diff options
Diffstat (limited to 'config/dspam/pkg/clamd.conf')
| -rw-r--r-- | config/dspam/pkg/clamd.conf | 299 |
1 files changed, 299 insertions, 0 deletions
diff --git a/config/dspam/pkg/clamd.conf b/config/dspam/pkg/clamd.conf new file mode 100644 index 00000000..3ce0402f --- /dev/null +++ b/config/dspam/pkg/clamd.conf @@ -0,0 +1,299 @@ +## +## Example config file for the Clam AV daemon +## Please read the clamd.conf(5) manual before editing this file. +## + + +# Comment or remove the line below. +#Example + +# Uncomment this option to enable logging. +# LogFile must be writable for the user running daemon. +# A full path is required. +# Default: disabled +#LogFile /tmp/clamd.log +LogFile /var/log/clamav/clamd.log + +# By default the log file is locked for writing - the lock protects against +# running clamd multiple times (if want to run another clamd, please +# copy the configuration file, change the LogFile variable, and run +# the daemon with --config-file option). +# This option disables log file locking. +# Default: no +#LogFileUnlock yes + +# Maximal size of the log file. +# Value of 0 disables the limit. +# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) +# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size +# in bytes just don't use modifiers. +# Default: 1M +#LogFileMaxSize 2M + +# Log time with each message. +# Default: no +#LogTime yes + +# Also log clean files. Useful in debugging but drastically increases the +# log size. +# Default: no +#LogClean yes + +# Use system logger (can work together with LogFile). +# Default: no +#LogSyslog yes +LogSyslog yes + +# Specify the type of syslog messages - please refer to 'man syslog' +# for facility names. +# Default: LOG_LOCAL6 +#LogFacility LOG_MAIL + +# Enable verbose logging. +# Default: no +#LogVerbose yes + +# This option allows you to save a process identifier of the listening +# daemon (main thread). +# Default: disabled +#PidFile /var/run/clamd.pid +PidFile /var/run/clamav/clamd.pid + +# Optional path to the global temporary directory. +# Default: system specific (usually /tmp or /var/tmp). +#TemporaryDirectory /var/tmp + +# Path to the database directory. +# Default: hardcoded (depends on installation options) +#DatabaseDirectory /var/lib/clamav +DatabaseDirectory /usr/local/share/clamav + +# The daemon works in a local OR a network mode. Due to security reasons we +# recommend the local mode. + +# Path to a local socket file the daemon will listen on. +# Default: disabled (must be specified by a user) +#LocalSocket /tmp/clamd + +# Remove stale socket after unclean shutdown. +# Default: no +FixStaleSocket yes + +# TCP port address. +# Default: no +TCPSocket 3310 + +# TCP address. +# By default we bind to INADDR_ANY, probably not wise. +# Enable the following to provide some degree of protectiyes +# from the outside world. +# Default: no +TCPAddr 127.0.0.1 + +# Maximum length the queue of pending connections may grow to. +# Default: 15 +#MaxConnectionQueueLength 30 + +# Clamd uses FTP-like protocol to receive data from remote clients. +# If you are using clamav-milter to balance load between remote clamd daemons +# on firewall servers you may need to tune the options below. + +# Close the connection when the data size limit is exceeded. +# The value should match your MTA's limit for a maximal attachment size. +# Default: 10M +#StreamMaxLength 20M + +# Limit port range. +# Default: 1024 +#StreamMinPort 30000 +# Default: 2048 +#StreamMaxPort 32000 + +# Maximal number of threads running at the same time. +# Default: 10 +#MaxThreads 20 + +# Waiting for data from a client socket will timeout after this time (seconds). +# Value of 0 disables the timeout. +# Default: 120 +#ReadTimeout 300 + +# Waiting for a new job will timeout after this time (seconds). +# Default: 30 +#IdleTimeout 60 + +# Maximal depth directories are scanned at. +# Default: 15 +#MaxDirectoryRecursion 20 + +# Follow directory symlinks. +# Default: no +#FollowDirectorySymlinks yes + +# Follow regular file symlinks. +# Default: no +#FollowFileSymlinks yes + +# Perform internal sanity check (database integrity and freshness). +# Default: 1800 (30 min) +#SelfCheck 600 + +# Execute a command when virus is found. In the command string %v will +# be replaced by a virus name. +# Default: no +#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" + +# Run as a selected user (clamd must be started by root). +# Default: don't drop privileges +User clamav + +# Initialize supplementary group access (clamd must be started by root). +# Default: no +AllowSupplementaryGroups yes + +# Stop daemon when libclamav reports out of memory condition. +#ExitOnOOM yes + +# Don't fork into background. +# Default: no +#Foreground yes + +# Enable debug messages in libclamav. +# Default: no +#Debug yes + +# Do not remove temporary files (for debug purposes). +# Default: no +#LeaveTemporaryFiles yes + +## +## Executable files +## + +# PE stands for Portable Executable - it's an executable file format used +# in all 32-bit versions of Windows operating systems. This option allows +# ClamAV to perform a deeper analysis of executable files and it's also +# required for decompression of popular executable packers such as UPX, FSG, +# and Petite. +# Default: yes +#ScanPE yes + +# With this option clamav will try to detect broken executables and mark +# them as Broken.Executable +# Default: no +#DetectBrokenExecutables yes + + +## +## Documents +## + +# This option enables scanning of Microsoft Office document macros. +# Default: yes +#ScanOLE2 yes + +## +## Mail files +## + +# Enable internal e-mail scanner. +# Default: yes +#ScanMail yes + +# If an email contains URLs ClamAV can download and scan them. +# WARNING: This option may open your system to a DoS attack. +# Never use it on loaded servers. +# Default: no +#MailFollowURLs no + + +## +## HTML +## + +# Perform HTML normalisation and decryption of MS Script Encoder code. +# Default: yes +#ScanHTML yes + + +## +## Archives +## + +# ClamAV can scan within archives and compressed files. +# Default: yes +#ScanArchive yes + +# The options below protect your system against Denial of Service attacks +# using archive bombs. + +# Files in archives larger than this limit won't be scanned. +# Value of 0 disables the limit. +# Default: 10M +#ArchiveMaxFileSize 15M + +# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR +# file, all files within it will also be scanned. This options specifies how +# deep the process should be continued. +# Value of 0 disables the limit. +# Default: 8 +#ArchiveMaxRecursion 10 + +# Number of files to be scanned within an archive. +# Value of 0 disables the limit. +# Default: 1000 +#ArchiveMaxFiles 1500 + +# If a file in an archive is compressed more than ArchiveMaxCompressionRatio +# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip) +# Value of 0 disables the limit. +# Default: 250 +#ArchiveMaxCompressionRatio 300 + +# Use slower but memory efficient decompression algorithm. +# only affects the bzip2 decompressor. +# Default: no +#ArchiveLimitMemoryUsage yes + +# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). +# Default: no +#ArchiveBlockEncrypted no + +# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) +# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is +# reached. +# Default: no +#ArchiveBlockMax no + + +## +## Clamuko settings +## WARNING: This is experimental software. It is very likely it will hang +## up your system!!! +## + +# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. +# Default: no +#ClamukoScanOnAccess yes + +# Set access mask for Clamuko. +# Default: no +#ClamukoScanOnOpen yes +#ClamukoScanOnClose yes +#ClamukoScanOnExec yes + +# Set the include paths (all files in them will be scanned). You can have +# multiple ClamukoIncludePath directives but each directory must be added +# in a seperate line. +# Default: disabled +#ClamukoIncludePath /home +#ClamukoIncludePath /students + +# Set the exclude paths. All subdirectories are also excluded. +# Default: disabled +#ClamukoExcludePath /home/bofh + +# Don't scan files larger than ClamukoMaxFileSize +# Value of 0 disables the limit. +# Default: 5M +#ClamukoMaxFileSize 10M |