aboutsummaryrefslogtreecommitdiffstats
path: root/config/dspam/pkg/clamd.conf
diff options
context:
space:
mode:
Diffstat (limited to 'config/dspam/pkg/clamd.conf')
-rw-r--r--config/dspam/pkg/clamd.conf299
1 files changed, 299 insertions, 0 deletions
diff --git a/config/dspam/pkg/clamd.conf b/config/dspam/pkg/clamd.conf
new file mode 100644
index 00000000..3ce0402f
--- /dev/null
+++ b/config/dspam/pkg/clamd.conf
@@ -0,0 +1,299 @@
+##
+## Example config file for the Clam AV daemon
+## Please read the clamd.conf(5) manual before editing this file.
+##
+
+
+# Comment or remove the line below.
+#Example
+
+# Uncomment this option to enable logging.
+# LogFile must be writable for the user running daemon.
+# A full path is required.
+# Default: disabled
+#LogFile /tmp/clamd.log
+LogFile /var/log/clamav/clamd.log
+
+# By default the log file is locked for writing - the lock protects against
+# running clamd multiple times (if want to run another clamd, please
+# copy the configuration file, change the LogFile variable, and run
+# the daemon with --config-file option).
+# This option disables log file locking.
+# Default: no
+#LogFileUnlock yes
+
+# Maximal size of the log file.
+# Value of 0 disables the limit.
+# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
+# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
+# in bytes just don't use modifiers.
+# Default: 1M
+#LogFileMaxSize 2M
+
+# Log time with each message.
+# Default: no
+#LogTime yes
+
+# Also log clean files. Useful in debugging but drastically increases the
+# log size.
+# Default: no
+#LogClean yes
+
+# Use system logger (can work together with LogFile).
+# Default: no
+#LogSyslog yes
+LogSyslog yes
+
+# Specify the type of syslog messages - please refer to 'man syslog'
+# for facility names.
+# Default: LOG_LOCAL6
+#LogFacility LOG_MAIL
+
+# Enable verbose logging.
+# Default: no
+#LogVerbose yes
+
+# This option allows you to save a process identifier of the listening
+# daemon (main thread).
+# Default: disabled
+#PidFile /var/run/clamd.pid
+PidFile /var/run/clamav/clamd.pid
+
+# Optional path to the global temporary directory.
+# Default: system specific (usually /tmp or /var/tmp).
+#TemporaryDirectory /var/tmp
+
+# Path to the database directory.
+# Default: hardcoded (depends on installation options)
+#DatabaseDirectory /var/lib/clamav
+DatabaseDirectory /usr/local/share/clamav
+
+# The daemon works in a local OR a network mode. Due to security reasons we
+# recommend the local mode.
+
+# Path to a local socket file the daemon will listen on.
+# Default: disabled (must be specified by a user)
+#LocalSocket /tmp/clamd
+
+# Remove stale socket after unclean shutdown.
+# Default: no
+FixStaleSocket yes
+
+# TCP port address.
+# Default: no
+TCPSocket 3310
+
+# TCP address.
+# By default we bind to INADDR_ANY, probably not wise.
+# Enable the following to provide some degree of protectiyes
+# from the outside world.
+# Default: no
+TCPAddr 127.0.0.1
+
+# Maximum length the queue of pending connections may grow to.
+# Default: 15
+#MaxConnectionQueueLength 30
+
+# Clamd uses FTP-like protocol to receive data from remote clients.
+# If you are using clamav-milter to balance load between remote clamd daemons
+# on firewall servers you may need to tune the options below.
+
+# Close the connection when the data size limit is exceeded.
+# The value should match your MTA's limit for a maximal attachment size.
+# Default: 10M
+#StreamMaxLength 20M
+
+# Limit port range.
+# Default: 1024
+#StreamMinPort 30000
+# Default: 2048
+#StreamMaxPort 32000
+
+# Maximal number of threads running at the same time.
+# Default: 10
+#MaxThreads 20
+
+# Waiting for data from a client socket will timeout after this time (seconds).
+# Value of 0 disables the timeout.
+# Default: 120
+#ReadTimeout 300
+
+# Waiting for a new job will timeout after this time (seconds).
+# Default: 30
+#IdleTimeout 60
+
+# Maximal depth directories are scanned at.
+# Default: 15
+#MaxDirectoryRecursion 20
+
+# Follow directory symlinks.
+# Default: no
+#FollowDirectorySymlinks yes
+
+# Follow regular file symlinks.
+# Default: no
+#FollowFileSymlinks yes
+
+# Perform internal sanity check (database integrity and freshness).
+# Default: 1800 (30 min)
+#SelfCheck 600
+
+# Execute a command when virus is found. In the command string %v will
+# be replaced by a virus name.
+# Default: no
+#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
+
+# Run as a selected user (clamd must be started by root).
+# Default: don't drop privileges
+User clamav
+
+# Initialize supplementary group access (clamd must be started by root).
+# Default: no
+AllowSupplementaryGroups yes
+
+# Stop daemon when libclamav reports out of memory condition.
+#ExitOnOOM yes
+
+# Don't fork into background.
+# Default: no
+#Foreground yes
+
+# Enable debug messages in libclamav.
+# Default: no
+#Debug yes
+
+# Do not remove temporary files (for debug purposes).
+# Default: no
+#LeaveTemporaryFiles yes
+
+##
+## Executable files
+##
+
+# PE stands for Portable Executable - it's an executable file format used
+# in all 32-bit versions of Windows operating systems. This option allows
+# ClamAV to perform a deeper analysis of executable files and it's also
+# required for decompression of popular executable packers such as UPX, FSG,
+# and Petite.
+# Default: yes
+#ScanPE yes
+
+# With this option clamav will try to detect broken executables and mark
+# them as Broken.Executable
+# Default: no
+#DetectBrokenExecutables yes
+
+
+##
+## Documents
+##
+
+# This option enables scanning of Microsoft Office document macros.
+# Default: yes
+#ScanOLE2 yes
+
+##
+## Mail files
+##
+
+# Enable internal e-mail scanner.
+# Default: yes
+#ScanMail yes
+
+# If an email contains URLs ClamAV can download and scan them.
+# WARNING: This option may open your system to a DoS attack.
+# Never use it on loaded servers.
+# Default: no
+#MailFollowURLs no
+
+
+##
+## HTML
+##
+
+# Perform HTML normalisation and decryption of MS Script Encoder code.
+# Default: yes
+#ScanHTML yes
+
+
+##
+## Archives
+##
+
+# ClamAV can scan within archives and compressed files.
+# Default: yes
+#ScanArchive yes
+
+# The options below protect your system against Denial of Service attacks
+# using archive bombs.
+
+# Files in archives larger than this limit won't be scanned.
+# Value of 0 disables the limit.
+# Default: 10M
+#ArchiveMaxFileSize 15M
+
+# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
+# file, all files within it will also be scanned. This options specifies how
+# deep the process should be continued.
+# Value of 0 disables the limit.
+# Default: 8
+#ArchiveMaxRecursion 10
+
+# Number of files to be scanned within an archive.
+# Value of 0 disables the limit.
+# Default: 1000
+#ArchiveMaxFiles 1500
+
+# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
+# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
+# Value of 0 disables the limit.
+# Default: 250
+#ArchiveMaxCompressionRatio 300
+
+# Use slower but memory efficient decompression algorithm.
+# only affects the bzip2 decompressor.
+# Default: no
+#ArchiveLimitMemoryUsage yes
+
+# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
+# Default: no
+#ArchiveBlockEncrypted no
+
+# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
+# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
+# reached.
+# Default: no
+#ArchiveBlockMax no
+
+
+##
+## Clamuko settings
+## WARNING: This is experimental software. It is very likely it will hang
+## up your system!!!
+##
+
+# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
+# Default: no
+#ClamukoScanOnAccess yes
+
+# Set access mask for Clamuko.
+# Default: no
+#ClamukoScanOnOpen yes
+#ClamukoScanOnClose yes
+#ClamukoScanOnExec yes
+
+# Set the include paths (all files in them will be scanned). You can have
+# multiple ClamukoIncludePath directives but each directory must be added
+# in a seperate line.
+# Default: disabled
+#ClamukoIncludePath /home
+#ClamukoIncludePath /students
+
+# Set the exclude paths. All subdirectories are also excluded.
+# Default: disabled
+#ClamukoExcludePath /home/bofh
+
+# Don't scan files larger than ClamukoMaxFileSize
+# Value of 0 disables the limit.
+# Default: 5M
+#ClamukoMaxFileSize 10M