clamd.conf man page on aLinux

Man page or keyword search:  
man Server   7435 pages
apropos Keyword Search (all sections)
Output format
aLinux logo
[printable version]

clamd.conf(5)			Clam AntiVirus			 clamd.conf(5)

       clamd.conf - Configuration file for Clam AntiVirus Daemon

       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

       The  file  consists  of	comments and options with arguments. Each line
       which starts with a hash (#) symbol is ignored by the  parser.  Options
       and  arguments  are case sensitive and of the form Option Argument. The
       arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use 'M' or 'm'  modifiers	for  megabytes
	      and 'K' or 'k' for kilobytes.

       NUMBER Unsigned integer.

       When some option is not used (commented out or not included in the con‐
       figuration file at all) clamd takes a default action.

	      If this option is set clamd will not run.

       LogFile STRING
	      Enable logging to selected file.
	      Default: no

       LogFileUnlock BOOL
	      Disable a system lock that protects against running  clamd  with
	      the same configuration file multiple times.
	      Default: no

       LogFileMaxSize SIZE
	      Limit the size of the log file. The logger will be automatically
	      disabled if the file is greater than SIZE. Value of  0  disables
	      the limit.
	      Default: 1M

       LogTime BOOL
	      Log time for each message.
	      Default: no

       LogClean BOOL
	      Log clean files.
	      Default: no

       LogSyslog BOOL
	      Use system logger (can work together with LogFile).
	      Default: no

       LogFacility STRING
	      Specify  the type of syslog messages - please refer to 'man sys‐
	      log' for facility names.
	      Default: LOG_LOCAL6

       LogVerbose BOOL
	      Enable verbose logging.
	      Default: no

       PidFile STRING
	      Save the process identifier of a listening daemon (main  thread)
	      to a specified file.
	      Default: no

       TemporaryDirectory STRING
	      Optional path to the global temporary directory.
	      Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
	      Path to a directory containing database files.

       OfficialDatabaseOnly BOOL
	      Only  load  the  official	 signatures  published	by  the ClamAV
	      Default: no

       LocalSocket STRING
	      Path to a local (Unix) socket the daemon will listen on.
	      Default: no

       LocalSocketGroup STRING
	      Sets the group ownership on the unix socket.
	      Default: the primary group of the user running clamd

       LocalSocketMode STRING
	      Sets the permissions on the unix socket to the specified mode.
	      Default: socket is world readable and writable

       FixStaleSocket BOOL
	      Remove stale socket after unclean shutdown.
	      Default: yes

       TCPSocket NUMBER
	      TCP port number the daemon will listen on.
	      Default: no

       TCPAddr STRING
	      TCP socket address  to  bind  to.	 By  default  clamd  binds  to
	      Default: no

       MaxConnectionQueueLength NUMBER
	      Maximum length the queue of pending connections may grow to.
	      Default: 15

       MaxThreads NUMBER
	      Maximum number of threads running at the same time.
	      Default: 10

       ReadTimeout NUMBER
	      Waiting  for  data  from a client socket will timeout after this
	      time (seconds).
	      Default: 120

       CommandReadTimeout NUMBER
	      This option specifies the time (in seconds)  after  which	 clamd
	      should  timeout  if a client doesn't provide any initial command
	      after connecting.	 Note: the timeout for	subsequents  commands,
	      and/or data chunks is specified by ReadTimeout.
	      Default: 5

       SendBufTimeout NUMBER
	      This  option specifies how long to wait (in milliseconds) if the
	      send buffer is full.  Keep this value low to prevent clamd hang‐
	      Default: 500

       MaxQueue NUMBER
	      Maximum  number of queued items (including those being processed
	      by MaxThreads threads).  It is recommended to have this value at
	      least twice MaxThreads if possible.
	      WARNING:	you  shouldn't increase this too much to avoid running
	      out of file descriptors, the following  condition	 should	 hold:
	      MaxThreads*MaxRecursion	+   MaxQueue   -   MaxThreads  +  6  <
	      RLIMIT_NOFILE.  RLIMIT_NOFILE is the maximum number of open file
	      descriptors (usually 1024), set by ulimit -n.
	      Default: 100

       IdleTimeout NUMBER
	      Waiting for a new job will timeout after this time (seconds).
	      Default: 30

       ExcludePath REGEX
	      Don't  scan files and directories matching REGEX. This directive
	      can be used multiple times.
	      Default: scan all

       MaxDirectoryRecursion NUMBER
	      Maximum depth directories are scanned at.
	      Default: 15

       FollowDirectorySymlinks BOOL
	      Follow directory symlinks.
	      Default: no

       CrossFilesystems BOOL
	      Scan files and directories on other filesystems.
	      Default: yes

       FollowFileSymlinks BOOL
	      Follow regular file symlinks.
	      Default: no

       SelfCheck NUMBER
	      Perform a database check.
	      Default: 1800

       VirusEvent COMMAND
	      Execute COMMAND when a virus is found. In the command string  %v
	      will be replaced with the virus name.
	      Default: no

       ExitOnOOM BOOL
	      Stop daemon when libclamav reports out of memory condition.
	      Default: no

       User STRING
	      Run  as another user (clamd must be started by root to make this
	      option working).
	      Default: no

       AllowSupplementaryGroups BOOL
	      Initialize supplementary group access (clamd must be started  by
	      Default: no

       Foreground BOOL
	      Don't fork into background.
	      Default: no

       Debug BOOL
	      Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
	      Do not remove temporary files (for debug purpose).
	      Default: no

       StreamMaxLength SIZE
	      Clamd  uses  FTP-like  protocol  to  receive  data  from	remote
	      clients. If you are using clamav-milter to balance load  between
	      remote  clamd  daemons  on firewall servers you may need to tune
	      the Stream* options. This option allows you to specify the upper
	      limit  for  data	size  that will be transfered to remote daemon
	      when scanning a single file. It should match  your  MTA's	 limit
	      for a maximum attachment size.
	      Default: 10M

       StreamMinPort NUMBER
	      Limit data port range.
	      Default: 1024

       StreamMaxPort NUMBER
	      Limit data port range.
	      Default: 2048

       Bytecode BOOL
	      With  this  option  enabled  ClamAV  will load bytecode from the
	      database. It is highly recommended you keep this	option	turned
	      on, otherwise you may miss detections for many new viruses.
	      Default: yes

       BytecodeSecurity STRING
	      Set  bytecode security level. Possible values: None: no security
	      at all, meant for debugging. DO NOT USE THIS ON PRODUCTION  SYS‐
	      TEMS,  TrustSigned:  trust  bytecode  loaded from signed .c[lv]d
	      files and insert runtime safety checks for bytecode loaded  from
	      other  sources,  Paranoid: don't trust any bytecode, insert run‐
	      time checks for all. The	recommended  setting  is  TrustSigned,
	      because  bytecode	 in  .cvd  files  already  has	safety	checks
	      inserted into it.
	      Default: TrustSigned

       BytecodeTimeout NUMBER
	      Set bytecode timeout in milliseconds.
	      Default: 60000

       DetectPUA BOOL
	      Detect Possibly Unwanted Applications.
	      Default: No

       ExcludePUA CATEGORY
	      Exclude a specific PUA category. This directive can be used mul‐
	      tiple  times. See for the com‐
	      plete list of PUA categories.
	      Default: Load all categories (if DetectPUA is activated)

       IncludePUA CATEGORY
	      Only include a specific PUA category. This directive can be used
	      multiple	times.	See for the
	      complete list of PUA categories.
	      Default: Load all categories (if DetectPUA is activated)

       AlgorithmicDetection BOOL
	      In some cases (eg. complex malware, exploits in  graphic	files,
	      and  others), ClamAV uses special algorithms to provide accurate
	      detection. This option controls the algorithmic detection.
	      Default: yes

       ScanPE BOOL
	      PE stands for Portable Executable - it's an executable file for‐
	      mat used in all 32 and 64-bit versions of Windows operating sys‐
	      tems. This option allows ClamAV to perform a deeper analysis  of
	      executable  files	 and  it's  also required for decompression of
	      popular executable packers such as UPX.
	      Default: yes

       ScanELF BOOL
	      Executable and Linking Format is a standard format for UN*X exe‐
	      cutables.	 This option allows you to control the scanning of ELF
	      Default: yes

       DetectBrokenExecutables BOOL
	      With this option clamd will try  to  detect  broken  executables
	      (both PE and ELF) and mark them as Broken.Executable.
	      Default: no

       ScanOLE2 BOOL
	      This  option  enables  scanning of OLE2 files, such as Microsoft
	      Office documents and .msi files.
	      Default: yes

       ScanPDF BOOL
	      This option enables scanning within PDF files.
	      Default: yes

       ScanHTML BOOL
	      Enables HTML detection and normalisation.
	      Default: yes

       ScanMail BOOL
	      Enable scanning of mail files.
	      Default: yes

       ScanPartialMessages BOOL
	      Scan RFC1341 messages split over many emails. You will  need  to
	      periodically  clean up $TemporaryDirectory/clamav-partial direc‐
	      tory. WARNING: This option may open your system to a DoS attack.
	      Never use it on loaded servers.
	      Default: no

       MailMaxRecursion NUMBER (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxRecursion.

       PhishingSignatures BOOL
	      With  this  option  enabled  ClamAV  will try to detect phishing
	      attempts by using signatures.
	      Default: yes

       PhishingScanURLs BOOL
	      Scan URLs found in mails for phishing attempts using heuristics.
	      This will classify "Possibly Unwanted" phishing emails as Phish‐
	      Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
	      Always block SSL mismatches in URLs, even if the	URL  isn't  in
	      the database. This can lead to false positives.
	      Default: no

       PhishingAlwaysBlockCloak BOOL
	      Always  block  cloaked URLs, even if URL isn't in database. This
	      can lead to false positives.
	      Default: no

       HeuristicScanPrecedence BOOL
	      Allow heuristic match to take precedence.	 When  enabled,	 if  a
	      heuristic	  scan	(such  as  phishingScan)  detects  a  possible
	      virus/phishing it will stop scanning  immediately.  Recommended,
	      saves  CPU  scan-time. When disabled, virus/phishing detected by
	      heuristic scans will be reported only at the end of a  scan.  If
	      an  archive  contains both a heuristically detected virus/phish‐
	      ing, and a real malware, the real malware will be reported. Keep
	      this  disabled  if you intend to handle "*.Heuristics.*" viruses
	      differently from "real" malware. If a non-heuristically-detected
	      virus  (signature-based) is found first, the scan is interrupted
	      immediately, regardless of this config option.
	      Default: no

       StructuredDataDetection BOOL
	      Enable the DLP module.
	      Default: no

       StructuredMinCreditCardCount NUMBER
	      This option sets the lowest number of Credit Card numbers	 found
	      in a file to generate a detect.
	      Default: 3

       StructuredMinSSNCount NUMBER
	      This  option  sets  the lowest number of Social Security Numbers
	      found in a file to generate a detect.
	      Default: 3

       StructuredSSNFormatNormal BOOL
	      With this option enabled the DLP module will  search  for	 valid
	      SSNs formatted as xxx-yy-zzzz.
	      Default: Yes

       StructuredSSNFormatStripped BOOL
	      With  this  option  enabled the DLP module will search for valid
	      SSNs formatted as xxxyyzzzz.
	      Default: No

       ScanArchive BOOL
	      Enable archive scanning.
	      Default: yes

       ArchiveMaxFileSize (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxFileSize  and

       ArchiveMaxRecursion (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxRecursion.

       ArchiveMaxFiles (OBSOLETE)
	      WARNING: This option is no longer accepted. See MaxFiles.

       ArchiveMaxCompressionRatio (OBSOLETE)
	      WARNING: This option is no longer accepted.

       ArchiveBlockMax (OBSOLETE)
	      WARNING: This option is no longer accepted.

       ArchiveLimitMemoryUsage BOOL
	      Use  slower decompression algorithm which uses less memory. This
	      option only affects the bzip2 decompressor.
	      Default: no

       ArchiveBlockEncrypted BOOL
	      Mark   encrypted	  archives    as    viruses    (Encrypted.Zip,
	      Default: no

       MaxScanSize SIZE
	      Sets  the	 maximum  amount  of data to be scanned for each input
	      file. Archives and other containers  are	recursively  extracted
	      and  scanned  up to this value. Warning: disabling this limit or
	      setting it too high may result in severe damage to the system.
	      Default: 100M

       MaxFileSize SIZE
	      Files larger than this limit won't be scanned. Affects the input
	      file itself as well as files contained inside it (when the input
	      file is an archive, a document or some other kind of container).
	      Warning:	disabling this limit or setting it too high may result
	      in severe damage to the system.
	      Default: 25M

       MaxRecursion NUMBER
	      Nested archives are scanned recursively, e.g. if a  Zip  archive
	      contains	a  RAR file, all files within it will also be scanned.
	      This options specifies how deeply the process should be  contin‐
	      ued.  Warning:  disabling	 this limit or setting it too high may
	      result in severe damage to the system.
	      Default: 16

       MaxFiles NUMBER
	      Number of files to be scanned within an archive, a document,  or
	      any  other  kind	of container. Warning: disabling this limit or
	      setting it too high may result in severe damage to the system.
	      Default: 10000

       ClamukoScanOnAccess BOOL
	      Enable Clamuko. Dazuko (/dev/dazuko) must be configured and run‐
	      Default: no

       ClamukoScannerCount NUMBER
	      The  number  of  scanner	threads that will be started (DazukoFS
	      only). Having multiple scanner threads allows Clamuko  to	 serve
	      multiple	processes simultaneously. This is particularly benefi‐
	      cial on SMP machines.
	      Default: 3

       ClamukoScanOnOpen BOOL
	      Scan files on open.
	      Default: no

       ClamukoScanOnClose BOOL
	      Scan files on close.
	      Default: no.

       ClamukoScanOnExec BOOL
	      Scan files on execute.
	      Default: no

       ClamukoIncludePath STRING
	      Set the include paths (all files	and  directories  inside  them
	      will  be	scanned).  You	can  have  multiple ClamukoIncludePath
	      directives but each directory must be added in a separate line).
	      Default: no

       ClamukoExcludePath STRING
	      Set the exclude paths. All subdirectories will also be excluded.
	      Default: no

       ClamukoMaxFileSize SIZE
	      Ignore files larger than SIZE.
	      Default: 5M

       All options expressing a size are limited to max 4GB. Values in	excess
       will be resetted to the maximum.


       Tomasz Kojm <>

       clamd(8),  clamdscan(1),	 clamav-milter(8),  clamscan(1), freshclam(1),

ClamAV 0.96		       February 12, 2007		 clamd.conf(5)

List of man pages available for aLinux

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net