##
\n## Example config file for the Clam AV daemon
\n## Please read the clamd.conf(5) manual before editing this file.
\n##<\/p>\n
# Comment or remove the line below.
\n#Example<\/p>\n
# Uncomment this option to enable logging.
\n# LogFile must be writable for the user running daemon.
\n# A full path is required.
\n# Default: disabled
\nLogFile \/var\/log\/clamav\/clamd.log<\/p>\n
# By default the log file is locked for writing – the lock protects against
\n# running clamd multiple times (if want to run another clamd, please
\n# copy the configuration file, change the LogFile variable, and run
\n# the daemon with –config-file option).
\n# This option disables log file locking.
\n# Default: no
\n#LogFileUnlock yes<\/p>\n
# Maximum size of the log file.
\n# Value of 0 disables the limit.
\n# You may use ‘M’ or ‘m’ for megabytes (1M = 1m = 1048576 bytes)
\n# and ‘K’ or ‘k’ for kilobytes (1K = 1k = 1024 bytes). To specify the size
\n# in bytes just don’t use modifiers. If LogFileMaxSize is enabled, log
\n# rotation (the LogRotate option) will always be enabled.
\n# Default: 1M
\nLogFileMaxSize 2M<\/p>\n
# Log time with each message.
\n# Default: no
\n#LogTime yes<\/p>\n
# Also log clean files. Useful in debugging but drastically increases the
\n# log size.
\n# Default: no
\n#LogClean yes<\/p>\n
# Use system logger (can work together with LogFile).
\n# Default: no
\nLogSyslog yes<\/p>\n
# Specify the type of syslog messages – please refer to ‘man syslog’
\n# for facility names.
\n# Default: LOG_LOCAL6
\n#LogFacility LOG_MAIL<\/p>\n
# Enable verbose logging.
\n# Default: no
\n#LogVerbose yes<\/p>\n
# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
\n# Default: no
\n#LogRotate yes<\/p>\n
# Log additional information about the infected file, such as its
\n# size and hash, together with the virus name.
\n#ExtendedDetectionInfo yes<\/p>\n
# This option allows you to save a process identifier of the listening
\n# daemon (main thread).
\n# Default: disabled
\nPidFile \/var\/run\/clamd.pid<\/p>\n
# Optional path to the global temporary directory.
\n# Default: system specific (usually \/tmp or \/var\/tmp).
\n#TemporaryDirectory \/var\/tmp<\/p>\n
# Path to the database directory.
\n# Default: hardcoded (depends on installation options)
\nDatabaseDirectory \/var\/clamav<\/p>\n
# Only load the official signatures published by the ClamAV project.
\n# Default: no
\n#OfficialDatabaseOnly no<\/p>\n
# The daemon can work in local mode, network mode or both.
\n# Due to security reasons we recommend the local mode.<\/p>\n
# Path to a local socket file the daemon will listen on.
\n# Default: disabled (must be specified by a user)
\nLocalSocket \/tmp\/clamd.socket<\/p>\n
# Sets the group ownership on the unix socket.
\n# Default: disabled (the primary group of the user running clamd)
\n#LocalSocketGroup virusgroup<\/p>\n
# Sets the permissions on the unix socket to the specified mode.
\n# Default: disabled (socket is world accessible)
\n#LocalSocketMode 660<\/p>\n
# Remove stale socket after unclean shutdown.
\n# Default: yes
\n#FixStaleSocket yes<\/p>\n
# TCP port address.
\n# Default: no
\nTCPSocket 3310<\/p>\n
# TCP address.
\n# By default we bind to INADDR_ANY, probably not wise.
\n# Enable the following to provide some degree of protection
\n# from the outside world. This option can be specified multiple
\n# times if you want to listen on multiple IPs. IPv6 is now supported.
\n# Default: no
\nTCPAddr 127.0.0.1<\/p>\n
# Maximum length the queue of pending connections may grow to.
\n# Default: 200
\nMaxConnectionQueueLength 30<\/p>\n
# Clamd uses FTP-like protocol to receive data from remote clients.
\n# If you are using clamav-milter to balance load between remote clamd daemons
\n# on firewall servers you may need to tune the options below.<\/p>\n
# Close the connection when the data size limit is exceeded.
\n# The value should match your MTA’s limit for a maximum attachment size.
\n# Default: 25M
\nStreamMaxLength 55M<\/p>\n
# Limit port range.
\n# Default: 1024
\n#StreamMinPort 30000
\n# Default: 2048
\n#StreamMaxPort 32000<\/p>\n
# Maximum number of threads running at the same time.
\n# Default: 10
\nMaxThreads 20<\/p>\n
# Waiting for data from a client socket will timeout after this time (seconds).
\n# Default: 120
\nReadTimeout 300<\/p>\n
# This option specifies the time (in seconds) after which clamd should
\n# timeout if a client doesn’t provide any initial command after connecting.
\n# Default: 5
\n#CommandReadTimeout 5<\/p>\n
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
\n# Keep this value low to prevent clamd hanging
\n#
\n# Default: 500
\n#SendBufTimeout 200<\/p>\n
# Maximum number of queued items (including those being processed by MaxThreads threads)
\n# It is recommended to have this value at least twice MaxThreads if possible.
\n# WARNING: you shouldn’t increase this too much to avoid running out of file descriptors,
\n# the following condition should hold:
\n# MaxThreads*MaxRecursion + (MaxQueue – MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)\n#\n# Default: 100\n#MaxQueue 200\n\n# Waiting for a new job will timeout after this time (seconds).\n# Default: 30\n#IdleTimeout 60\n\n# Don't scan files and directories matching regex\n# This directive can be used multiple times\n# Default: scan all\n#ExcludePath ^\/proc\/\n#ExcludePath ^\/sys\/\n\n# Maximum depth directories are scanned at.\n# Default: 15\n#MaxDirectoryRecursion 20\n\n# Follow directory symlinks.\n# Default: no\n#FollowDirectorySymlinks yes\n\n# Follow regular file symlinks.\n# Default: no\n#FollowFileSymlinks yes\n\n# Scan files and directories on other filesystems.\n# Default: yes\n#CrossFilesystems yes\n\n# Perform a database check.\n# Default: 600 (10 min)\n#SelfCheck 600\n\n# Execute a command when virus is found. In the command string %v will\n# be replaced with the virus name.\n# Default: no\n#VirusEvent \/usr\/local\/bin\/send_sms 123456789 \"VIRUS ALERT: %v\"\n\n# Run as another user (clamd must be started by root for this option to work)\n# Default: don't drop privileges\nUser clamav\n\n# Initialize supplementary group access (clamd must be started by root).\n# Default: no\nAllowSupplementaryGroups no\n\n# Stop daemon when libclamav reports out of memory condition.\n#ExitOnOOM yes\n\n# Don't fork into background.\n# Default: no\n#Foreground yes\n\n# Enable debug messages in libclamav.\n# Default: no\n#Debug yes\n\n# Do not remove temporary files (for debug purposes).\n# Default: no\n#LeaveTemporaryFiles yes\n\n# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject\n# any ALLMATCHSCAN command as invalid.\n# Default: yes\n#AllowAllMatchScan no\n\n# Detect Possibly Unwanted Applications.\n# Default: no\n#DetectPUA yes\n\n# Exclude a specific PUA category. This directive can be used multiple times.\n# See https:\/\/github.com\/vrtadmin\/clamav-faq\/blob\/master\/faq\/faq-pua.md for \n# the complete list of PUA categories.\n# Default: Load all categories (if DetectPUA is activated)\n#ExcludePUA NetTool\n#ExcludePUA PWTool\n\n# Only include a specific PUA category. This directive can be used multiple\n# times.\n# Default: Load all categories (if DetectPUA is activated)\n#IncludePUA Spy\n#IncludePUA Scanner\n#IncludePUA RAT\n\n# In some cases (eg. complex malware, exploits in graphic files, and others),\n# ClamAV uses special algorithms to provide accurate detection. This option\n# controls the algorithmic detection.\n# Default: yes\n#AlgorithmicDetection yes\n\n# This option causes memory or nested map scans to dump the content to disk.\n# If you turn on this option, more data is written to disk and is available\n# when the LeaveTemporaryFiles option is enabled.\n#ForceToDisk yes\n\n# This option allows you to disable the caching feature of the engine. By\n# default, the engine will store an MD5 in a cache of any files that are\n# not flagged as virus or that hit limits checks. Disabling the cache will\n# have a negative performance impact on large scans.\n# Default: no\n#DisableCache yes\n\n##\n## Executable files\n##\n\n# PE stands for Portable Executable - it's an executable file format used\n# in all 32 and 64-bit versions of Windows operating systems. This option allows\n# ClamAV to perform a deeper analysis of executable files and it's also\n# required for decompression of popular executable packers such as UPX, FSG,\n# and Petite. If you turn off this option, the original files will still be\n# scanned, but without additional processing.\n# Default: yes\nScanPE yes\n\n# Certain PE files contain an authenticode signature. By default, we check\n# the signature chain in the PE file against a database of trusted and\n# revoked certificates if the file being scanned is marked as a virus.\n# If any certificate in the chain validates against any trusted root, but\n# does not match any revoked certificate, the file is marked as whitelisted.\n# If the file does match a revoked certificate, the file is marked as virus.\n# The following setting completely turns off authenticode verification.\n# Default: no\n#DisableCertCheck yes\n\n# Executable and Linking Format is a standard format for UN*X executables.\n# This option allows you to control the scanning of ELF files.\n# If you turn off this option, the original files will still be scanned, but\n# without additional processing.\n# Default: yes\n#ScanELF yes\n\n# With this option clamav will try to detect broken executables (both PE and\n# ELF) and mark them as Broken.Executable.\n# Default: no\n#DetectBrokenExecutables yes\n\n\n##\n## Documents\n##\n\n# This option enables scanning of OLE2 files, such as Microsoft Office\n# documents and .msi files.\n# If you turn off this option, the original files will still be scanned, but\n# without additional processing.\n# Default: yes\n#ScanOLE2 yes\n\n# With this option enabled OLE2 files with VBA macros, which were not\n# detected by signatures will be marked as \"Heuristics.OLE2.ContainsMacros\".\n# Default: no\n#OLE2BlockMacros no\n\n# This option enables scanning within PDF files.\n# If you turn off this option, the original files will still be scanned, but\n# without decoding and additional processing.\n# Default: yes\n#ScanPDF yes\n\n# This option enables scanning within SWF files.\n# If you turn off this option, the original files will still be scanned, but\n# without decoding and additional processing.\n# Default: yes\n#ScanSWF yes\n\n\n##\n## Mail files\n##\n\n# Enable internal e-mail scanner.\n# If you turn off this option, the original files will still be scanned, but\n# without parsing individual messages\/attachments.\n# Default: yes\nScanMail yes\n\n# Scan RFC1341 messages split over many emails.\n# You will need to periodically clean up $TemporaryDirectory\/clamav-partial directory.\n# WARNING: This option may open your system to a DoS attack.\n#\t Never use it on loaded servers.\n# Default: no\n#ScanPartialMessages yes\n\n# With this option enabled ClamAV will try to detect phishing attempts by using\n# signatures.\n# Default: yes\n#PhishingSignatures yes\n\n# Scan URLs found in mails for phishing attempts using heuristics.\n# Default: yes\n#PhishingScanURLs yes\n\n# Always block SSL mismatches in URLs, even if the URL isn't in the database.\n# This can lead to false positives.\n#\n# Default: no\n#PhishingAlwaysBlockSSLMismatch no\n\n# Always block cloaked URLs, even if URL isn't in database.\n# This can lead to false positives.\n#\n# Default: no\n#PhishingAlwaysBlockCloak no\n\n# Detect partition intersections in raw disk images using heuristics.\n# Default: no\n#PartitionIntersection no\n\n# Allow heuristic match to take precedence.\n# When enabled, if a heuristic scan (such as phishingScan) detects\n# a possible virus\/phish it will stop scan immediately. Recommended, saves CPU\n# scan-time.\n# When disabled, virus\/phish detected by heuristic scans will be reported only at\n# the end of a scan. If an archive contains both a heuristically detected\n# virus\/phish, and a real malware, the real malware will be reported\n#\n# Keep this disabled if you intend to handle \"*.Heuristics.*\" viruses \n# differently from \"real\" malware.\n# If a non-heuristically-detected virus (signature-based) is found first, \n# the scan is interrupted immediately, regardless of this config option.\n#\n# Default: no\n#HeuristicScanPrecedence yes\n\n\n##\n## Data Loss Prevention (DLP)\n##\n\n# Enable the DLP module\n# Default: No\n#StructuredDataDetection yes\n\n# This option sets the lowest number of Credit Card numbers found in a file\n# to generate a detect.\n# Default: 3\n#StructuredMinCreditCardCount 5\n\n# This option sets the lowest number of Social Security Numbers found\n# in a file to generate a detect.\n# Default: 3\n#StructuredMinSSNCount 5\n\n# With this option enabled the DLP module will search for valid\n# SSNs formatted as xxx-yy-zzzz\n# Default: yes\n#StructuredSSNFormatNormal yes\n\n# With this option enabled the DLP module will search for valid\n# SSNs formatted as xxxyyzzzz\n# Default: no\n#StructuredSSNFormatStripped yes\n\n\n##\n## HTML\n##\n\n# Perform HTML normalisation and decryption of MS Script Encoder code.\n# Default: yes\n# If you turn off this option, the original files will still be scanned, but\n# without additional processing.\n#ScanHTML yes\n\n\n##\n## Archives\n##\n\n# ClamAV can scan within archives and compressed files.\n# If you turn off this option, the original files will still be scanned, but\n# without unpacking and additional processing.\n# Default: yes\nScanArchive yes\n\n# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).\n# Default: no\n#ArchiveBlockEncrypted no\n\n\n##\n## Limits\n##\n\n# The options below protect your system against Denial of Service attacks\n# using archive bombs.\n\n# This option sets the maximum amount of data to be scanned for each input file.\n# Archives and other containers are recursively extracted and scanned up to this\n# value.\n# Value of 0 disables the limit\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 100M\n#MaxScanSize 150M\n\n# Files larger than this limit won't be scanned. Affects the input file itself\n# as well as files contained inside it (when the input file is an archive, a\n# document or some other kind of container).\n# Value of 0 disables the limit.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 25M\n#MaxFileSize 30M\n\n# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR\n# file, all files within it will also be scanned. This options specifies how\n# deeply the process should be continued.\n# Note: setting this limit too high may result in severe damage to the system.\n# Default: 16\n#MaxRecursion 10\n\n# Number of files to be scanned within an archive, a document, or any other\n# container file.\n# Value of 0 disables the limit.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 10000\n#MaxFiles 15000\n\n# Maximum size of a file to check for embedded PE. Files larger than this value\n# will skip the additional analysis step.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 10M\n#MaxEmbeddedPE 10M\n\n# Maximum size of a HTML file to normalize. HTML files larger than this value\n# will not be normalized or scanned.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 10M\n#MaxHTMLNormalize 10M\n\n# Maximum size of a normalized HTML file to scan. HTML files larger than this\n# value after normalization will not be scanned.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 2M\n#MaxHTMLNoTags 2M\n\n# Maximum size of a script file to normalize. Script content larger than this\n# value will not be normalized or scanned.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 5M\n#MaxScriptNormalize 5M\n\n# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger\n# than this value will skip the step to potentially reanalyze as PE.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 1M\n#MaxZipTypeRcg 1M\n\n# This option sets the maximum number of partitions of a raw disk image to be scanned.\n# Raw disk images with more partitions than this value will have up to the value number\n# partitions scanned. Negative values are not allowed.\n# Note: setting this limit too high may result in severe damage or impact performance.\n# Default: 50\n#MaxPartitions 128\n\n# This option sets the maximum number of icons within a PE to be scanned.\n# PE files with more icons than this value will have up to the value number icons scanned.\n# Negative values are not allowed.\n# WARNING: setting this limit too high may result in severe damage or impact performance.\n# Default: 100\n#MaxIconsPE 200\n\n##\n## On-access Scan Settings\n##\n\n# Enable on-access scanning. Currently, this is supported via fanotify.\n# Clamuko\/Dazuko support has been deprecated.\n# Default: no\n#ScanOnAccess yes\n\n# Don't scan files larger than OnAccessMaxFileSize\n# Value of 0 disables the limit.\n# Default: 5M\n#OnAccessMaxFileSize 10M\n\n# Set the include paths (all files inside them will be scanned). You can have\n# multiple OnAccessIncludePath directives but each directory must be added\n# in a separate line. (On-access scan only)\n# Default: disabled\n#OnAccessIncludePath \/home\n#OnAccessIncludePath \/students\n\n# Set the exclude paths. All subdirectories are also excluded.\n# (On-access scan only)\n# Default: disabled\n#OnAccessExcludePath \/home\/bofh\n\n# With this option you can whitelist specific UIDs. Processes with these UIDs\n# will be able to access all files.\n# This option can be used multiple times (one per line).\n# Default: disabled\n#OnAccessExcludeUID 0\n\n\n##\n## Bytecode\n##\n\n# With this option enabled ClamAV will load bytecode from the database. \n# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.\n# Default: yes\n#Bytecode yes\n\n# Set bytecode security level.\n# Possible values:\n# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n# This value is only available if clamav was built with --enable-debug!\n# TrustSigned - trust bytecode loaded from signed .c[lv]d files,\n# insert runtime safety checks for bytecode loaded from other sources\n# Paranoid - don't trust any bytecode, insert runtime checks for all\n# Recommended: TrustSigned, because bytecode in .cvd files already has these checks\n# Note that by default only signed bytecode is loaded, currently you can only\n# load unsigned bytecode in --enable-debug mode.\n#\n# Default: TrustSigned\n#BytecodeSecurity TrustSigned\n\n# Set bytecode timeout in miliseconds.\n# \n# Default: 5000\n# BytecodeTimeout 1000\n\n##\n## Statistics gathering and submitting\n##\n\n# Enable statistical reporting.\n# Default: no\n#StatsEnabled yes\n\n# Disable submission of individual PE sections for files flagged as malware.\n# Default: no\n#StatsPEDisabled yes\n\n# HostID in the form of an UUID to use when submitting statistical information.\n# Default: auto\n#StatsHostID auto\n\n# Time in seconds to wait for the stats server to come back with a response\n# Default: 10\n#StatsTimeout 10\n[\/bash]\n<\/p>\n","protected":false},"excerpt":{"rendered":"
## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"class_list":["post-1801","post","type-post","status-publish","format-standard","hentry","category-clamav"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=1801"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1801\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=1801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=1801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=1801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}