open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ClamAV is an open source (GPLv2) anti-virus toolkit.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
841 Commits
38 Branches
228 Tags
219 MiB
 
 
 
 
 
 
Tag: Branch: Tree: d272908ae4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd272908ae4'
${ noResults }
clamav/clamav-devel/docs/man/clamav.conf.5

285 lines
7.2 KiB
Raw Blame History

.\" Manual page created by Tomasz Kojm, 20021001.
.TH "clamav.conf" "5" "September 2, 2004" "Tomasz Kojm" "Clam AntiVirus"
.SH "NAME"
.LP
\fBclamav.conf\fR \- a configuration file for Clam AntiVirus Daemon
.SH "DESCRIPTION"
.LP
clamav.conf configures the Clam AntiVirus daemon, clamd(8).
.SH "FILE FORMAT"
The file consists of comments and options with arguments. Each line that starts with a hash (\fB#\fR) symbol is a comment. Options are are case sensitive and of the form \fBOption Argument\fR. The (possibly optional) arguments are are of the following types:
.TP
\fBSTRING\fR
String without blank characters.
.TP
\fBSIZE\fR
Size in bytes. You can use a 'M' or 'm' modifiers for megabytes and a 'K' or 'k' for kilobytes.
.TP
\fBNUMBER\fR
Unsigned integer.
.SH "DIRECTIVES"
.LP
When an option is not used (hashed or doesn't exist in the configuration file) freshclam takes a default action.
.TP
\fBExample\fR
If this option is set clamd will not run.
.TP
\fBLogFile STRING\fR
Enable logging to selected file.
.br
Default: disabled.
.TP
\fBLogFileUnlock\fR
Disable a system lock that protects against running clamd with a same configuration file multiple times.
.br
Default: disabled.
.TP
\fBLogFileMaxSize SIZE\fR
Limit a size of a log file. The logger will be automatically disabled if the file is greater than SIZE. Value of 0 disables the limit.
.br
Default: 1M
.TP
\fBLogTime\fR
Log time with each message.
.br
Default: disabled.
.TP
\fBLogClean\fR
Log clean files.
.br
Default: disabled.
.TP
\fBLogSyslog\fR
Use system logger (can work together with LogFile).
.br
Default: disabled.
.TP
\fBLogVerbose\fR
Enable verbose logging.
.br
Default: disabled.
.TP
\fBPidFile STRING\fR
Save a process identifier of a listening daemon (main thread) to a specified file.
.br
Default: disabled.
.TP
\fBDatabaseDirectory STRING\fR
Path to a directory containing database files.
.br
Default: hardcoded directory.
.TP
\fBLocalSocket STRING\fR
Path to a local (Unix) socket the daemon will listen on.
.br
Default: disabled.
.TP
\fBFixStaleSocket\fR
Remove stale socket after unclean shutdown.
.br
Default: disabled.
.TP
\fBTCPSocket NUMBER\fR
TCP port number the daemon will listen on.
.br
Default: disabled.
.TP
\fBTCPAddr STRING\fR
TCP address to bind to. By default clamd binds to INADDR_ANY.
.br
Default: disabled.
.TP
\fBMaxConnectionQueueLength NUMBER\fR
Maximum length the queue of pending connections may grow to.
.br
Default: 15
.TP
\fBMaxThreads NUMBER\fR
Maximal number of threads running at the same time.
.br
Default: 5.
.TP
\fBThreadTimeout NUMBER\fR
Stop thread\-scanner after specified time (in seconds). Value of 0 disables the timeout.
.br
Default: 180
.TP
\fBMaxDirectoryRecursion NUMBER\fR
Maximal depth a directories are scanned at.
.br
Default: disabled.
.TP
\fBFollowDirectorySymlinks\fR
Follow a directory symlinks. You should have enabled directory recursion limit to avoid a potential problems.
.br
Default: disabled.
.TP
\fBFollowFileSymlinks\fR
Follow regular file symlinks.
.br
Default: disabled.
.TP
\fBSelfCheck NUMBER\fR
Do internal checks every NUMBER seconds.
.br
Default: 3600
.TP
\fBVirusEvent COMMAND\fR
Execute the COMMAND when virus is found. In the command string %v will be replaced by a virus name.
\fR
.br
Default: disabled.
.TP
\fBUser STRING\fR
Drop priviledges to a selected user.
.br
Default: disabled.
.TP
\fBAllowSupplementaryGroups\fR
When started by root and the User option is activated, it will initialize all the groups from /etc/group for which user is a member.
.br
Default: disabled.
.TP
\fBForeground\fR
Don't fork into background. Useful in debugging.
.br
Default: disabled.
.TP
\fBDebug\fR
Enable debug messages from libclamav. You need to enable the \fBForeground\fR option to see them.
.TP
\fBStreamSaveToDisk\fR
When activated the input stream (see STREAM command) will be saved to disk before scanning \- this allows scanning within archives.
.br
Default: disabled.
.TP
\fBStreamMaxLength SIZE\fR
Close the connection when this limit is exceeded.
.br
Default: disabled.
.TP
\fBScanPE\fR
PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. This option allows ClamAV to perform a deeper analysis of executable files and it's also required for decompression of popular executable packers such as UPX.
.br
Default: enabled.
.TP
\fBDetectBrokenExecutables\fR
With this option clamav will try to detect broken executables and mark them as Broken.Executable.
.br
Default: disabled.
.TP
\fBScanOLE2\fR
Enables scanning of Microsoft Office document macros.
.br
Default: enabled.
.TP
\fBScanHTML\fR
Enables HTML detection and normalisation.
.br
Default: enabled.
.TP
\fBScanMail\fR
Enable scanning of mail files.
.br
Default: enabled.
.TP
\fBMailFollowURLs\fR
If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
.br
Default: disabled.
.TP
\fBScanArchive\fR
Enable archive scanning.
.br
Default: disabled.
.TP
\fBScanRAR\fR
The built\-in RAR unpacker is disabled by default because the code leaks.
.br
Default: disabled.
.TP
\fBArchiveMaxFileSize SIZE\fR
Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.
.br
Default: 10M
.TP
\fBArchiveMaxRecursion NUMBER\fR
Limit archive recursion level. Value of 0 disables the limit.
.br
Default: 5
.TP
\fBArchiveMaxFiles NUMBER\fR
Number of files to be scanned within archive. Value of 0 disables the limit.
.br
Default: 1000
.TP
\fBArchiveMaxCompressionRatio NUMBER\fR
Analyze compression ratio and mark potential archive bombs as viruses (0 disables the limit).
.br
Default: 200
.TP
\fBArchiveLimitMemoryUsage\fR
Use slower decompression algorithm which uses less memory. This option affects bzip2 decompressor only.
.br
Default: disabled
.TP
\fBArchiveBlockEncrypted\fR
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
.br
Default: disabled
.TP
\fBArchiveBlockMax\fR
Mark archives as viruses if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached.
.br
Default: disabled
.TP
\fBClamukoScanOnLine\fR
Enable Clamuko \- on\-access scanner for Linux. Dazuko must be already running.
.br
Default: disabled.
.TP
\fBClamukoScanOnOpen\fR
Scan a file on open.
.br
Default: disabled.
.TP
\fBClamukoScanOnClose\fR
Scan a file on close.
.br
Default: disabled.
.TP
\fBClamukoScanOnExec\fR
Scan a file on execute.
.br
Default: disabled.
.TP
\fBClamukoIncludePath STRING\fR
Set the include paths (all files and directories in them will be scanned). You can have multiple ClamukoIncludePath options but each directory must be added with a seperate option.
.br
Default: disabled. Required.
.TP
\fBClamukoExcludePath\fR
Set the exclude paths. All subdirectories are also excluded.
.br
Default: disabled.
.TP
\fBClamukoMaxFileSize SIZE\fR
Don't scan files larger than SIZE.
.br
Default: 5M
.TP
\fBClamukoScanArchive\fR
Enable archive scanning. It uses ArchiveMax* limits.
.br
Default: disabled.
.SH "FILES"
.LP
/etc/clamav.conf
.br
/usr/local/etc/clamav.conf
.SH "AUTHOR"
.LP
Tomasz Kojm <tkojm@clamav.net>
.SH "SEE ALSO"
.LP
clamd(8), clamdscan(1), clamscan(1), freshclam(1), sigtool(1), clamav\-milter(8)