clamav-milter.conf contains the configuration options for clamav-milter(8).
.SH"FILE FORMAT"
The file consists of comments and options with arguments. Each line which starts with a hash (\fB#\fR) symbol is ignored by the parser. Options and arguments are case sensitive and of the form \fBOption Argument\fR. The arguments are of the following types:
Define the clamd socket to connect to for scanning. This option is mandatory! Syntax:
.br
ClamdSocket unix:path
.br
ClamdSocket tcp:host:port
.br
The first syntax specifies a local unix socket (needs an absolute path) e.g.:
.br
ClamdSocket unix:/var/run/clamd/clamd.socket
.br
The second syntax specifies a tcp local or remote tcp socket: the host can be a hostname or an ip address; the ":port" field is only required for IPv6 addresses, otherwise it defaults to 3310 e.g.:
.br
ClamdSocket tcp:192.168.0.1
.br
This option can be repeated several times with different sockets or even with the same socket: clamd servers will be selected in a round-robin fashion.
Messages originating from these hosts/networks will not be scanned. This option takes a host(name)/mask pair in CIRD notation and can be repeated several times. If "/mask" is omitted, a host is assumed. To specify a locally originated, non-smtp, email use the keyword "local"
This option specifies a file which contains a list of basic POSIX regular expressions. Addresses (sent to or from - see below) matching these regexes will not be scanned. Optionally each line can start with the string "From:" or "To:" (note: no whitespace after the colon) indicating if it is, respectively, the sender or recipient that is to be allowed. If the field is missing, "To:" is assumed. Lines starting with #, : or ! are ignored.
Messages from authenticated SMTP users matching this extended POSIX regular expression (egrep-like) will not be scanned. As an alternative, a file containing a plain (not regex) list of names (one per line) can be specified using the prefix "file:". e.g. SkipAuthenticated file:/etc/good_guys. Note: this is the AUTH login name!
- Quarantine (not available for OnFail): Like Accept but message is quarantined instead of being delivered. NOTE: In Sendmail the quarantine queue can be examined via mailq \-qQ. For Postfix this causes the message to be placed on hold.
Action to be performed on error conditions (this includes failure to allocate data structures, no scanners available, network timeouts, unknown scanner replies and the like)
This option allows you to set a specific rejection reason for infected messages and it\'s therefore only useful together with "OnInfected Reject". The string "%v", if present, will be replaced with the virus name.
If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an "X-Virus-Status" headers will be attached to each processed message, possibly replacing existing headers. If it is set to Add, the X-Virus headers are added possibly on top of the existing ones. Note that while "Replace" can potentially break DKIM signatures, "Add" may confuse procmail and similar filters.
When AddHeader is in use, this option allows you to set the reported hostname. This may be desirable in order to avoid leaking internal names. If unset the real machine name is used.
Execute a command (possibly searching PATH) when an infected message is found. The following parameters are passed to the invoked program in this order: virus name, queue id, sender, destination, subject, message id, message date. Note #1: this requires MTA macroes to be available (see LogInfected below). Note #2: the process is invoked in the context of clamav-milter. Note #3: clamav-milter will wait for the process to exit. Be quick or fork to avoid unnecessary delays in email delivery.
This option allows you to tune what is logged when a message is infected. Possible values are Off (the default \- nothing is logged), Basic (minimal info logged), Full (verbose info logged)
Note: For this to work properly in sendmail, make sure the msg_id, mail_addr, rcpt_addr and i macroes are available in eom. In other words add a line like: Milter.macros.eom={msg_id}, {mail_addr}, {rcpt_addr}, i to your .cf file. Alternatively use the macro: define(`confMILTER_MACROS_EOM', `{msg_id}, {mail_addr}, {rcpt_addr}, i')
.br
Postfix should be working fine with the default settings.
This option affects the behaviour of LogInfected, LogClean and VirusAction when a message with multiple recipients is scanned:
.br
If SupportMultipleRecipients is off (the default) then one single log entry is generated for the message and, in case the message is determined to be malicious, the command indicated by VirusAction is executed just once. In both cases only the last recipient is reported.
.br
If SupportMultipleRecipients is on then one line is logged for each recipient and the command indicated by VirusAction is also executed once for each recipient.
.br
Note: although it's probably a good idea to enable this option, the default value is currently set to off for legacy reasons.
