{"id":145,"date":"2022-04-15T14:15:18","date_gmt":"2022-04-15T12:15:18","guid":{"rendered":"https:\/\/linowebserver.org\/?p=145"},"modified":"2022-04-16T00:00:53","modified_gmt":"2022-04-15T22:00:53","slug":"clam-av-default-clamd-conf-file","status":"publish","type":"post","link":"https:\/\/linowebserver.org\/index.php\/2022\/04\/15\/clam-av-default-clamd-conf-file\/","title":{"rendered":"clam AV default clamd.conf file"},"content":{"rendered":"\n
##\n## Example config file for the Clam AV daemon\n## Please read the clamd.conf(5) manual before editing this file.\n##\n\n\n# Comment or remove the line below.\n# Example\n\n# Uncomment this option to enable logging.\n# LogFile must be writable for the user running daemon.\n# A full path is required.\n# Default: disabled\nLogFile \/var\/log\/clamav.log\n\n# By default the log file is locked for writing - the lock protects against\n# running clamd multiple times (if want to run another clamd, please\n# copy the configuration file, change the LogFile variable, and run\n# the daemon with --config-file option).\n# This option disables log file locking.\n# Default: no\n#LogFileUnlock yes\n\n# Maximum size of the log file.\n# Value of 0 disables the limit.\n# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)\n# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size\n# in bytes just don't use modifiers.\n# Default: 1M\n#LogFileMaxSize 2M\n\n# Log time with each message.\n# Default: no\nLogTime yes\n\n# Also log clean files. Useful in debugging but drastically increases the\n# log size.\n# Default: no\n#LogClean yes\n\n# Use system logger (can work together with LogFile).\n# Default: no\nLogSyslog yes\n\n# Specify the type of syslog messages - please refer to 'man syslog'\n# for facility names.\n# Default: LOG_LOCAL6\nLogFacility LOG_LOCAL2\n\n# Enable verbose logging.\n# Default: no\n#LogVerbose yes\n\n# This option allows you to save a process identifier of the listening\n# daemon (main thread).\n# Default: disabled\nPidFile  \/var\/amavis\/clamd.pid\n\n# Optional path to the global temporary directory.\n# Default: system specific (usually \/tmp or \/var\/tmp).\n#TemporaryDirectory \/var\/tmp\n\n# Path to the database directory.\n# Default: hardcoded (depends on installation options)\nDatabaseDirectory \/var\/clamav\n\n# Only load the official signatures published by the ClamAV project.\n# Default: no\n#OfficialDatabaseOnly no\n\n# The daemon can work in local mode, network mode or both. \n# Due to security reasons we recommend the local mode.\n\n# Path to a local socket file the daemon will listen on.\n# Default: disabled (must be specified by a user)\nLocalSocket  \/var\/amavis\/clamd\n\n# Sets the group ownership on the unix socket.\n# Default: disabled (the primary group of the user running clamd)\n#LocalSocketGroup virusgroup\n\n# Sets the permissions on the unix socket to the specified mode.\n# Default: disabled (socket is world accessible)\nLocalSocketMode 660\n\n# Remove stale socket after unclean shutdown.\n# Default: yes\nFixStaleSocket yes\n\n# TCP port address.\n# Default: no\n#TCPSocket 3310\n\n# TCP address.\n# By default we bind to INADDR_ANY, probably not wise.\n# Enable the following to provide some degree of protection\n# from the outside world.\n# Default: no\n#TCPAddr 127.0.0.1\n\n# Maximum length the queue of pending connections may grow to.\n# Default: 15\n#MaxConnectionQueueLength 30\n\n# Clamd uses FTP-like protocol to receive data from remote clients.\n# If you are using clamav-milter to balance load between remote clamd daemons\n# on firewall servers you may need to tune the options below.\n\n# Close the connection when the data size limit is exceeded.\n# The value should match your MTA's limit for a maximum attachment size.\n# Default: 25M\n#StreamMaxLength 10M\n\n# Limit port range.\n# Default: 1024\n#StreamMinPort 30000\n# Default: 2048\n#StreamMaxPort 32000\n\n# Maximum number of threads running at the same time.\n# Default: 10\n#MaxThreads 20\n\n# Waiting for data from a client socket will timeout after this time (seconds).\n# Value of 0 disables the timeout.\n# Default: 120\n#ReadTimeout 300\n\n# This option specifies the time (in seconds) after which clamd should\n# timeout if a client doesn't provide any initial command after connecting.\n# Default: 5\n#CommandReadTimeout 5\n\n# This option specifies how long to wait (in miliseconds) if the send buffer is full.\n# Keep this value low to prevent clamd hanging\n#\n# Default: 500\n#SendBufTimeout 200\n\n# Maximum number of queued items (including those being processed by MaxThreads threads)\n# It is recommended to have this value at least twice MaxThreads if possible.\n# WARNING: you shouldn't increase this too much to avoid running out  of file descriptors,\n# the following condition should hold:\n# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)\n#\n# Default: 100\n#MaxQueue 200\n\n# Waiting for a new job will timeout after this time (seconds).\n# Default: 30\n#IdleTimeout 60\n\n# Don't scan files and directories matching regex\n# This directive can be used multiple times\n# Default: scan all\n#ExcludePath ^\/proc\/\n#ExcludePath ^\/sys\/\n\n# Maximum depth directories are scanned at.\n# Default: 15\n#MaxDirectoryRecursion 20\n\n# Follow directory symlinks.\n# Default: no\n#FollowDirectorySymlinks yes\n\n# Follow regular file symlinks.\n# Default: no\n#FollowFileSymlinks yes\n\n# Scan files and directories on other filesystems.\n# Default: yes\n#CrossFilesystems yes\n\n# Perform a database check.\n# Default: 600 (10 min)\n#SelfCheck 600\n\n# Execute a command when virus is found. In the command string %v will\n# be replaced with the virus name.\n# Default: no\n#VirusEvent \/usr\/local\/bin\/send_sms 123456789 \"VIRUS ALERT: %v\"\n\n# Run as another user (clamd must be started by root for this option to work)\n# Default: don't drop privileges\n#User clamav\n\n# Initialize supplementary group access (clamd must be started by root).\n# Default: no\n#AllowSupplementaryGroups no\n\n# Stop daemon when libclamav reports out of memory condition.\n#ExitOnOOM yes\n\n# Don't fork into background.\n# Default: no\nForeground yes\n\n# Enable debug messages in libclamav.\n# Default: no\n#Debug yes\n\n# Do not remove temporary files (for debug purposes).\n# Default: no\n#LeaveTemporaryFiles yes\n\n# Detect Possibly Unwanted Applications.\n# Default: no\n#DetectPUA yes\n\n# Exclude a specific PUA category. This directive can be used multiple times.\n# See http:\/\/www.clamav.net\/support\/pua for the complete list of PUA\n# categories.\n# Default: Load all categories (if DetectPUA is activated)\n#ExcludePUA NetTool\n#ExcludePUA PWTool\n\n# Only include a specific PUA category. This directive can be used multiple\n# times.\n# Default: Load all categories (if DetectPUA is activated)\n#IncludePUA Spy\n#IncludePUA Scanner\n#IncludePUA RAT\n\n# In some cases (eg. complex malware, exploits in graphic files, and others),\n# ClamAV uses special algorithms to provide accurate detection. This option\n# controls the algorithmic detection.\n# Default: yes\n#AlgorithmicDetection yes\n\n\n##\n## Executable files\n##\n\n# PE stands for Portable Executable - it's an executable file format used\n# in all 32 and 64-bit versions of Windows operating systems. This option allows\n# ClamAV to perform a deeper analysis of executable files and it's also\n# required for decompression of popular executable packers such as UPX, FSG,\n# and Petite.\n# Default: yes\n#ScanPE yes\n\n# Executable and Linking Format is a standard format for UN*X executables.\n# This option allows you to control the scanning of ELF files.\n# Default: yes\n#ScanELF yes\n\n# With this option clamav will try to detect broken executables (both PE and\n# ELF) and mark them as Broken.Executable.\n# Default: no\n#DetectBrokenExecutables yes\n\n\n##\n## Documents\n##\n\n# This option enables scanning of OLE2 files, such as Microsoft Office\n# documents and .msi files.\n# Default: yes\n#ScanOLE2 yes\n\n# This option enables scanning within PDF files.\n# Default: yes\n#ScanPDF yes\n\n\n##\n## Mail files\n##\n\n# Enable internal e-mail scanner.\n# Default: yes\n#ScanMail yes\n\n# Scan RFC1341 messages split over many emails.\n# You will need to periodically clean up $TemporaryDirectory\/clamav-partial directory.\n# WARNING: This option may open your system to a DoS attack.\n#\t   Never use it on loaded servers.\n# Default: no\n#ScanPartialMessages yes\n\n\n# With this option enabled ClamAV will try to detect phishing attempts by using\n# signatures.\n# Default: yes\n#PhishingSignatures yes\n\n# Scan URLs found in mails for phishing attempts using heuristics.\n# Default: yes\n#PhishingScanURLs yes\n\n# Always block SSL mismatches in URLs, even if the URL isn't in the database.\n# This can lead to false positives.\n#\n# Default: no\n#PhishingAlwaysBlockSSLMismatch no\n\n# Always block cloaked URLs, even if URL isn't in database.\n# This can lead to false positives.\n#\n# Default: no\n#PhishingAlwaysBlockCloak no\n\n# Allow heuristic match to take precedence.\n# When enabled, if a heuristic scan (such as phishingScan) detects\n# a possible virus\/phish it will stop scan immediately. Recommended, saves CPU\n# scan-time.\n# When disabled, virus\/phish detected by heuristic scans will be reported only at\n# the end of a scan. If an archive contains both a heuristically detected\n# virus\/phish, and a real malware, the real malware will be reported\n#\n# Keep this disabled if you intend to handle \"*.Heuristics.*\" viruses \n# differently from \"real\" malware.\n# If a non-heuristically-detected virus (signature-based) is found first, \n# the scan is interrupted immediately, regardless of this config option.\n#\n# Default: no\n#HeuristicScanPrecedence yes\n\n##\n## Data Loss Prevention (DLP)\n##\n\n# Enable the DLP module\n# Default: No\n#StructuredDataDetection yes\n\n# This option sets the lowest number of Credit Card numbers found in a file\n# to generate a detect.\n# Default: 3\n#StructuredMinCreditCardCount 5\n\n# This option sets the lowest number of Social Security Numbers found\n# in a file to generate a detect.\n# Default: 3\n#StructuredMinSSNCount 5\n\n# With this option enabled the DLP module will search for valid\n# SSNs formatted as xxx-yy-zzzz\n# Default: yes\n#StructuredSSNFormatNormal yes\n\n# With this option enabled the DLP module will search for valid\n# SSNs formatted as xxxyyzzzz\n# Default: no\n#StructuredSSNFormatStripped yes\n\n\n##\n## HTML\n##\n\n# Perform HTML normalisation and decryption of MS Script Encoder code.\n# Default: yes\n#ScanHTML yes\n\n\n##\n## Archives\n##\n\n# ClamAV can scan within archives and compressed files.\n# Default: yes\n#ScanArchive yes\n\n# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).\n# Default: no\n#ArchiveBlockEncrypted no\n\n\n##\n## Limits\n##\n\n# The options below protect your system against Denial of Service attacks\n# using archive bombs.\n\n# This option sets the maximum amount of data to be scanned for each input file.\n# Archives and other containers are recursively extracted and scanned up to this\n# value.\n# Value of 0 disables the limit\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 100M\n#MaxScanSize 150M\n\n# Files larger than this limit won't be scanned. Affects the input file itself\n# as well as files contained inside it (when the input file is an archive, a\n# document or some other kind of container).\n# Value of 0 disables the limit.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 25M\n#MaxFileSize 30M\n\n# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR\n# file, all files within it will also be scanned. This options specifies how\n# deeply the process should be continued.\n# Note: setting this limit too high may result in severe damage to the system.\n# Default: 16\n#MaxRecursion 10\n\n# Number of files to be scanned within an archive, a document, or any other\n# container file.\n# Value of 0 disables the limit.\n# Note: disabling this limit or setting it too high may result in severe damage\n# to the system.\n# Default: 10000\n#MaxFiles 15000\n\n\n##\n## Clamuko settings\n##\n\n# Enable Clamuko. Dazuko must be configured and running. Clamuko supports\n# both Dazuko (\/dev\/dazuko) and DazukoFS (\/dev\/dazukofs.ctrl). DazukoFS\n# is the preferred option. For more information please visit www.dazuko.org\n# Default: no\n#ClamukoScanOnAccess yes\n\n# The number of scanner threads that will be started (DazukoFS only).\n# Having multiple scanner threads allows Clamuko to serve multiple\n# processes simultaneously. This is particularly beneficial on SMP machines.\n# Default: 3\n#ClamukoScannerCount 3\n\n# Don't scan files larger than ClamukoMaxFileSize\n# Value of 0 disables the limit.\n# Default: 5M\n#ClamukoMaxFileSize 10M\n\n# Set access mask for Clamuko (Dazuko only).\n# Default: no\n#ClamukoScanOnOpen yes\n#ClamukoScanOnClose yes\n#ClamukoScanOnExec yes\n\n# Set the include paths (all files inside them will be scanned). You can have\n# multiple ClamukoIncludePath directives but each directory must be added\n# in a seperate line. (Dazuko only)\n# Default: disabled\n#ClamukoIncludePath \/home\n#ClamukoIncludePath \/students\n\n# Set the exclude paths. All subdirectories are also excluded. (Dazuko only)\n# Default: disabled\n#ClamukoExcludePath \/home\/bofh\n\n# With this option enabled ClamAV will load bytecode from the database. \n# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.\n# Default: yes\n#Bytecode yes\n\n# Set bytecode security level.\n# Possible values:\n#       None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS\n#         This value is only available if clamav was built with --enable-debug!\n#       TrustSigned - trust bytecode loaded from signed .c[lv]d files,\n#                insert runtime safety checks for bytecode loaded from other sources\n#       Paranoid - don't trust any bytecode, insert runtime checks for all\n# Recommended: TrustSigned, because bytecode in .cvd files already has these checks\n# Note that by default only signed bytecode is loaded, currently you can only\n# load unsigned bytecode in --enable-debug mode.\n#\n# Default: TrustSigned\n#BytecodeSecurity TrustSigned\n\n# Set bytecode timeout in miliseconds.\n# \n# Default: 60000\n# BytecodeTimeout 60000<\/code><\/pre>\n\n\n\n
in case u haven’t a clamd.conf file<\/p>\n\n\n\n
nano \/etc\/clamav\/clamd.conf\n\/\/Copy and Paste above and save the conf file \nfreshclam --update\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
in case u haven’t a clamd.conf file<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,9],"tags":[52,53,54,6,55],"class_list":["post-145","post","type-post","status-publish","format-standard","hentry","category-howto-2","category-linux","tag-clamav","tag-clamd-conf","tag-default-values","tag-linux","tag-viruskiller"],"_links":{"self":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/comments?post=145"}],"version-history":[{"count":1,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/145\/revisions"}],"predecessor-version":[{"id":146,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/145\/revisions\/146"}],"wp:attachment":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/media?parent=145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/categories?post=145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/tags?post=145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}