diff --git a/clamscan/clamscan.c b/clamscan/clamscan.c index d534e6c50..08d256829 100644 --- a/clamscan/clamscan.c +++ b/clamscan/clamscan.c @@ -250,6 +250,7 @@ void help(void) mprintf(LOGG_INFO, "\n"); mprintf(LOGG_INFO, " --tempdir=DIRECTORY Create temporary files in DIRECTORY\n"); mprintf(LOGG_INFO, " --leave-temps[=yes/no(*)] Do not remove temporary files\n"); + mprintf(LOGG_INFO, " --force-to-disk[=yes/no(*)] Create temporary files for nested file scans that would otherwise be in-memory only\n"); mprintf(LOGG_INFO, " --gen-json[=yes/no(*)] Generate JSON metadata for the scanned file(s). For testing & development use ONLY.\n"); mprintf(LOGG_INFO, " JSON will be printed if --debug is enabled.\n"); mprintf(LOGG_INFO, " A JSON file will dropped to the temp directory if --leave-temps is enabled.\n"); diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in index 2834e1500..bdc4c7f76 100644 --- a/docs/man/clamd.conf.5.in +++ b/docs/man/clamd.conf.5.in @@ -499,6 +499,20 @@ If you turn off this option, the original files will still be scanned, but witho .br Default: yes .TP +\fBScanImage BOOL\fR +This option enables scanning of image (graphics). +.br +If you turn off this option, the original files will still be scanned, but without unpacking and additional processing. +.br +Default: yes +.TP +\fBScanImageFuzzyHash BOOL\fR +This option enables detection by calculating a fuzzy hash of image (graphics) files. Signatures using image fuzzy hashes typically match files and documents by identifying images embedded or attached to those files. +.br +If you turn off this option, then some files may no longer be detected. +.br +Default: yes +.TP \fBAlertBrokenExecutables BOOL\fR Alert on broken executable files (PE & ELF). .br diff --git a/docs/man/clamscan.1.in b/docs/man/clamscan.1.in index 629d16df0..d40b554a3 100644 --- a/docs/man/clamscan.1.in +++ b/docs/man/clamscan.1.in @@ -51,6 +51,9 @@ Create temporary files in DIRECTORY. Directory must be writable for the '@CLAMAV \fB\-\-leave\-temps\fR Do not remove temporary files. .TP +\fB\-\-force\-to\-disk\fR +This option causes memory or nested map scans to dump the content to disk. If you turn on this option, more data is written to disk and is available when the LeaveTemporaryFiles option is enabled. +.TP \fB\-\-gen\-json\fR Generate JSON description of scanned file(s). JSON will be printed and also dropped to the temp directory if --leave-temps is enabled. .TP @@ -177,6 +180,12 @@ Scan HWP3 files. If you turn off this option, the original files will still be s \fB\-\-scan\-archive[=yes(*)/no]\fR Scan archives supported by libclamav. If you turn off this option, the original files will still be scanned, but without unpacking and additional processing. .TP +\fB\-\-scan\-image[=yes(*)/no]\fR +This option enables scanning of image (graphics). If you turn off this option, the original files will still be scanned, but without additional processing. +.TP +\fB\-\-scan\-image\-fuzzy\-hash[=yes(*)/no]\fR +This option enables detection by calculating a fuzzy hash of image (graphics) files. Signatures using image fuzzy hashes typically match files and documents by identifying images embedded or attached to those files. If you turn off this option, then some files may no longer be detected. +.TP \fB\-\-alert\-broken[=yes/no(*)]\fR Alert on broken executable files (PE & ELF). .TP diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample index b0bb1b8b1..120cf32ab 100644 --- a/etc/clamd.conf.sample +++ b/etc/clamd.conf.sample @@ -111,7 +111,7 @@ Example # Remove stale socket after unclean shutdown. # Default: yes -#FixStaleSocket yes +#FixStaleSocket no # TCP port address. # Default: no @@ -199,7 +199,7 @@ Example # Scan files and directories on other filesystems. # Default: yes -#CrossFilesystems yes +#CrossFilesystems no # Perform a database check. # Default: 600 (10 min) @@ -299,7 +299,7 @@ Example # may be malicious. This option enables alerting on such heuristically # detected potential threats. # Default: yes -#HeuristicAlerts yes +#HeuristicAlerts no # Allow heuristic alerts to take precedence. # When enabled, if a heuristic scan (such as phishingScan) detects @@ -377,7 +377,7 @@ Example # and Petite. If you turn off this option, the original files will still be # scanned, but without additional processing. # Default: yes -#ScanPE yes +#ScanPE no # Certain PE files contain an authenticode signature. By default, we check # the signature chain in the PE file against a database of trusted and @@ -394,7 +394,7 @@ Example # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanELF yes +#ScanELF no ## @@ -406,37 +406,37 @@ Example # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanOLE2 yes +#ScanOLE2 no # This option enables scanning within PDF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes -#ScanPDF yes +#ScanPDF no # This option enables scanning within SWF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes -#ScanSWF yes +#ScanSWF no # This option enables scanning xml-based document files supported by libclamav. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanXMLDOCS yes +#ScanXMLDOCS no # This option enables scanning of HWP3 files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanHWP3 yes +#ScanHWP3 no # This option enables scanning of OneNote files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanOneNote yes +#ScanOneNote no ## @@ -447,7 +447,7 @@ Example # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanImage yes +#ScanImage no # This option enables detection by calculating a fuzzy hash of image (graphics) # files. @@ -455,7 +455,7 @@ Example # identifying images embedded or attached to those files. # If you turn off this option, then some files may no longer be detected. # Default: yes -#ScanImageFuzzyHash yes +#ScanImageFuzzyHash no ## @@ -466,7 +466,7 @@ Example # If you turn off this option, the original files will still be scanned, but # without parsing individual messages/attachments. # Default: yes -#ScanMail yes +#ScanMail no # Scan RFC1341 messages split over many emails. # You will need to periodically clean up $TemporaryDirectory/clamav-partial @@ -513,7 +513,7 @@ Example # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes -#StructuredSSNFormatNormal yes +#StructuredSSNFormatNormal no # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz @@ -529,7 +529,7 @@ Example # Default: yes # If you turn off this option, the original files will still be scanned, but # without additional processing. -#ScanHTML yes +#ScanHTML no ## @@ -540,7 +540,7 @@ Example # If you turn off this option, the original files will still be scanned, but # without unpacking and additional processing. # Default: yes -#ScanArchive yes +#ScanArchive no ## @@ -812,7 +812,7 @@ Example # It is highly recommended you keep this option on, otherwise you'll miss # detections for many new viruses. # Default: yes -#Bytecode yes +#Bytecode no # Set bytecode security level. # Possible values: diff --git a/win32/conf_examples/clamd.conf.sample b/win32/conf_examples/clamd.conf.sample index 9828a1445..cd293d896 100644 --- a/win32/conf_examples/clamd.conf.sample +++ b/win32/conf_examples/clamd.conf.sample @@ -171,7 +171,7 @@ TCPAddr localhost # Scan files and directories on other filesystems. # Default: yes -#CrossFilesystems yes +#CrossFilesystems no # Perform a database check. # Default: 600 (10 min) @@ -271,7 +271,7 @@ TCPAddr localhost # may be malicious. This option enables alerting on such heuristically # detected potential threats. # Default: yes -#HeuristicAlerts yes +#HeuristicAlerts no # Allow heuristic alerts to take precedence. # When enabled, if a heuristic scan (such as phishingScan) detects @@ -349,7 +349,7 @@ TCPAddr localhost # and Petite. If you turn off this option, the original files will still be # scanned, but without additional processing. # Default: yes -#ScanPE yes +#ScanPE no # Certain PE files contain an authenticode signature. By default, we check # the signature chain in the PE file against a database of trusted and @@ -366,7 +366,7 @@ TCPAddr localhost # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanELF yes +#ScanELF no ## @@ -378,37 +378,56 @@ TCPAddr localhost # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanOLE2 yes +#ScanOLE2 no # This option enables scanning within PDF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes -#ScanPDF yes +#ScanPDF no # This option enables scanning within SWF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes -#ScanSWF yes +#ScanSWF no # This option enables scanning xml-based document files supported by libclamav. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanXMLDOCS yes +#ScanXMLDOCS no # This option enables scanning of HWP3 files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanHWP3 yes +#ScanHWP3 no # This option enables scanning of OneNote files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes -#ScanOneNote yes +#ScanOneNote no + + +## +## Other file types +## + +# This option enables scanning of image (graphics). +# If you turn off this option, the original files will still be scanned, but +# without additional processing. +# Default: yes +#ScanImage no + +# This option enables detection by calculating a fuzzy hash of image (graphics) +# files. +# Signatures using image fuzzy hashes typically match files and documents by +# identifying images embedded or attached to those files. +# If you turn off this option, then some files may no longer be detected. +# Default: yes +#ScanImageFuzzyHash no ## @@ -419,7 +438,7 @@ TCPAddr localhost # If you turn off this option, the original files will still be scanned, but # without parsing individual messages/attachments. # Default: yes -#ScanMail yes +#ScanMail no # Scan RFC1341 messages split over many emails. # You will need to periodically clean up $TemporaryDirectory/clamav-partial @@ -466,7 +485,7 @@ TCPAddr localhost # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes -#StructuredSSNFormatNormal yes +#StructuredSSNFormatNormal no # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz @@ -482,7 +501,7 @@ TCPAddr localhost # Default: yes # If you turn off this option, the original files will still be scanned, but # without additional processing. -#ScanHTML yes +#ScanHTML no ## @@ -493,7 +512,7 @@ TCPAddr localhost # If you turn off this option, the original files will still be scanned, but # without unpacking and additional processing. # Default: yes -#ScanArchive yes +#ScanArchive no ## @@ -657,7 +676,7 @@ TCPAddr localhost # It is highly recommended you keep this option on, otherwise you'll miss # detections for many new viruses. # Default: yes -#Bytecode yes +#Bytecode no # Set bytecode security level. # Possible values: