#### Example config file for the Clam AV daemon## Please read the clamd.conf(5) manual before editing this file.### Uncomment this option to enable logging.# LogFile must be writable for the user running daemon.# A full path is required.# Default: disabledLogFile /var/log/clamd.log# By default the log file is locked for writing - the lock protects against# running clamd multiple times (if want to run another clamd, please# copy the configuration file, change the LogFile variable, and run# the daemon with --config-file option).# This option disables log file locking.# Default: no#LogFileUnlock yes# Maximum size of the log file.# Value of 0 disables the limit.# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size# in bytes just don't use modifiers.# Default: 1MLogFileMaxSize 0# Log time with each message.# Default: noLogTime yes# Also log clean files. Useful in debugging but drastically increases the# log size.# Default: no#LogClean yes# Use system logger (can work together with LogFile).# Default: no#LogSyslog yes# Specify the type of syslog messages - please refer to 'man syslog'# for facility names.# Default: LOG_LOCAL6#LogFacility LOG_MAIL# Enable verbose logging.# Default: no#LogVerbose yes# This option allows you to save a process identifier of the listening# daemon (main thread).# Default: disabled#PidFile /var/run/clamd.pid# Optional path to the global temporary directory.# Default: system specific (usually /tmp or /var/tmp).TemporaryDirectory /var/tmp# Path to the database directory.# Default: hardcoded (depends on installation options)DatabaseDirectory /usr/local/clamXav/share/clamav# The daemon works in a local OR a network mode. Due to security reasons we# recommend the local mode.# Path to a local socket file the daemon will listen on.# Default: disabled (must be specified by a user)LocalSocket /tmp/clamd# Remove stale socket after unclean shutdown.# Default: noFixStaleSocket yes# TCP port address.# Default: no#TCPSocket 3310# TCP address.# By default we bind to INADDR_ANY, probably not wise.# Enable the following to provide some degree of protection# from the outside world.# Default: noTCPAddr 127.0.0.1# Maximum length the queue of pending connections may grow to.# Default: 15MaxConnectionQueueLength 30# Clamd uses FTP-like protocol to receive data from remote clients.# If you are using clamav-milter to balance load between remote clamd daemons# on firewall servers you may need to tune the options below.# Close the connection when the data size limit is exceeded.# The value should match your MTA's limit for a maximum attachment size.# Default: 10M#StreamMaxLength 20M# Limit port range.# Default: 1024#StreamMinPort 30000# Default: 2048#StreamMaxPort 32000# Maximum number of threads running at the same time.# Default: 10MaxThreads 20# Waiting for data from a client socket will timeout after this time (seconds).# Value of 0 disables the timeout.# Default: 120#ReadTimeout 300# Waiting for a new job will timeout after this time (seconds).# Default: 30#IdleTimeout 60# Maximum depth directories are scanned at.# Default: 15#MaxDirectoryRecursion 20# Follow directory symlinks.# Default: no#FollowDirectorySymlinks yes# Follow regular file symlinks.# Default: no#FollowFileSymlinks yes# Perform a database check.# Default: 1800 (30 min)#SelfCheck 600# Execute a command when virus is found. In the command string %v will# be replaced with the virus name.# Default: no#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"# Run as another user (clamd must be started by root to make this option# working).# Default: don't drop privilegesUser clamav# Initialize supplementary group access (clamd must be started by root).# Default: no#AllowSupplementaryGroups no# Stop daemon when libclamav reports out of memory condition.ExitOnOOM yes# Don't fork into background.# Default: no#Foreground yes# Enable debug messages in libclamav.# Default: no#Debug yes# Do not remove temporary files (for debug purposes).# Default: no#LeaveTemporaryFiles yes# In some cases (eg. complex malware, exploits in graphic files, and others),# ClamAV uses special algorithms to provide accurate detection. This option# controls the algorithmic detection.# Default: yes#AlgorithmicDetection yes#### Executable files### PE stands for Portable Executable - it's an executable file format used# in all 32 and 64-bit versions of Windows operating systems. This option allows# ClamAV to perform a deeper analysis of executable files and it's also# required for decompression of popular executable packers such as UPX, FSG,# and Petite.# Default: yes#ScanPE yes# Executable and Linking Format is a standard format for UN*X executables.# This option allows you to control the scanning of ELF files.# Default: yes#ScanELF yes# With this option clamav will try to detect broken executables (both PE and# ELF) and mark them as Broken.Executable.# Default: no#DetectBrokenExecutables yes#### Documents### This option enables scanning of OLE2 files, such as Microsoft Office# documents and .msi files.# Default: yes#ScanOLE2 yes# This option enables scanning within PDF files# Default: noScanPDF yes#### Mail files### Enable internal e-mail scanner.# Default: yes#ScanMail no# If an email contains URLs ClamAV can download and scan them.# WARNING: This option may open your system to a DoS attack.#	   Never use it on loaded servers.# Default: no#MailFollowURLs no# Recursion level limit for the mail scanner.# Default: 64#MailMaxRecursion 128# With this option enabled ClamAV will try to detect phishing attempts by using# signatures.# Default: yes#PhishingSignatures yes# Scan urls found in mails for phishing attempts.# (available in experimental builds only) # Default: yes#PhishingScanURLs yes# Use phishing detection only for domains listed in the .pdb database. It is# not recommended to have this option turned off, because scanning of all# domains may lead to many false positives!# (available in experimental builds only)# Default: yes#PhishingRestrictedScan yes# Always block SSL mismatches in URLs, even if the URL isn't in the database.# This can lead to false positives.# (available in experimental builds only)## Default: no#PhishingAlwaysBlockSSLMismatch no# Always block cloaked URLs, even if URL isn't in database.# This can lead to false positives.# (available in experimental builds only)## Default: no#PhishingAlwaysBlockCloak no#### HTML### Perform HTML normalisation and decryption of MS Script Encoder code.# Default: yes#ScanHTML yes#### Archives### ClamAV can scan within archives and compressed files.# Default: yes#ScanArchive yes# The options below protect your system against Denial of Service attacks# using archive bombs.# Files in archives larger than this limit won't be scanned.# Value of 0 disables the limit.# Default: 10MArchiveMaxFileSize 100M# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR# file, all files within it will also be scanned. This options specifies how# deeply the process should be continued.# Value of 0 disables the limit.# Default: 8#ArchiveMaxRecursion 10# Number of files to be scanned within an archive.# Value of 0 disables the limit.# Default: 1000#ArchiveMaxFiles 1500# If a file in an archive is compressed more than ArchiveMaxCompressionRatio# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)# Value of 0 disables the limit.# Default: 250ArchiveMaxCompressionRatio 0# Use slower but memory efficient decompression algorithm.# only affects the bzip2 decompressor.# Default: no#ArchiveLimitMemoryUsage yes# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).# Default: no#ArchiveBlockEncrypted no# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is# reached.# Default: no#ArchiveBlockMax no# Enable support for Sensory Networks' NodalCore hardware accelerator.# Default: no#NodalCoreAcceleration yes#### Clamuko settings## WARNING: This is experimental software. It is very likely it will hang##	    up your system!!!### Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.# Default: no#ClamukoScanOnAccess yes# Set access mask for Clamuko.# Default: no#ClamukoScanOnOpen yes#ClamukoScanOnClose yes#ClamukoScanOnExec yes# Set the include paths (all files inside them will be scanned). You can have# multiple ClamukoIncludePath directives but each directory must be added# in a seperate line.# Default: disabled#ClamukoIncludePath /home#ClamukoIncludePath /students# Set the exclude paths. All subdirectories are also excluded.# Default: disabled#ClamukoExcludePath /home/bofh# Don't scan files larger than ClamukoMaxFileSize# Value of 0 disables the limit.# Default: 5M#ClamukoMaxFileSize 10M