Blame ansible/roles/pagure-dev/files/clamd.conf

Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Example config file for the Clam AV daemon
Jeremy Cline 4e3668
## Please read the clamd.conf(5) manual before editing this file.
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Comment or remove the line below.
Jeremy Cline 4e3668
# Example
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Uncomment this option to enable logging.
Jeremy Cline 4e3668
# LogFile must be writable for the user running daemon.
Jeremy Cline 4e3668
# A full path is required.
Jeremy Cline 4e3668
# Default: disabled
Jeremy Cline 4e3668
#LogFile /var/log/clamd.<service></service>
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# By default the log file is locked for writing - the lock protects against
Jeremy Cline 4e3668
# running clamd multiple times (if want to run another clamd, please
Jeremy Cline 4e3668
# copy the configuration file, change the LogFile variable, and run
Jeremy Cline 4e3668
# the daemon with --config-file option).
Jeremy Cline 4e3668
# This option disables log file locking.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#LogFileUnlock yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum size of the log file.
Jeremy Cline 4e3668
# Value of 0 disables the limit.
Jeremy Cline 4e3668
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
Jeremy Cline 4e3668
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
Jeremy Cline 4e3668
# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
Jeremy Cline 4e3668
# rotation (the LogRotate option) will always be enabled.
Jeremy Cline 4e3668
# Default: 1M
Jeremy Cline 4e3668
#LogFileMaxSize 2M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Log time with each message.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#LogTime yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Also log clean files. Useful in debugging but drastically increases the
Jeremy Cline 4e3668
# log size.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#LogClean yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Use system logger (can work together with LogFile).
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
LogSyslog yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Specify the type of syslog messages - please refer to 'man syslog'
Jeremy Cline 4e3668
# for facility names.
Jeremy Cline 4e3668
# Default: LOG_LOCAL6
Jeremy Cline 4e3668
#LogFacility LOG_MAIL
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable verbose logging.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#LogVerbose yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#LogRotate yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Log additional information about the infected file, such as its
Jeremy Cline 4e3668
# size and hash, together with the virus name.
Jeremy Cline 4e3668
#ExtendedDetectionInfo yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option allows you to save a process identifier of the listening
Jeremy Cline 4e3668
# daemon (main thread).
Jeremy Cline 4e3668
# Default: disabled
Jeremy Cline 4e3668
#PidFile /var/run/clamd.<service>/clamd.pid</service>
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Optional path to the global temporary directory.
Jeremy Cline 4e3668
# Default: system specific (usually /tmp or /var/tmp).
Jeremy Cline 4e3668
#TemporaryDirectory /var/tmp
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Path to the database directory.
Jeremy Cline 4e3668
# Default: hardcoded (depends on installation options)
Jeremy Cline 4e3668
#DatabaseDirectory /var/lib/clamav
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Only load the official signatures published by the ClamAV project.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#OfficialDatabaseOnly no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# The daemon can work in local mode, network mode or both. 
Jeremy Cline 4e3668
# Due to security reasons we recommend the local mode.
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Path to a local socket file the daemon will listen on.
Jeremy Cline 4e3668
# Default: disabled (must be specified by a user)
Jeremy Cline 4e3668
LocalSocket /var/lib/clamav/clamd.sock
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Sets the group ownership on the unix socket.
Jeremy Cline 4e3668
# Default: disabled (the primary group of the user running clamd)
Jeremy Cline 4e3668
LocalSocketGroup clamupdate
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Sets the permissions on the unix socket to the specified mode.
Jeremy Cline 4e3668
# Default: disabled (socket is world accessible)
Jeremy Cline 4e3668
#LocalSocketMode 660
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Remove stale socket after unclean shutdown.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#FixStaleSocket yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# TCP port address.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#TCPSocket 3310
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# TCP address.
Jeremy Cline 4e3668
# By default we bind to INADDR_ANY, probably not wise.
Jeremy Cline 4e3668
# Enable the following to provide some degree of protection
Jeremy Cline 4e3668
# from the outside world. This option can be specified multiple
Jeremy Cline 4e3668
# times if you want to listen on multiple IPs. IPv6 is now supported.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#TCPAddr 127.0.0.1
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum length the queue of pending connections may grow to.
Jeremy Cline 4e3668
# Default: 200
Jeremy Cline 4e3668
#MaxConnectionQueueLength 30
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Clamd uses FTP-like protocol to receive data from remote clients.
Jeremy Cline 4e3668
# If you are using clamav-milter to balance load between remote clamd daemons
Jeremy Cline 4e3668
# on firewall servers you may need to tune the options below.
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Close the connection when the data size limit is exceeded.
Jeremy Cline 4e3668
# The value should match your MTA's limit for a maximum attachment size.
Jeremy Cline 4e3668
# Default: 25M
Jeremy Cline 4e3668
#StreamMaxLength 10M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Limit port range.
Jeremy Cline 4e3668
# Default: 1024
Jeremy Cline 4e3668
#StreamMinPort 30000
Jeremy Cline 4e3668
# Default: 2048
Jeremy Cline 4e3668
#StreamMaxPort 32000
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum number of threads running at the same time.
Jeremy Cline 4e3668
# Default: 10
Jeremy Cline 4e3668
#MaxThreads 20
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Waiting for data from a client socket will timeout after this time (seconds).
Jeremy Cline 4e3668
# Default: 120
Jeremy Cline 4e3668
#ReadTimeout 300
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option specifies the time (in seconds) after which clamd should
Jeremy Cline 4e3668
# timeout if a client doesn't provide any initial command after connecting.
Jeremy Cline 4e3668
# Default: 5
Jeremy Cline 4e3668
#CommandReadTimeout 5
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
Jeremy Cline 4e3668
# Keep this value low to prevent clamd hanging
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: 500
Jeremy Cline 4e3668
#SendBufTimeout 200
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum number of queued items (including those being processed by MaxThreads threads)
Jeremy Cline 4e3668
# It is recommended to have this value at least twice MaxThreads if possible.
Jeremy Cline 4e3668
# WARNING: you shouldn't increase this too much to avoid running out  of file descriptors,
Jeremy Cline 4e3668
# the following condition should hold:
Jeremy Cline 4e3668
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: 100
Jeremy Cline 4e3668
#MaxQueue 200
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Waiting for a new job will timeout after this time (seconds).
Jeremy Cline 4e3668
# Default: 30
Jeremy Cline 4e3668
#IdleTimeout 60
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Don't scan files and directories matching regex
Jeremy Cline 4e3668
# This directive can be used multiple times
Jeremy Cline 4e3668
# Default: scan all
Jeremy Cline 4e3668
#ExcludePath ^/proc/
Jeremy Cline 4e3668
#ExcludePath ^/sys/
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum depth directories are scanned at.
Jeremy Cline 4e3668
# Default: 15
Jeremy Cline 4e3668
#MaxDirectoryRecursion 20
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Follow directory symlinks.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#FollowDirectorySymlinks yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Follow regular file symlinks.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#FollowFileSymlinks yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Scan files and directories on other filesystems.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#CrossFilesystems yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Perform a database check.
Jeremy Cline 4e3668
# Default: 600 (10 min)
Jeremy Cline 4e3668
#SelfCheck 600
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Execute a command when virus is found. In the command string %v will
Jeremy Cline 4e3668
# be replaced with the virus name.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Run as another user (clamd must be started by root for this option to work)
Jeremy Cline 4e3668
# Default: don't drop privileges
Jeremy Cline 4e3668
User clamupdate
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Initialize supplementary group access (clamd must be started by root).
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
AllowSupplementaryGroups yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Stop daemon when libclamav reports out of memory condition.
Jeremy Cline 4e3668
#ExitOnOOM yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Don't fork into background.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#Foreground yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable debug messages in libclamav.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#Debug yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Do not remove temporary files (for debug purposes).
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#LeaveTemporaryFiles yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
Jeremy Cline 4e3668
# any ALLMATCHSCAN command as invalid.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#AllowAllMatchScan no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Detect Possibly Unwanted Applications.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#DetectPUA yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Exclude a specific PUA category. This directive can be used multiple times.
Jeremy Cline 4e3668
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for 
Jeremy Cline 4e3668
# the complete list of PUA categories.
Jeremy Cline 4e3668
# Default: Load all categories (if DetectPUA is activated)
Jeremy Cline 4e3668
#ExcludePUA NetTool
Jeremy Cline 4e3668
#ExcludePUA PWTool
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Only include a specific PUA category. This directive can be used multiple
Jeremy Cline 4e3668
# times.
Jeremy Cline 4e3668
# Default: Load all categories (if DetectPUA is activated)
Jeremy Cline 4e3668
#IncludePUA Spy
Jeremy Cline 4e3668
#IncludePUA Scanner
Jeremy Cline 4e3668
#IncludePUA RAT
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# In some cases (eg. complex malware, exploits in graphic files, and others),
Jeremy Cline 4e3668
# ClamAV uses special algorithms to provide accurate detection. This option
Jeremy Cline 4e3668
# controls the algorithmic detection.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#AlgorithmicDetection yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option causes memory or nested map scans to dump the content to disk.
Jeremy Cline 4e3668
# If you turn on this option, more data is written to disk and is available
Jeremy Cline 4e3668
# when the LeaveTemporaryFiles option is enabled.
Jeremy Cline 4e3668
#ForceToDisk yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option allows you to disable the caching feature of the engine. By
Jeremy Cline 4e3668
# default, the engine will store an MD5 in a cache of any files that are
Jeremy Cline 4e3668
# not flagged as virus or that hit limits checks. Disabling the cache will
Jeremy Cline 4e3668
# have a negative performance impact on large scans.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#DisableCache yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Executable files
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# PE stands for Portable Executable - it's an executable file format used
Jeremy Cline 4e3668
# in all 32 and 64-bit versions of Windows operating systems. This option allows
Jeremy Cline 4e3668
# ClamAV to perform a deeper analysis of executable files and it's also
Jeremy Cline 4e3668
# required for decompression of popular executable packers such as UPX, FSG,
Jeremy Cline 4e3668
# and Petite. If you turn off this option, the original files will still be
Jeremy Cline 4e3668
# scanned, but without additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanPE yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Certain PE files contain an authenticode signature. By default, we check
Jeremy Cline 4e3668
# the signature chain in the PE file against a database of trusted and
Jeremy Cline 4e3668
# revoked certificates if the file being scanned is marked as a virus.
Jeremy Cline 4e3668
# If any certificate in the chain validates against any trusted root, but
Jeremy Cline 4e3668
# does not match any revoked certificate, the file is marked as whitelisted.
Jeremy Cline 4e3668
# If the file does match a revoked certificate, the file is marked as virus.
Jeremy Cline 4e3668
# The following setting completely turns off authenticode verification.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#DisableCertCheck yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Executable and Linking Format is a standard format for UN*X executables.
Jeremy Cline 4e3668
# This option allows you to control the scanning of ELF files.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanELF yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option clamav will try to detect broken executables (both PE and
Jeremy Cline 4e3668
# ELF) and mark them as Broken.Executable.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#DetectBrokenExecutables yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Documents
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option enables scanning of OLE2 files, such as Microsoft Office
Jeremy Cline 4e3668
# documents and .msi files.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanOLE2 yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option enabled OLE2 files with VBA macros, which were not
Jeremy Cline 4e3668
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#OLE2BlockMacros no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option enables scanning within PDF files.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without decoding and additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanPDF yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option enables scanning within SWF files.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without decoding and additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanSWF yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option enables scanning xml-based document files supported by libclamav.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanXMLDOCS yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option enables scanning of HWP3 files.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanHWP3 yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Mail files
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable internal e-mail scanner.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without parsing individual messages/attachments.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanMail yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Scan RFC1341 messages split over many emails.
Jeremy Cline 4e3668
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
Jeremy Cline 4e3668
# WARNING: This option may open your system to a DoS attack.
Jeremy Cline 4e3668
#	   Never use it on loaded servers.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#ScanPartialMessages yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option enabled ClamAV will try to detect phishing attempts by using
Jeremy Cline 4e3668
# signatures.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#PhishingSignatures yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Scan URLs found in mails for phishing attempts using heuristics.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#PhishingScanURLs yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
Jeremy Cline 4e3668
# This can lead to false positives.
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#PhishingAlwaysBlockSSLMismatch no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Always block cloaked URLs, even if URL isn't in database.
Jeremy Cline 4e3668
# This can lead to false positives.
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#PhishingAlwaysBlockCloak no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Detect partition intersections in raw disk images using heuristics.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#PartitionIntersection no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Allow heuristic match to take precedence.
Jeremy Cline 4e3668
# When enabled, if a heuristic scan (such as phishingScan) detects
Jeremy Cline 4e3668
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
Jeremy Cline 4e3668
# scan-time.
Jeremy Cline 4e3668
# When disabled, virus/phish detected by heuristic scans will be reported only at
Jeremy Cline 4e3668
# the end of a scan. If an archive contains both a heuristically detected
Jeremy Cline 4e3668
# virus/phish, and a real malware, the real malware will be reported
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses 
Jeremy Cline 4e3668
# differently from "real" malware.
Jeremy Cline 4e3668
# If a non-heuristically-detected virus (signature-based) is found first, 
Jeremy Cline 4e3668
# the scan is interrupted immediately, regardless of this config option.
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#HeuristicScanPrecedence yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Data Loss Prevention (DLP)
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable the DLP module
Jeremy Cline 4e3668
# Default: No
Jeremy Cline 4e3668
#StructuredDataDetection yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the lowest number of Credit Card numbers found in a file
Jeremy Cline 4e3668
# to generate a detect.
Jeremy Cline 4e3668
# Default: 3
Jeremy Cline 4e3668
#StructuredMinCreditCardCount 5
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the lowest number of Social Security Numbers found
Jeremy Cline 4e3668
# in a file to generate a detect.
Jeremy Cline 4e3668
# Default: 3
Jeremy Cline 4e3668
#StructuredMinSSNCount 5
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option enabled the DLP module will search for valid
Jeremy Cline 4e3668
# SSNs formatted as xxx-yy-zzzz
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#StructuredSSNFormatNormal yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option enabled the DLP module will search for valid
Jeremy Cline 4e3668
# SSNs formatted as xxxyyzzzz
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#StructuredSSNFormatStripped yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## HTML
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Perform HTML normalisation and decryption of MS Script Encoder code.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without additional processing.
Jeremy Cline 4e3668
#ScanHTML yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Archives
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# ClamAV can scan within archives and compressed files.
Jeremy Cline 4e3668
# If you turn off this option, the original files will still be scanned, but
Jeremy Cline 4e3668
# without unpacking and additional processing.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#ScanArchive yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#ArchiveBlockEncrypted no
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Limits
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# The options below protect your system against Denial of Service attacks
Jeremy Cline 4e3668
# using archive bombs.
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum amount of data to be scanned for each input file.
Jeremy Cline 4e3668
# Archives and other containers are recursively extracted and scanned up to this
Jeremy Cline 4e3668
# value.
Jeremy Cline 4e3668
# Value of 0 disables the limit
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 100M
Jeremy Cline 4e3668
#MaxScanSize 150M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Files larger than this limit won't be scanned. Affects the input file itself
Jeremy Cline 4e3668
# as well as files contained inside it (when the input file is an archive, a
Jeremy Cline 4e3668
# document or some other kind of container).
Jeremy Cline 4e3668
# Value of 0 disables the limit.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 25M
Jeremy Cline 4e3668
#MaxFileSize 30M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
Jeremy Cline 4e3668
# file, all files within it will also be scanned. This options specifies how
Jeremy Cline 4e3668
# deeply the process should be continued.
Jeremy Cline 4e3668
# Note: setting this limit too high may result in severe damage to the system.
Jeremy Cline 4e3668
# Default: 16
Jeremy Cline 4e3668
#MaxRecursion 10
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Number of files to be scanned within an archive, a document, or any other
Jeremy Cline 4e3668
# container file.
Jeremy Cline 4e3668
# Value of 0 disables the limit.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 10000
Jeremy Cline 4e3668
#MaxFiles 15000
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum size of a file to check for embedded PE. Files larger than this value
Jeremy Cline 4e3668
# will skip the additional analysis step.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 10M
Jeremy Cline 4e3668
#MaxEmbeddedPE 10M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum size of a HTML file to normalize. HTML files larger than this value
Jeremy Cline 4e3668
# will not be normalized or scanned.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 10M
Jeremy Cline 4e3668
#MaxHTMLNormalize 10M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum size of a normalized HTML file to scan. HTML files larger than this
Jeremy Cline 4e3668
# value after normalization will not be scanned.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 2M
Jeremy Cline 4e3668
#MaxHTMLNoTags 2M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum size of a script file to normalize. Script content larger than this
Jeremy Cline 4e3668
# value will not be normalized or scanned.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 5M
Jeremy Cline 4e3668
#MaxScriptNormalize 5M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
Jeremy Cline 4e3668
# than this value will skip the step to potentially reanalyze as PE.
Jeremy Cline 4e3668
# Note: disabling this limit or setting it too high may result in severe damage
Jeremy Cline 4e3668
# to the system.
Jeremy Cline 4e3668
# Default: 1M
Jeremy Cline 4e3668
#MaxZipTypeRcg 1M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum number of partitions of a raw disk image to be scanned.
Jeremy Cline 4e3668
# Raw disk images with more partitions than this value will have up to the value number
Jeremy Cline 4e3668
# partitions scanned. Negative values are not allowed.
Jeremy Cline 4e3668
# Note: setting this limit too high may result in severe damage or impact performance.
Jeremy Cline 4e3668
# Default: 50
Jeremy Cline 4e3668
#MaxPartitions 128
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum number of icons within a PE to be scanned.
Jeremy Cline 4e3668
# PE files with more icons than this value will have up to the value number icons scanned.
Jeremy Cline 4e3668
# Negative values are not allowed.
Jeremy Cline 4e3668
# WARNING: setting this limit too high may result in severe damage or impact performance.
Jeremy Cline 4e3668
# Default: 100
Jeremy Cline 4e3668
#MaxIconsPE 200
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum recursive calls for HWP3 parsing during scanning.
Jeremy Cline 4e3668
# HWP3 files using more than this limit will be terminated and alert the user.
Jeremy Cline 4e3668
# Scans will be unable to scan any HWP3 attachments if the recursive limit is reached.
Jeremy Cline 4e3668
# Negative values are not allowed.
Jeremy Cline 4e3668
# WARNING: setting this limit too high may result in severe damage or impact performance.
Jeremy Cline 4e3668
# Default: 16
Jeremy Cline 4e3668
#MaxRecHWP3 16
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum calls to the PCRE match function during an instance of regex matching.
Jeremy Cline 4e3668
# Instances using more than this limit will be terminated and alert the user but the scan will continue.
Jeremy Cline 4e3668
# For more information on match_limit, see the PCRE documentation.
Jeremy Cline 4e3668
# Negative values are not allowed.
Jeremy Cline 4e3668
# WARNING: setting this limit too high may severely impact performance.
Jeremy Cline 4e3668
# Default: 10000
Jeremy Cline 4e3668
#PCREMatchLimit 20000
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum recursive calls to the PCRE match function during an instance of regex matching.
Jeremy Cline 4e3668
# Instances using more than this limit will be terminated and alert the user but the scan will continue.
Jeremy Cline 4e3668
# For more information on match_limit_recursion, see the PCRE documentation.
Jeremy Cline 4e3668
# Negative values are not allowed and values > PCREMatchLimit are superfluous.
Jeremy Cline 4e3668
# WARNING: setting this limit too high may severely impact performance.
Jeremy Cline 4e3668
# Default: 5000
Jeremy Cline 4e3668
#PCRERecMatchLimit 10000
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# This option sets the maximum filesize for which PCRE subsigs will be executed.
Jeremy Cline 4e3668
# Files exceeding this limit will not have PCRE subsigs executed unless a subsig is encompassed to a smaller buffer.
Jeremy Cline 4e3668
# Negative values are not allowed.
Jeremy Cline 4e3668
# Setting this value to zero disables the limit.
Jeremy Cline 4e3668
# WARNING: setting this limit too high or disabling it may severely impact performance.
Jeremy Cline 4e3668
# Default: 25M
Jeremy Cline 4e3668
#PCREMaxFileSize 100M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## On-access Scan Settings
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable on-access scanning. Currently, this is supported via fanotify.
Jeremy Cline 4e3668
# Clamuko/Dazuko support has been deprecated.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#ScanOnAccess yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Set the  mount point to be scanned. The mount point specified, or the mount point 
Jeremy Cline 4e3668
# containing the specified directory will be watched. If any directories are specified, 
Jeremy Cline 4e3668
# this option will preempt the DDD system. This will notify only. It can be used multiple times.
Jeremy Cline 4e3668
# (On-access scan only)
Jeremy Cline 4e3668
# Default: disabled
Jeremy Cline 4e3668
#OnAccessMountPath /
Jeremy Cline 4e3668
#OnAccessMountPath /home/user
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Don't scan files larger than OnAccessMaxFileSize
Jeremy Cline 4e3668
# Value of 0 disables the limit.
Jeremy Cline 4e3668
# Default: 5M
Jeremy Cline 4e3668
#OnAccessMaxFileSize 10M
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Set the include paths (all files inside them will be scanned). You can have
Jeremy Cline 4e3668
# multiple OnAccessIncludePath directives but each directory must be added
Jeremy Cline 4e3668
# in a separate line. (On-access scan only)
Jeremy Cline 4e3668
# Default: disabled
Jeremy Cline 4e3668
#OnAccessIncludePath /home
Jeremy Cline 4e3668
#OnAccessIncludePath /students
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Set the exclude paths. All subdirectories are also excluded.
Jeremy Cline 4e3668
# (On-access scan only)
Jeremy Cline 4e3668
# Default: disabled
Jeremy Cline 4e3668
#OnAccessExcludePath /home/bofh
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option you can whitelist specific UIDs. Processes with these UIDs
Jeremy Cline 4e3668
# will be able to access all files.
Jeremy Cline 4e3668
# This option can be used multiple times (one per line).
Jeremy Cline 4e3668
# Default: disabled
Jeremy Cline 4e3668
#OnAccessExcludeUID 0
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Toggles dynamic directory determination. Allows for recursively watching include paths.
Jeremy Cline 4e3668
# (On-access scan only)
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#OnAccessDisableDDD yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Modifies fanotify blocking behaviour when handling permission events.
Jeremy Cline 4e3668
# If off, fanotify will only notify if the file scanned is a virus,
Jeremy Cline 4e3668
# and not perform any blocking.
Jeremy Cline 4e3668
# (On-access scan only)
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#OnAccessPrevention yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Toggles extra scanning and notifications when a file or directory is created or moved.
Jeremy Cline 4e3668
# Requires the  DDD system to kick-off extra scans.
Jeremy Cline 4e3668
# (On-access scan only)
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#OnAccessExtraScanning yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Bytecode
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# With this option enabled ClamAV will load bytecode from the database. 
Jeremy Cline 4e3668
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
Jeremy Cline 4e3668
# Default: yes
Jeremy Cline 4e3668
#Bytecode yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Bytecode mode
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# This option has been set to 'ForceInterpreter' in Fedora due to
Jeremy Cline 4e3668
# security concerns by default.  You might need to enable the
Jeremy Cline 4e3668
# 'antivirus_use_jit' SELinux boolean after setting this option to
Jeremy Cline 4e3668
# the more efficient 'ForceJIT' value.
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: ForceInterpreter
Jeremy Cline 4e3668
#ByteCodeMode ForceInterpreter
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Set bytecode security level.
Jeremy Cline 4e3668
# Possible values:
Jeremy Cline 4e3668
#       None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
Jeremy Cline 4e3668
#         This value is only available if clamav was built with --enable-debug!
Jeremy Cline 4e3668
#       TrustSigned - trust bytecode loaded from signed .c[lv]d files,
Jeremy Cline 4e3668
#                insert runtime safety checks for bytecode loaded from other sources
Jeremy Cline 4e3668
#       Paranoid - don't trust any bytecode, insert runtime checks for all
Jeremy Cline 4e3668
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
Jeremy Cline 4e3668
# Note that by default only signed bytecode is loaded, currently you can only
Jeremy Cline 4e3668
# load unsigned bytecode in --enable-debug mode.
Jeremy Cline 4e3668
#
Jeremy Cline 4e3668
# Default: TrustSigned
Jeremy Cline 4e3668
#BytecodeSecurity TrustSigned
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Set bytecode timeout in miliseconds.
Jeremy Cline 4e3668
# 
Jeremy Cline 4e3668
# Default: 5000
Jeremy Cline 4e3668
# BytecodeTimeout 1000
Jeremy Cline 4e3668
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
## Statistics gathering and submitting
Jeremy Cline 4e3668
##
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Enable statistical reporting.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#StatsEnabled yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Disable submission of individual PE sections for files flagged as malware.
Jeremy Cline 4e3668
# Default: no
Jeremy Cline 4e3668
#StatsPEDisabled yes
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# HostID in the form of an UUID to use when submitting statistical information.
Jeremy Cline 4e3668
# Default: auto
Jeremy Cline 4e3668
#StatsHostID auto
Jeremy Cline 4e3668
Jeremy Cline 4e3668
# Time in seconds to wait for the stats server to come back with a response
Jeremy Cline 4e3668
# Default: 10
Jeremy Cline 4e3668
#StatsTimeout 10