ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

 

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with Mac OS X Server. It is not available on standard Mac OS X (client) installations.

For more information about the manual page format, see the manual page for manpages(5).



clamd.conf(5)                                  Clam AntiVirus                                  clamd.conf(5)



NAME
       clamd.conf - Configuration file for Clam AntiVirus Daemon

DESCRIPTION
       clamd.conf configures the Clam AntiVirus daemon, clamd(8).

FILE FORMAT
       The file consists of comments and options with arguments. Each line which starts with a hash (#) sym-bol symbol
       bol is ignored by the parser. Options and arguments are case sensitive and of the form  Option  Argu-ment. Argument.
       ment. The arguments are of the following types:

       BOOL   Boolean value (yes/no or true/false or 1/0).

       STRING String without blank characters.

       SIZE   Size in bytes. You can use 'M' or 'm' modifiers for megabytes and 'K' or 'k' for kilobytes.

       NUMBER Unsigned integer.

DIRECTIVES
       When  some  option is not used (commented out or not included in the configuration file at all) clamd
       takes a default action.

       Example
              If this option is set clamd will not run.

       LogFile STRING
              Enable logging to selected file.
              Default: no

       LogFileUnlock BOOL
              Disable a system lock that protects against running clamd with  the  same  configuration  file
              multiple times.
              Default: no

       LogFileMaxSize SIZE
              Limit  the  size  of  the  log  file. The logger will be automatically disabled if the file is
              greater than SIZE. Value of 0 disables the limit.
              Default: 1M

       LogTime BOOL
              Log time for each message.
              Default: no

       LogClean BOOL
              Log clean files.
              Default: no

       LogSyslog BOOL
              Use system logger (can work together with LogFile).
              Default: no

       LogFacility STRING
              Specify the type of syslog messages - please refer to 'man syslog' for facility names.
              Default: LOG_LOCAL6

       LogVerbose BOOL
              Enable verbose logging.
              Default: no

       PidFile STRING
              Save the process identifier of a listening daemon (main thread) to a specified file.
              Default: no

       TemporaryDirectory STRING
              Optional path to the global temporary directory.
              Default: system specific (usually /tmp or /var/tmp).

       DatabaseDirectory STRING
              Path to a directory containing database files.
              Default: /private/var/clamav

       LocalSocket STRING
              Path to a local (Unix) socket the daemon will listen on.
              Default: no

       FixStaleSocket BOOL
              Remove stale socket after unclean shutdown.
              Default: no

       TCPSocket NUMBER
              TCP port number the daemon will listen on.
              Default: no

       TCPAddr STRING
              TCP socket address to bind to. By default clamd binds to INADDR_ANY.
              Default: no

       MaxConnectionQueueLength NUMBER
              Maximum length the queue of pending connections may grow to.
              Default: 15

       MaxThreads NUMBER
              Maximum number of threads running at the same time.
              Default: 10

       ReadTimeout NUMBER
              Waiting for data from a client socket will timeout after this time (seconds).
              Default: 120

       IdleTimeout NUMBER
              Waiting for a new job will timeout after this time (seconds).
              Default: 30

       MaxDirectoryRecursion NUMBER
              Maximum depth directories are scanned at.
              Default: 15

       FollowDirectorySymlinks BOOL
              Follow directory symlinks.
              Default: no

       FollowFileSymlinks BOOL
              Follow regular file symlinks.
              Default: no

       SelfCheck NUMBER
              Perform a database check.
              Default: 1800

       VirusEvent COMMAND
              Execute COMMAND when a virus is found. In the command string %v  will  be  replaced  with  the
              virus name.
              Default: no

       ExitOnOOM BOOL
              Stop daemon when libclamav reports out of memory condition.
              Default: no

       User STRING
              Run as another user (clamd must be started by root to make this option working).
              Default: no

       AllowSupplementaryGroups BOOL
              Initialize supplementary group access (clamd must be started by root).
              Default: no

       Foreground BOOL
              Don't fork into background.
              Default: no

       Debug BOOL
              Enable debug messages from libclamav.

       LeaveTemporaryFiles BOOL
              Do not remove temporary files (for debug purpose).
              Default: no

       StreamMaxLength SIZE
              Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-mil-ter clamav-milter
              ter to balance load between remote clamd daemons on firewall servers you may need to tune  the
              Stream*  options. This option allows you to specify the upper limit for data size that will be
              transfered to remote daemon when scanning a single file. It should match your MTA's limit  for
              a maximum attachment size.
              Default: 10M

       StreamMinPort NUMBER
              Limit data port range.
              Default: 1024

       StreamMaxPort NUMBER
              Limit data port range.
              Default: 2048

       DetectPUA
              Detect Possibly Unwanted Applications.
              Default: No

       AlgorithmicDetection BOOL
              In  some  cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses spe-cial special
              cial algorithms to provide accurate detection. This option controls the algorithmic detection.
              Default: yes

       ScanPE BOOL
              PE  stands  for Portable Executable - it's an executable file format used in all 32 and 64-bit
              versions of Windows operating systems. This option allows ClamAV to perform a deeper  analysis
              of  executable  files  and  it's also required for decompression of popular executable packers
              such as UPX.
              Default: yes

       ScanELF BOOL
              Executable and Linking Format is a standard format for UN*X executables.  This  option  allows
              you to control the scanning of ELF files.
              Default: yes

       DetectBrokenExecutables BOOL
              With  this  option clamd will try to detect broken executables (both PE and ELF) and mark them
              as Broken.Executable.
              Default: no

       ScanOLE2 BOOL
              This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.
              Default: yes

       ScanPDF BOOL
              This option enables scanning within PDF files.
              Default: no

       ScanHTML BOOL
              Enables HTML detection and normalisation.
              Default: yes

       ScanMail BOOL
              Enable scanning of mail files.
              Default: yes

       MailFollowURLs BOOL
              If  an  email  contains  URLs ClamAV can download and scan them. WARNING: This option may open
              your system to a DoS attack. Never use it on loaded servers.
              Default: no

       MailMaxRecursion NUMBER
              Recursion level limit for the mail scanner.
              Default: 64

       PhishingSignatures BOOL
              With this option enabled ClamAV will try to detect phishing attempts by using signatures.
              Default: yes

       PhishingScanURLs BOOL
              Scan URLs found in mails for phishing attempts using heuristics. This will classify  "Possibly
              Unwanted" phishing emails as Phishing.Heuristics.Email.*
              Default: yes

       PhishingRestrictedScan BOOL
              Use  phishing detection only for domains listed in the .pdb database. It is not recommended to
              have this option turned off, because scanning of all domains may lead to many false positives!
              Default: yes

       PhishingAlwaysBlockSSLMismatch BOOL
              Always  block  SSL mismatches in URLs, even if the URL isn't in the database. This can lead to
              false positives.
              Default: no

       PhishingAlwaysBlockCloak BOOL
              Always block cloaked URLs, even if URL isn't in database. This can lead to false positives.
              Default: no

       ScanArchive BOOL
              Enable archive scanning.
              Default: yes

       ArchiveMaxFileSize SIZE
              Files in archives larger than this limit won't be scanned. Value of 0 disables the limit.
              Default: 10M

       ArchiveMaxRecursion NUMBER
              Limit archive recursion level. Value of 0 disables the limit.
              Default: 8

       ArchiveMaxFiles NUMBER
              Number of files to be scanned within an archive. Value of 0 disables the limit.
              Default: 1000

       ArchiveMaxCompressionRatio NUMBER
              Analyze compression ratio of every file in an archive and  mark  potential  archive  bombs  as
              viruses (0 disables the limit).
              Default: 250

       ArchiveLimitMemoryUsage BOOL
              Use  slower decompression algorithm which uses less memory. This option only affects the bzip2
              decompressor.
              Default: no

       ArchiveBlockEncrypted BOOL
              Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
              Default: no

       ArchiveBlockMax BOOL
              Mark archives as viruses (e.g  RAR.ExceededFileSize,  Zip.ExceededFilesLimit)  if  ArchiveMax-Files, ArchiveMaxFiles,
              Files, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is reached.
              Default: no

       NodalCoreAcceleration BOOL
              Enable support for Sensory Networks' NodalCore hardware accelerator.
              Default: no

       ClamukoScanOnAccess BOOL
              Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
              Default: no

       ClamukoScanOnOpen BOOL
              Scan files on open.
              Default: no

       ClamukoScanOnClose BOOL
              Scan files on close.
              Default: no.

       ClamukoScanOnExec BOOL
              Scan files on execute.
              Default: no

       ClamukoIncludePath STRING
              Set  the  include  paths (all files and directories inside them will be scanned). You can have
              multiple ClamukoIncludePath directives but each directory must be added in a separate line).
              Default: no

       ClamukoExcludePath STRING
              Set the exclude paths. All subdirectories will also be excluded.
              Default: no

       ClamukoMaxFileSize SIZE
              Ignore files larger than SIZE.
              Default: 5M

FILES
       /private/etc/clamd.conf

AUTHOR
       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO
       clamd(8), clamdscan(1), clamav-milter(8), clamscan(1), freshclam(1), sigtool(1)



ClamAV 0.91.2                                 February 12, 2007                                clamd.conf(5)

Did this document help you?
Yes: Tell us what works for you.
It’s good, but: Report typos, inaccuracies, and so forth.
It wasn’t helpful: Tell us what would have helped.