{NULL,"database",'d',TYPE_STRING,NULL,-1,DATADIR,FLAG_REQUIRED,OPT_CLAMSCAN,"",""},/* merge it with DatabaseDirectory (and fix conflict with --datadir */
{"LogFileUnlock",NULL,0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_MILTER,"By default the log file is locked for writing and only a single\ndaemon process can write to it. This option disables the lock.","no"},
{"LogFileMaxSize",NULL,0,TYPE_SIZE,MATCH_SIZE,1048576,NULL,0,OPT_CLAMD|OPT_FRESHCLAM|OPT_MILTER,"Maximum size of the log file.\nValue of 0 disables the limit.","5M"},
{"LogFacility",NULL,0,TYPE_STRING,NULL,-1,"LOG_LOCAL6",FLAG_REQUIRED,OPT_CLAMD|OPT_FRESHCLAM|OPT_MILTER,"Type of syslog messages.\nPlease refer to 'man syslog' for the facility names.","LOG_MAIL"},
{"TemporaryDirectory","tempdir",0,TYPE_STRING,NULL,-1,NULL,0,OPT_CLAMD|OPT_MILTER|OPT_CLAMSCAN|OPT_SIGTOOL,"This option allows you to change the default temporary directory.","/tmp"},
{"DatabaseDirectory","datadir",0,TYPE_STRING,NULL,-1,DATADIR,0,OPT_CLAMD|OPT_FRESHCLAM,"This option allows you to change the default database directory.\nIf you enable it, please make sure it points to the same directory in\nboth clamd and freshclam.","/var/lib/clamav"},
{"TCPAddr",NULL,0,TYPE_STRING,NULL,-1,NULL,0,OPT_CLAMD,"By default clamd binds to INADDR_ANY.\nThis option allows you to restrict the TCP address and provide\nsome degree of protection from the outside world.","3310"},
{"StreamMaxLength",NULL,0,TYPE_SIZE,MATCH_SIZE,10485760,NULL,0,OPT_CLAMD,"Close the STREAM session when the data size limit is exceeded.\nThe value should match your MTA's limit for the maximum attachment size.","25M"},
{"StreamMinPort",NULL,0,TYPE_NUMBER,MATCH_NUMBER,1024,NULL,0,OPT_CLAMD,"The STREAM command uses an FTP-like protocol.\nThis option sets the lower boundary for the port range.","1024"},
{"MaxQueue",NULL,0,TYPE_NUMBER,MATCH_NUMBER,100,NULL,0,OPT_CLAMD,"Maximum number of queued items (including those being processed)\nWARNING: you shouldn't increase this beyond 512, since you may run out of File Descriptors (usual max is 1024)\n","200"},
{"ReadTimeout",NULL,0,TYPE_NUMBER,MATCH_NUMBER,120,NULL,0,OPT_CLAMD|OPT_MILTER,"This option specifies the time (in seconds) after which clamd should\ntimeout if a client doesn't provide any data.","120"},
{"IdleTimeout",NULL,0,TYPE_NUMBER,MATCH_NUMBER,30,NULL,0,OPT_CLAMD,"This option specifies how long (in seconds) the process should wait for a new job.","60"},
{"ExcludePath",NULL,0,TYPE_STRING,NULL,-1,NULL,FLAG_MULTIPLE,OPT_CLAMD,"Don't scan files/directories whose names match the provided\nregular expression. This option can be specified multiple times.","^/proc/"},
{"MaxDirectoryRecursion","max-dir-recursion",0,TYPE_NUMBER,MATCH_NUMBER,15,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Maximum depth the directories are scanned at.","15"},
{"SelfCheck",NULL,0,TYPE_NUMBER,MATCH_NUMBER,600,NULL,0,OPT_CLAMD,"This option specifies the time intervals (in seconds) in which clamd\nshould perform a database check.","600"},
{"VirusEvent",NULL,0,TYPE_STRING,NULL,-1,NULL,0,OPT_CLAMD,"Execute a command when a virus is found. In the command string %v will be\nreplaced with the virus name. Additionally, two environment variables will\nbe defined: $CLAM_VIRUSEVENT_FILENAME and $CLAM_VIRUSEVENT_VIRUSNAME.","/usr/bin/mailx -s \"ClamAV VIRUS ALERT: %v\" alert < /dev/null"},
{"AllowSupplementaryGroups",NULL,0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_FRESHCLAM|OPT_MILTER,"Initialize a supplementary group access (the process must be started by root).","no"},
{"ExcludePUA","exclude-pua",0,TYPE_STRING,NULL,-1,NULL,FLAG_MULTIPLE,OPT_CLAMD|OPT_CLAMSCAN,"Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.","NetTool"},
{"IncludePUA","include-pua",0,TYPE_STRING,NULL,-1,NULL,FLAG_MULTIPLE,OPT_CLAMD|OPT_CLAMSCAN,"Only include a specific PUA category. This directive can be used multiple\ntimes.","Spy"},
{"AlgorithmicDetection","algorithmic-detection",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"In some cases (eg. complex malware, exploits in graphic files, and others),\nClamAV uses special algorithms to provide accurate detection. This option\ncontrols the algorithmic detection.","yes"},
{"ScanPE","scan-pe",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"PE stands for Portable Executable - it's an executable file format used\nin all 32- and 64-bit versions of Windows operating systems. This option\nallows ClamAV to perform a deeper analysis of executable files and it's also\nrequired for decompression of popular executable packers such as UPX or FSG.","yes"},
{"ScanELF","scan-elf",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Executable and Linking Format is a standard format for UN*X executables.\nThis option allows you to control the scanning of ELF files.","yes"},
{"DetectBrokenExecutables","detect-broken",0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"With this option enabled clamav will try to detect broken executables\n(both PE and ELF) and mark them as Broken.Executable.","yes"},
{"MailFollowURLs","mail-follow-urls",0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"If an email contains URLs ClamAV can download and scan them.\nWARNING: This option may open your system to a DoS attack. Please don't use\nthis feature on highly loaded servers.","no"},
{"ScanPartialMessages",NULL,0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD,"Scan RFC1341 messages split over many emails. You will need to\nperiodically clean up $TemporaryDirectory/clamav-partial directory.\nWARNING: This option may open your system to a DoS attack. Please don't use\nthis feature on highly loaded servers.","no"},
{"PhishingSignatures","phishing-sigs",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"With this option enabled ClamAV will try to detect phishing attempts by using\nsignatures.","yes"},
{"PhishingScanURLs","phishing-scan-urls",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Scan URLs found in mails for phishing attempts using heuristics.","yes"},
{"PhishingAlwaysBlockCloak","phishing-cloak",0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Always block cloaked URLs, even if they're not in the database.\nThis feature can lead to false positives.","no"},
{"PhishingAlwaysBlockSSLMismatch","phishing-ssl",0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Always block SSL mismatches in URLs, even if they're not in the database.\nThis feature can lead to false positives.",""},
{"HeuristicScanPrecedence","heuristic-scan-precedence",0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Allow heuristic match to take precedence.\nWhen enabled, if a heuristic scan (such as phishingScan) detects\na possible virus/phish it will stop scan immediately. Recommended, saves CPU\nscan-time.\nWhen disabled, virus/phish detected by heuristic scans will be reported only\nat the end of a scan. If an archive contains both a heuristically detected\nvirus/phish, and a real malware, the real malware will be reported.\nKeep this disabled if you intend to handle \"*.Heuristics.*\" viruses\ndifferently from \"real\" malware.\nIf a non-heuristically-detected virus (signature-based) is found first,\nthe scan is interrupted immediately, regardless of this config option.","yes"},
{"StructuredMinCreditCardCount","structured-cc-count",0,TYPE_NUMBER,MATCH_NUMBER,CLI_DEFAULT_MIN_CC_COUNT,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"This option sets the lowest number of Credit Card numbers found in a file\nto generate a detect.","5"},
{"StructuredMinSSNCount","structured-ssn-count",0,TYPE_NUMBER,MATCH_NUMBER,CLI_DEFAULT_MIN_SSN_COUNT,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"This option sets the lowest number of Social Security Numbers found\nin a file to generate a detect.","5"},
{"StructuredSSNFormatNormal",NULL,0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD,"With this option enabled the DLP module will search for valid\nSSNs formatted as xxx-yy-zzzz.","yes"},
{"StructuredSSNFormatStripped",NULL,0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_CLAMD,"With this option enabled the DLP module will search for valid\nSSNs formatted as xxxyyzzzz","no"},
{"ScanHTML","scan-html",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Perform HTML/JavaScript/ScriptEncoder normalisation and decryption.","yes"},
{"ScanOLE2","scan-ole2",0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"This option enables scanning of OLE2 files, such as Microsoft Office\ndocuments and .msi files.","yes"},
{"MaxScanSize","max-scansize",0,TYPE_SIZE,MATCH_SIZE,CLI_DEFAULT_MAXSCANSIZE,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"This option sets the maximum amount of data to be scanned for each input file.\nArchives and other containers are recursively extracted and scanned up to this\nvalue.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage.","100M"},
{"MaxFileSize","max-filesize",0,TYPE_SIZE,MATCH_SIZE,CLI_DEFAULT_MAXFILESIZE,NULL,0,OPT_CLAMD|OPT_MILTER|OPT_CLAMSCAN,"Files larger than this limit won't be scanned. Affects the input file itself\nas well as files contained inside it (when the input file is an archive, a\ndocument or some other kind of container).\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.","25M"},
{"MaxRecursion","max-recursion",0,TYPE_NUMBER,MATCH_NUMBER,CLI_DEFAULT_MAXRECLEVEL,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR\nfile, all files within it will also be scanned. This option specifies how\ndeeply the process should be continued.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.","16"},
{"MaxFiles","max-files",0,TYPE_NUMBER,MATCH_NUMBER,CLI_DEFAULT_MAXFILES,NULL,0,OPT_CLAMD|OPT_CLAMSCAN,"Number of files to be scanned within an archive, a document, or any other\ncontainer file.\nThe value of 0 disables the limit.\nWARNING: disabling this limit or setting it too high may result in severe damage to the system.","10000"},
{"ClamukoIncludePath",NULL,0,TYPE_STRING,NULL,-1,NULL,FLAG_MULTIPLE,OPT_CLAMD,"This option specifies a directory (together will all files and directories\ninside this directory) which should be scanned on-access. This option can\nbe used multiple times.","/home"},
{"ClamukoExcludePath",NULL,0,TYPE_STRING,NULL,-1,NULL,FLAG_MULTIPLE,OPT_CLAMD,"This option allows excluding directories from on-access scanning. It can be used multiple times.","/home/bofh"},
{"DatabaseOwner","user",'u',TYPE_STRING,NULL,-1,CLAMAVUSER,FLAG_REQUIRED,OPT_FRESHCLAM,"When started by root freshclam will drop privileges and switch to the user\ndefined in this option.",CLAMAVUSER},
{"Checks","checks",'c',TYPE_NUMBER,MATCH_NUMBER,12,NULL,0,OPT_FRESHCLAM,"This option defined how many times daily freshclam should check for\na database update.","24"},
{"DNSDatabaseInfo",NULL,0,TYPE_STRING,NULL,-1,"current.cvd.clamav.net",FLAG_REQUIRED,OPT_FRESHCLAM,"Use DNS to verify the virus database version. Freshclam uses DNS TXT records\nto verify the versions of the database and software itself. With this\ndirective you can change the database verification domain.\nWARNING: Please don't change it unless you're configuring freshclam to use\nyour own database verification domain.","current.cvd.clamav.net"},
{"MaxAttempts",NULL,0,TYPE_NUMBER,MATCH_NUMBER,3,NULL,0,OPT_FRESHCLAM,"This option defines how many attempts freshclam should make before giving up.","5"},
{"ScriptedUpdates",NULL,0,TYPE_BOOL,MATCH_BOOL,1,NULL,0,OPT_FRESHCLAM,"With this option you can control scripted updates. It's highly recommended to keep them enabled.","yes"},
{"CompressLocalDatabase",NULL,0,TYPE_BOOL,MATCH_BOOL,0,NULL,0,OPT_FRESHCLAM,"By default freshclam will keep the local databases (.cld) uncompressed to\nmake their handling faster. With this option you can enable the compression.\nThe change will take effect with the next database update.",""},
{"HTTPUserAgent",NULL,0,TYPE_STRING,NULL,-1,NULL,0,OPT_FRESHCLAM,"If your servers are behind a firewall/proxy which does a User-Agent\nfiltering you can use this option to force the use of a different\nUser-Agent header.","default"},
{"NotifyClamd","daemon-notify",0,TYPE_STRING,NULL,-1,CONFDIR"/clamd.conf",0,OPT_FRESHCLAM,"Send the RELOAD command to clamd after a successful update.","yes"},
{"OnOutdatedExecute","on-outdated-execute",0,TYPE_STRING,NULL,-1,NULL,0,OPT_FRESHCLAM,"Run a command when freshclam reports an outdated version.\nIn the command string %v will be replaced with the new version number.","command"},
{"LocalIPAddress","local-address",'a',TYPE_STRING,NULL,-1,NULL,0,OPT_FRESHCLAM,"With this option you can provide a client address for the database downlading.\nUseful for multi-homed systems.","aaa.bbb.ccc.ddd"},
{"DetectionStatsCountry",NULL,0,TYPE_STRING,NULL,-1,NULL,0,OPT_FRESHCLAM,"When enabled freshclam will submit statistics to the ClamAV Project about\nthe latest virus detections in your environment. The ClamAV maintainers\nwill then use this data to determine what types of malware are the most\ndetected in the field and in what geographic area they are.\nThis feature requires LogTime and LogFile to be enabled in clamd.conf.","/path/to/clamd.conf"},
