clamd.conf 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715
  1. ##
  2. ## Example config file for the Clam AV daemon
  3. ## Please read the clamd.conf(5) manual before editing this file.
  4. ##
  5. # Comment or remove the line below.
  6. # Example
  7. # Uncomment this option to enable logging.
  8. # LogFile must be writable for the user running daemon.
  9. # A full path is required.
  10. # Default: disabled
  11. LogFile /var/log/clamav/clamd.log
  12. # By default the log file is locked for writing - the lock protects against
  13. # running clamd multiple times (if want to run another clamd, please
  14. # copy the configuration file, change the LogFile variable, and run
  15. # the daemon with --config-file option).
  16. # This option disables log file locking.
  17. # Default: no
  18. #LogFileUnlock yes
  19. # Maximum size of the log file.
  20. # Value of 0 disables the limit.
  21. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  22. # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  23. # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
  24. # rotation (the LogRotate option) will always be enabled.
  25. # Default: 1M
  26. #LogFileMaxSize 2M
  27. # Log time with each message.
  28. # Default: no
  29. LogTime yes
  30. # Also log clean files. Useful in debugging but drastically increases the
  31. # log size.
  32. # Default: no
  33. #LogClean yes
  34. # Use system logger (can work together with LogFile).
  35. # Default: no
  36. #LogSyslog yes
  37. # Specify the type of syslog messages - please refer to 'man syslog'
  38. # for facility names.
  39. # Default: LOG_LOCAL6
  40. #LogFacility LOG_MAIL
  41. # Enable verbose logging.
  42. # Default: no
  43. #LogVerbose yes
  44. # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
  45. # Default: no
  46. #LogRotate yes
  47. # Enable Prelude output.
  48. # Default: no
  49. #PreludeEnable yes
  50. #
  51. # Set the name of the analyzer used by prelude-admin.
  52. # Default: ClamAV
  53. #PreludeAnalyzerName ClamAV
  54. # Log additional information about the infected file, such as its
  55. # size and hash, together with the virus name.
  56. #ExtendedDetectionInfo yes
  57. # This option allows you to save a process identifier of the listening
  58. # daemon (main thread).
  59. # Default: disabled
  60. PidFile /run/clamav/clamd.pid
  61. # Optional path to the global temporary directory.
  62. # Default: system specific (usually /tmp or /var/tmp).
  63. #TemporaryDirectory /var/tmp
  64. # Path to the database directory.
  65. # Default: hardcoded (depends on installation options)
  66. #DatabaseDirectory /var/lib/clamav
  67. # Only load the official signatures published by the ClamAV project.
  68. # Default: no
  69. #OfficialDatabaseOnly no
  70. # The daemon can work in local mode, network mode or both.
  71. # Due to security reasons we recommend the local mode.
  72. # Path to a local socket file the daemon will listen on.
  73. # Default: disabled (must be specified by a user)
  74. LocalSocket /run/clamav/clamd.sock
  75. # Sets the group ownership on the unix socket.
  76. # Default: disabled (the primary group of the user running clamd)
  77. #LocalSocketGroup virusgroup
  78. # Sets the permissions on the unix socket to the specified mode.
  79. # Default: disabled (socket is world accessible)
  80. #LocalSocketMode 660
  81. # Remove stale socket after unclean shutdown.
  82. # Default: yes
  83. #FixStaleSocket yes
  84. # TCP port address.
  85. # Default: no
  86. TCPSocket 3310
  87. # TCP address.
  88. # By default we bind to INADDR_ANY, probably not wise.
  89. # Enable the following to provide some degree of protection
  90. # from the outside world. This option can be specified multiple
  91. # times if you want to listen on multiple IPs. IPv6 is now supported.
  92. # Default: no
  93. #TCPAddr 127.0.0.1
  94. # Maximum length the queue of pending connections may grow to.
  95. # Default: 200
  96. #MaxConnectionQueueLength 30
  97. # Clamd uses FTP-like protocol to receive data from remote clients.
  98. # If you are using clamav-milter to balance load between remote clamd daemons
  99. # on firewall servers you may need to tune the options below.
  100. # Close the connection when the data size limit is exceeded.
  101. # The value should match your MTA's limit for a maximum attachment size.
  102. # Default: 25M
  103. #StreamMaxLength 10M
  104. # Limit port range.
  105. # Default: 1024
  106. #StreamMinPort 30000
  107. # Default: 2048
  108. #StreamMaxPort 32000
  109. # Maximum number of threads running at the same time.
  110. # Default: 10
  111. #MaxThreads 20
  112. # Waiting for data from a client socket will timeout after this time (seconds).
  113. # Default: 120
  114. #ReadTimeout 300
  115. # This option specifies the time (in seconds) after which clamd should
  116. # timeout if a client doesn't provide any initial command after connecting.
  117. # Default: 5
  118. #CommandReadTimeout 5
  119. # This option specifies how long to wait (in milliseconds) if the send buffer
  120. # is full.
  121. # Keep this value low to prevent clamd hanging
  122. #
  123. # Default: 500
  124. #SendBufTimeout 200
  125. # Maximum number of queued items (including those being processed by
  126. # MaxThreads threads)
  127. # It is recommended to have this value at least twice MaxThreads if possible.
  128. # WARNING: you shouldn't increase this too much to avoid running out of file
  129. # descriptors,
  130. # the following condition should hold:
  131. # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
  132. # max is 1024)
  133. #
  134. # Default: 100
  135. #MaxQueue 200
  136. # Waiting for a new job will timeout after this time (seconds).
  137. # Default: 30
  138. #IdleTimeout 60
  139. # Don't scan files and directories matching regex
  140. # This directive can be used multiple times
  141. # Default: scan all
  142. #ExcludePath ^/proc/
  143. #ExcludePath ^/sys/
  144. # Maximum depth directories are scanned at.
  145. # Default: 15
  146. #MaxDirectoryRecursion 20
  147. # Follow directory symlinks.
  148. # Default: no
  149. #FollowDirectorySymlinks yes
  150. # Follow regular file symlinks.
  151. # Default: no
  152. #FollowFileSymlinks yes
  153. # Scan files and directories on other filesystems.
  154. # Default: yes
  155. #CrossFilesystems yes
  156. # Perform a database check.
  157. # Default: 600 (10 min)
  158. #SelfCheck 600
  159. # Execute a command when virus is found. In the command string %v will
  160. # be replaced with the virus name.
  161. # Default: no
  162. #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
  163. # Run as another user (clamd must be started by root for this option to work)
  164. # Default: don't drop privileges
  165. User clamav
  166. # Stop daemon when libclamav reports out of memory condition.
  167. #ExitOnOOM yes
  168. # Don't fork into background.
  169. # Default: no
  170. #Foreground yes
  171. # Enable debug messages in libclamav.
  172. # Default: no
  173. #Debug yes
  174. # Do not remove temporary files (for debug purposes).
  175. # Default: no
  176. #LeaveTemporaryFiles yes
  177. # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
  178. # any ALLMATCHSCAN command as invalid.
  179. # Default: yes
  180. #AllowAllMatchScan no
  181. # Detect Possibly Unwanted Applications.
  182. # Default: no
  183. #DetectPUA yes
  184. # Exclude a specific PUA category. This directive can be used multiple times.
  185. # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
  186. # the complete list of PUA categories.
  187. # Default: Load all categories (if DetectPUA is activated)
  188. #ExcludePUA NetTool
  189. #ExcludePUA PWTool
  190. # Only include a specific PUA category. This directive can be used multiple
  191. # times.
  192. # Default: Load all categories (if DetectPUA is activated)
  193. #IncludePUA Spy
  194. #IncludePUA Scanner
  195. #IncludePUA RAT
  196. # In some cases (eg. complex malware, exploits in graphic files, and others),
  197. # ClamAV uses special algorithms to provide accurate detection. This option
  198. # controls the algorithmic detection.
  199. # Default: yes
  200. #AlgorithmicDetection yes
  201. # This option causes memory or nested map scans to dump the content to disk.
  202. # If you turn on this option, more data is written to disk and is available
  203. # when the LeaveTemporaryFiles option is enabled.
  204. #ForceToDisk yes
  205. # This option allows you to disable the caching feature of the engine. By
  206. # default, the engine will store an MD5 in a cache of any files that are
  207. # not flagged as virus or that hit limits checks. Disabling the cache will
  208. # have a negative performance impact on large scans.
  209. # Default: no
  210. #DisableCache yes
  211. ##
  212. ## Executable files
  213. ##
  214. # PE stands for Portable Executable - it's an executable file format used
  215. # in all 32 and 64-bit versions of Windows operating systems. This option
  216. # allows ClamAV to perform a deeper analysis of executable files and it's also
  217. # required for decompression of popular executable packers such as UPX, FSG,
  218. # and Petite. If you turn off this option, the original files will still be
  219. # scanned, but without additional processing.
  220. # Default: yes
  221. #ScanPE yes
  222. # Certain PE files contain an authenticode signature. By default, we check
  223. # the signature chain in the PE file against a database of trusted and
  224. # revoked certificates if the file being scanned is marked as a virus.
  225. # If any certificate in the chain validates against any trusted root, but
  226. # does not match any revoked certificate, the file is marked as whitelisted.
  227. # If the file does match a revoked certificate, the file is marked as virus.
  228. # The following setting completely turns off authenticode verification.
  229. # Default: no
  230. #DisableCertCheck yes
  231. # Executable and Linking Format is a standard format for UN*X executables.
  232. # This option allows you to control the scanning of ELF files.
  233. # If you turn off this option, the original files will still be scanned, but
  234. # without additional processing.
  235. # Default: yes
  236. #ScanELF yes
  237. # With this option clamav will try to detect broken executables (both PE and
  238. # ELF) and mark them as Broken.Executable.
  239. # Default: no
  240. #DetectBrokenExecutables yes
  241. ##
  242. ## Documents
  243. ##
  244. # This option enables scanning of OLE2 files, such as Microsoft Office
  245. # documents and .msi files.
  246. # If you turn off this option, the original files will still be scanned, but
  247. # without additional processing.
  248. # Default: yes
  249. #ScanOLE2 yes
  250. # With this option enabled OLE2 files with VBA macros, which were not
  251. # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
  252. # Default: no
  253. #OLE2BlockMacros no
  254. # This option enables scanning within PDF files.
  255. # If you turn off this option, the original files will still be scanned, but
  256. # without decoding and additional processing.
  257. # Default: yes
  258. #ScanPDF yes
  259. # This option enables scanning within SWF files.
  260. # If you turn off this option, the original files will still be scanned, but
  261. # without decoding and additional processing.
  262. # Default: yes
  263. #ScanSWF yes
  264. # This option enables scanning xml-based document files supported by libclamav.
  265. # If you turn off this option, the original files will still be scanned, but
  266. # without additional processing.
  267. # Default: yes
  268. #ScanXMLDOCS yes
  269. # This option enables scanning of HWP3 files.
  270. # If you turn off this option, the original files will still be scanned, but
  271. # without additional processing.
  272. # Default: yes
  273. #ScanHWP3 yes
  274. ##
  275. ## Mail files
  276. ##
  277. # Enable internal e-mail scanner.
  278. # If you turn off this option, the original files will still be scanned, but
  279. # without parsing individual messages/attachments.
  280. # Default: yes
  281. #ScanMail yes
  282. # Scan RFC1341 messages split over many emails.
  283. # You will need to periodically clean up $TemporaryDirectory/clamav-partial
  284. # directory.
  285. # WARNING: This option may open your system to a DoS attack.
  286. # Never use it on loaded servers.
  287. # Default: no
  288. #ScanPartialMessages yes
  289. # With this option enabled ClamAV will try to detect phishing attempts by using
  290. # signatures.
  291. # Default: yes
  292. #PhishingSignatures yes
  293. # Scan URLs found in mails for phishing attempts using heuristics.
  294. # Default: yes
  295. #PhishingScanURLs yes
  296. # Always block SSL mismatches in URLs, even if the URL isn't in the database.
  297. # This can lead to false positives.
  298. #
  299. # Default: no
  300. #PhishingAlwaysBlockSSLMismatch no
  301. # Always block cloaked URLs, even if URL isn't in database.
  302. # This can lead to false positives.
  303. #
  304. # Default: no
  305. #PhishingAlwaysBlockCloak no
  306. # Detect partition intersections in raw disk images using heuristics.
  307. # Default: no
  308. #PartitionIntersection no
  309. # Allow heuristic match to take precedence.
  310. # When enabled, if a heuristic scan (such as phishingScan) detects
  311. # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
  312. # scan-time.
  313. # When disabled, virus/phish detected by heuristic scans will be reported
  314. # only at the end of a scan. If an archive contains both a heuristically
  315. # detected virus/phish, and a real malware, the real malware will be reported.
  316. #
  317. # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
  318. # differently from "real" malware.
  319. # If a non-heuristically-detected virus (signature-based) is found first,
  320. # the scan is interrupted immediately, regardless of this config option.
  321. #
  322. # Default: no
  323. #HeuristicScanPrecedence yes
  324. ##
  325. ## Data Loss Prevention (DLP)
  326. ##
  327. # Enable the DLP module
  328. # Default: No
  329. #StructuredDataDetection yes
  330. # This option sets the lowest number of Credit Card numbers found in a file
  331. # to generate a detect.
  332. # Default: 3
  333. #StructuredMinCreditCardCount 5
  334. # This option sets the lowest number of Social Security Numbers found
  335. # in a file to generate a detect.
  336. # Default: 3
  337. #StructuredMinSSNCount 5
  338. # With this option enabled the DLP module will search for valid
  339. # SSNs formatted as xxx-yy-zzzz
  340. # Default: yes
  341. #StructuredSSNFormatNormal yes
  342. # With this option enabled the DLP module will search for valid
  343. # SSNs formatted as xxxyyzzzz
  344. # Default: no
  345. #StructuredSSNFormatStripped yes
  346. ##
  347. ## HTML
  348. ##
  349. # Perform HTML normalisation and decryption of MS Script Encoder code.
  350. # Default: yes
  351. # If you turn off this option, the original files will still be scanned, but
  352. # without additional processing.
  353. #ScanHTML yes
  354. ##
  355. ## Archives
  356. ##
  357. # ClamAV can scan within archives and compressed files.
  358. # If you turn off this option, the original files will still be scanned, but
  359. # without unpacking and additional processing.
  360. # Default: yes
  361. #ScanArchive yes
  362. # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
  363. # Default: no
  364. #ArchiveBlockEncrypted no
  365. ##
  366. ## Limits
  367. ##
  368. # The options below protect your system against Denial of Service attacks
  369. # using archive bombs.
  370. # This option sets the maximum amount of data to be scanned for each input
  371. # file.
  372. # Archives and other containers are recursively extracted and scanned up to
  373. # this value.
  374. # Value of 0 disables the limit
  375. # Note: disabling this limit or setting it too high may result in severe damage
  376. # to the system.
  377. # Default: 100M
  378. #MaxScanSize 150M
  379. # Files larger than this limit won't be scanned. Affects the input file itself
  380. # as well as files contained inside it (when the input file is an archive, a
  381. # document or some other kind of container).
  382. # Value of 0 disables the limit.
  383. # Note: disabling this limit or setting it too high may result in severe damage
  384. # to the system.
  385. # Default: 25M
  386. #MaxFileSize 30M
  387. # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
  388. # file, all files within it will also be scanned. This options specifies how
  389. # deeply the process should be continued.
  390. # Note: setting this limit too high may result in severe damage to the system.
  391. # Default: 16
  392. #MaxRecursion 10
  393. # Number of files to be scanned within an archive, a document, or any other
  394. # container file.
  395. # Value of 0 disables the limit.
  396. # Note: disabling this limit or setting it too high may result in severe damage
  397. # to the system.
  398. # Default: 10000
  399. #MaxFiles 15000
  400. # Maximum size of a file to check for embedded PE. Files larger than this value
  401. # will skip the additional analysis step.
  402. # Note: disabling this limit or setting it too high may result in severe damage
  403. # to the system.
  404. # Default: 10M
  405. #MaxEmbeddedPE 10M
  406. # Maximum size of a HTML file to normalize. HTML files larger than this value
  407. # will not be normalized or scanned.
  408. # Note: disabling this limit or setting it too high may result in severe damage
  409. # to the system.
  410. # Default: 10M
  411. #MaxHTMLNormalize 10M
  412. # Maximum size of a normalized HTML file to scan. HTML files larger than this
  413. # value after normalization will not be scanned.
  414. # Note: disabling this limit or setting it too high may result in severe damage
  415. # to the system.
  416. # Default: 2M
  417. #MaxHTMLNoTags 2M
  418. # Maximum size of a script file to normalize. Script content larger than this
  419. # value will not be normalized or scanned.
  420. # Note: disabling this limit or setting it too high may result in severe damage
  421. # to the system.
  422. # Default: 5M
  423. #MaxScriptNormalize 5M
  424. # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
  425. # than this value will skip the step to potentially reanalyze as PE.
  426. # Note: disabling this limit or setting it too high may result in severe damage
  427. # to the system.
  428. # Default: 1M
  429. #MaxZipTypeRcg 1M
  430. # This option sets the maximum number of partitions of a raw disk image to be
  431. # scanned.
  432. # Raw disk images with more partitions than this value will have up to
  433. # the value number partitions scanned. Negative values are not allowed.
  434. # Note: setting this limit too high may result in severe damage or impact
  435. # performance.
  436. # Default: 50
  437. #MaxPartitions 128
  438. # This option sets the maximum number of icons within a PE to be scanned.
  439. # PE files with more icons than this value will have up to the value number
  440. # icons scanned.
  441. # Negative values are not allowed.
  442. # WARNING: setting this limit too high may result in severe damage or impact
  443. # performance.
  444. # Default: 100
  445. #MaxIconsPE 200
  446. # This option sets the maximum recursive calls for HWP3 parsing during
  447. # scanning. HWP3 files using more than this limit will be terminated and
  448. # alert the user.
  449. # Scans will be unable to scan any HWP3 attachments if the recursive limit
  450. # is reached.
  451. # Negative values are not allowed.
  452. # WARNING: setting this limit too high may result in severe damage or impact
  453. # performance.
  454. # Default: 16
  455. #MaxRecHWP3 16
  456. # This option sets the maximum calls to the PCRE match function during
  457. # an instance of regex matching.
  458. # Instances using more than this limit will be terminated and alert the user
  459. # but the scan will continue.
  460. # For more information on match_limit, see the PCRE documentation.
  461. # Negative values are not allowed.
  462. # WARNING: setting this limit too high may severely impact performance.
  463. # Default: 100000
  464. #PCREMatchLimit 20000
  465. # This option sets the maximum recursive calls to the PCRE match function
  466. # during an instance of regex matching.
  467. # Instances using more than this limit will be terminated and alert the user
  468. # but the scan will continue.
  469. # For more information on match_limit_recursion, see the PCRE documentation.
  470. # Negative values are not allowed and values > PCREMatchLimit are superfluous.
  471. # WARNING: setting this limit too high may severely impact performance.
  472. # Default: 5000
  473. #PCRERecMatchLimit 10000
  474. # This option sets the maximum filesize for which PCRE subsigs will be
  475. # executed. Files exceeding this limit will not have PCRE subsigs executed
  476. # unless a subsig is encompassed to a smaller buffer.
  477. # Negative values are not allowed.
  478. # Setting this value to zero disables the limit.
  479. # WARNING: setting this limit too high or disabling it may severely impact
  480. # performance.
  481. # Default: 25M
  482. #PCREMaxFileSize 100M
  483. # When BlockMax is set, files exceeding the MaxFileSize, MaxScanSize, or
  484. # MaxRecursion limit will be flagged with the virus
  485. # "Heuristic.Limits.Exceeded".
  486. # Default: no
  487. #BlockMax yes
  488. ##
  489. ## On-access Scan Settings
  490. ##
  491. # Enable on-access scanning. Currently, this is supported via fanotify.
  492. # Clamuko/Dazuko support has been deprecated.
  493. # Default: no
  494. #ScanOnAccess yes
  495. # Set the mount point to be scanned. The mount point specified, or the mount
  496. # point containing the specified directory will be watched. If any directories
  497. # are specified, this option will preempt the DDD system. This will notify
  498. # only. It can be used multiple times.
  499. # (On-access scan only)
  500. # Default: disabled
  501. #OnAccessMountPath /
  502. #OnAccessMountPath /home/user
  503. # Don't scan files larger than OnAccessMaxFileSize
  504. # Value of 0 disables the limit.
  505. # Default: 5M
  506. #OnAccessMaxFileSize 10M
  507. # Set the include paths (all files inside them will be scanned). You can have
  508. # multiple OnAccessIncludePath directives but each directory must be added
  509. # in a separate line. (On-access scan only)
  510. # Default: disabled
  511. #OnAccessIncludePath /home
  512. #OnAccessIncludePath /students
  513. # Set the exclude paths. All subdirectories are also excluded.
  514. # (On-access scan only)
  515. # Default: disabled
  516. #OnAccessExcludePath /home/bofh
  517. # With this option you can whitelist the root UID (0). Processes run under
  518. # root with be able to access all files without triggering scans or
  519. # permission denied events.
  520. # Note that if clamd cannot check the uid of the process that generated an
  521. # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
  522. # the process already exited), clamd will perform a scan. Thus, setting
  523. # OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
  524. # root user from triggering a scan (unless OnAccessPrevention is enabled).
  525. # Default: no
  526. #OnAccessExcludeRootUID no
  527. # With this option you can whitelist specific UIDs. Processes with these UIDs
  528. # will be able to access all files without triggering scans or permission
  529. # denied events.
  530. # This option can be used multiple times (one per line).
  531. # Using a value of 0 on any line will disable this option entirely.
  532. # To whitelist the root UID (0) please enable the OnAccessExcludeRootUID
  533. # option.
  534. # Also note that if clamd cannot check the uid of the process that generated an
  535. # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
  536. # the process already exited), clamd will perform a scan. Thus, setting
  537. # OnAccessExcludeUID is not *guaranteed* to prevent every access by the
  538. # specified uid from triggering a scan (unless OnAccessPrevention is enabled).
  539. # Default: disabled
  540. #OnAccessExcludeUID -1
  541. # Toggles dynamic directory determination. Allows for recursively watching
  542. # include paths.
  543. # (On-access scan only)
  544. # Default: no
  545. #OnAccessDisableDDD yes
  546. # Modifies fanotify blocking behaviour when handling permission events.
  547. # If off, fanotify will only notify if the file scanned is a virus,
  548. # and not perform any blocking.
  549. # (On-access scan only)
  550. # Default: no
  551. #OnAccessPrevention yes
  552. # Toggles extra scanning and notifications when a file or directory is
  553. # created or moved.
  554. # Requires the DDD system to kick-off extra scans.
  555. # NOTE: This feature is disabled until a thread resource leak bug
  556. # in the OnAccessExtraScanning code can be resolved.
  557. # (On-access scan only)
  558. # Default: no
  559. #OnAccessExtraScanning yes
  560. ##
  561. ## Bytecode
  562. ##
  563. # With this option enabled ClamAV will load bytecode from the database.
  564. # It is highly recommended you keep this option on, otherwise you'll miss
  565. # detections for many new viruses.
  566. # Default: yes
  567. #Bytecode yes
  568. # Set bytecode security level.
  569. # Possible values:
  570. # None - No security at all, meant for debugging.
  571. # DO NOT USE THIS ON PRODUCTION SYSTEMS.
  572. # This value is only available if clamav was built
  573. # with --enable-debug!
  574. # TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
  575. # runtime safety checks for bytecode loaded from other sources.
  576. # Paranoid - Don't trust any bytecode, insert runtime checks for all.
  577. # Recommended: TrustSigned, because bytecode in .cvd files already has these
  578. # checks.
  579. # Note that by default only signed bytecode is loaded, currently you can only
  580. # load unsigned bytecode in --enable-debug mode.
  581. #
  582. # Default: TrustSigned
  583. #BytecodeSecurity TrustSigned
  584. # Set bytecode timeout in milliseconds.
  585. #
  586. # Default: 5000
  587. # BytecodeTimeout 1000
  588. ##
  589. ## Statistics gathering and submitting
  590. ##