condition.
139 Default: no
140 User STRING
142 Run as another user (clamd must be started by root to make this
143 option working).
144 Default: no
145 AllowSupplementaryGroups BOOL
147 Initialize supplementary group access (clamd must be started by
148 root).
149 Default: no
150 Foreground BOOL
152 Don't fork into background.
153 Default: no
154 Debug BOOL
156 Enable debug messages from libclamav.
157 LeaveTemporaryFiles BOOL
159 Do not remove temporary files (for debug purpose).
160 Default: no
161 StreamMaxLength SIZE
163 Clamd uses FTP-like protocol to receive data from remote
164 clients. If you are using clamav-milter to balance load between
165 remote clamd daemons on firewall servers you may need to tune
166 the Stream* options. This option allows you to specify the upper
167 limit for data size that will be transfered to remote daemon
168 when scanning a single file. It should match your MTA's limit
169 for a maximum attachment size.
170 Default: 10M
171 StreamMinPort NUMBER
173 Limit data port range.
174 Default: 1024
175 StreamMaxPort NUMBER
177 Limit data port range.
178 Default: 2048
179 DetectPUA
181 Detect Possibly Unwanted Applications.
182 Default: No
183 AlgorithmicDetection BOOL
185 In some cases (eg. complex malware, exploits in graphic files,
186 and others), ClamAV uses special algorithms to provide accurate
187 detection. This option controls the algorithmic detection.
188 Default: yes
189 ScanPE BOOL
191 PE stands for Portable Executable - it's an executable file for‐
192 mat used in all 32 and 64-bit versions of Windows operating sys‐
193 tems. This option allows ClamAV to perform a deeper analysis of
194 executable files and it's also required for decompression of
195 popular executable packers such as UPX.
196 Default: yes
197 ScanELF BOOL
199 Executable and Linking Format is a standard format for UN*X exe‐
200 cutables. This option allows you to control the scanning of ELF
201 files.
202 Default: yes
203 DetectBrokenExecutables BOOL
205 With this option clamd will try to detect broken executables
206 (both PE and ELF) and mark them as Broken.Executable.
207 Default: no
208 ScanOLE2 BOOL
210 This option enables scanning of OLE2 files, such as Microsoft
211 Office documents and .msi files.
212 Default: yes
213 ScanPDF BOOL
215 This option enables scanning within PDF files.
216 Default: no
217 ScanHTML BOOL
219 Enables HTML detection and normalisation.
220 Default: yes
221 ScanMail BOOL
223 Enable scanning of mail files.
224 Default: yes
225 MailFollowURLs BOOL
227 If an email contains URLs ClamAV can download and scan them.
228 WARNING: This option may open your system to a DoS attack. Never
229 use it on loaded servers.
230 Default: no
231 MailMaxRecursion NUMBER
233 Recursion level limit for the mail scanner.
234 Default: 64
235 PhishingSignatures BOOL
237 With this option enabled ClamAV will try to detect phishing
238 attempts by using signatures.
239 Default: yes
240 PhishingScanURLs BOOL
242 Scan URLs found in mails for phishing attempts using heuristics.
243 This will classify "Possibly Unwanted" phishing emails as Phish‐
244 ing.Heuristics.Email.*
245 Default: yes
246 PhishingRestrictedScan BOOL
248 Use phishing detection only for domains listed in the .pdb data‐
249 base. It is not recommended to have this option turned off,
250 because scanning of all domains may lead to many false posi‐
251 tives!
252 Default: yes
253 PhishingAlwaysBlockSSLMismatch BOOL
255 Always block SSL mismatches in URLs, even if the URL isn't in
256 the database. This can lead to false positives.
257 Default: no
258 PhishingAlwaysBlockCloak BOOL
260 Always block cloaked URLs, even if URL isn't in database. This
261 can lead to false positives.
262 Default: no
263 ScanArchive BOOL
265 Enable archive scanning.
266 Default: yes
267 ArchiveMaxFileSize SIZE
269 Files in archives larger than this limit won't be scanned. Value
270 of 0 disables the limit.
271 Default: 10M
272 ArchiveMaxRecursion NUMBER
274 Limit archive recursion level. Value of 0 disables the limit.
275 Default: 8
276 ArchiveMaxFiles NUMBER
278 Number of files to be scanned within an archive. Value of 0 dis‐
279 ables the limit.
280 Default: 1000
281 ArchiveMaxCompressionRatio NUMBER
283 Analyze compression ratio of every file in an archive and mark
284 potential archive bombs as viruses (0 disables the limit).
285 Default: 250
286 ArchiveLimitMemoryUsage BOOL
288 Use slower decompression algorithm which uses less memory. This
289 option only affects the bzip2 decompressor.
290 Default: no
291 ArchiveBlockEncrypted BOOL
293 Mark encrypted archives as viruses (Encrypted.Zip,
294 Encrypted.RAR).
295 Default: no
296 ArchiveBlockMax BOOL
298 Mark archives as viruses (e.g RAR.ExceededFileSize, Zip.Exceed‐
299 edFilesLimit) if ArchiveMaxFiles, ArchiveMaxFileSize, or
300 ArchiveMaxRecursion limit is reached.
301 Default: no
302 ClamukoScanOnAccess BOOL
304 Enable Clamuko. Dazuko (/dev/dazuko) must be configured and run‐
305 ning.
306 Default: no
307 ClamukoScanOnOpen BOOL
309 Scan files on open.
310 Default: no
311 ClamukoScanOnClose BOOL
313 Scan files on close.
314 Default: no.
315 ClamukoScanOnExec BOOL
317 Scan files on execute.
318 Default: no
319 ClamukoIncludePath STRING
321 Set the include paths (all files and directories inside them
322 will be scanned). You can have multiple ClamukoIncludePath
323 directives but each directory must be added in a separate line).
324 Default: no
325 ClamukoExcludePath STRING
327 Set the exclude paths. All subdirectories will also be excluded.
328 Default: no
329 ClamukoMaxFileSize SIZE
331 Ignore files larger than SIZE.
332 Default: 5M
333
335 /etc/clamd.conf
336
338 Tomasz Kojm <tkojm@clamav.net>
339
341 clamd(8), clamdscan(1), clamav-milter(8), clamscan(1), freshclam(1),
342 sigtool(1)
343ClamAV 0.92.1 February 12, 2007 clamd.conf(5)