1<?xml version="1.0" encoding="UTF-8"?> 2 3<!-- Only three options are mandatory: 4 <clamd socket="" /> 5 <filesystem root="" /> 6 <filesystem mountpoint="" /> 7 8 All other can be removed, but this will disable related subsystem. 9 For example removing <cache ... /> will disable caching completly. --> 10 11<clamfs> 12 <!-- Clamd socket settings 13 socket - location of clamd socket (may vary between operating systems) 14 For Debian GNU/Linux it is /var/run/clamav/clamd.ctl, on 15 FreeBSD use /var/run/clamav/clamd.sock. 16 check - (yes or no) check if clamd is available on startup (useful if 17 mounting clamfs file systems from /etc/fstab early on startup, 18 while clamav daemon is not yet started) --> 19 <clamd socket="/var/run/clamav/clamd.sock" check="yes" /> 20 21 <!-- File system settings 22 root - real directory to attach as our root 23 mountpoint - where to attach our root 24 readonly - (yes or no) mount filesystem in read-only mode 25 public - (yes or no) limit access to process owner only or make 26 file system publicly available for all users 27 nonempty - (yes or no) allow mount to directory which contains 28 files or sub-directories --> 29 <filesystem root="/tmp" mountpoint="/clamfs/tmp" public="yes" /> 30 31 <!-- Maximal file size (in bytes). 32 This option can speed up access to large files, as they will be 33 never scanned. On the other hand attacker can append long portion 34 of junk at the end of file to make it big enough to be omitted. --> 35 <file maximal-size="67108864" /> <!-- 64MiB --> 36 37 <!-- Whitelisted files are never scanned. 38 This can speed up access to some files, but be careful with this, 39 some data files like JPEG, RIFF or WMF can be prepared to cause 40 problems (like buffers overflows) in applications and thus execute 41 malicious code even not being executable itself. Finally even text 42 files can have "modeline" causing problems in some buggy editors. --> 43 <whitelist> 44 <exclude extension="dat" /> <!-- form ClamWin --> 45 <exclude extension="dbx" /> <!-- form ClamWin --> 46 <exclude extension="log" /> <!-- form ClamWin --> 47 <exclude extension="nsf" /> <!-- form ClamWin --> 48 <exclude extension="ntf" /> <!-- form ClamWin --> 49 <exclude extension="pst" /> <!-- form ClamWin --> 50 <exclude extension="tbb" /> <!-- form ClamWin --> 51 </whitelist> 52 53 <!-- Blacklisted files are scanned regardless of their sizes --> 54 <blacklist> 55 <include extension="ade" /> <!-- Access project extension file --> 56 <include extension="adp" /> <!-- Access project file --> 57 <include extension="asx" /> <!-- ASF redirector or ActiveSite script --> 58 <include extension="bas" /> <!-- Visual Basic class module file --> 59 <include extension="bat" /> <!-- DOS batch file --> 60 <include extension="chm" /> <!-- HTML Help, compiled help file --> 61 <include extension="cmd" /> <!-- Windows command file --> 62 <include extension="com" /> <!-- Executable file --> 63 <include extension="cpl" /> <!-- Windows control panel file --> 64 <include extension="crt" /> <!-- Certificate file --> 65 <include extension="dll" /> <!-- Dynamic-link library file --> 66 <include extension="exe" /> <!-- Executable file --> 67 <include extension="hlp" /> <!-- Microsoft Help file --> 68 <include extension="hta" /> <!-- HTML Application --> 69 <include extension="inf" /> <!-- Windows information or setup file --> 70 <include extension="ins" /> <!-- Install script file --> 71 <include extension="isp" /> <!-- Internet Service Provider settings --> 72 <include extension="jse" /> <!-- JScript Encoded script file --> 73 <include extension="js" /> <!-- JavaScript file --> 74 <include extension="lnk" /> <!-- Windows shortcut file --> 75 <include extension="mda" /> <!-- Access add-in (VBA script) file --> 76 <include extension="mdz" /> <!-- Access Wizard template file --> 77 <include extension="msc" /> <!-- Microsoft Management Console file --> 78 <include extension="msi" /> <!-- Windows Installer file --> 79 <include extension="msp" /> <!-- Windows Installer patch file --> 80 <include extension="mst" /> <!-- Windows SDK Setup Transform Script --> 81 <include extension="pcd" /> <!-- Visual Test P-Code Compiled Script --> 82 <include extension="pif" /> <!-- Windows program information file --> 83 <include extension="reg" /> <!-- Windows registry data file --> 84 <include extension="scr" /> <!-- Windows screensaver file --> 85 <include extension="sct" /> <!-- Windows Script Component file --> 86 <include extension="shs" /> <!-- Shell Scrap object file --> 87 <include extension="sys" /> <!-- System file (driver) --> 88 <include extension="url" /> <!-- Internet Location (URL) file --> 89 <include extension="vbe" /> <!-- Visual Basic script file --> 90 <include extension="vbs" /> <!-- Visual Basic script file --> 91 <include extension="vb" /> <!-- Visual Basic script file --> 92 <include extension="wsc" /> <!-- Windows scripting component file --> 93 <include extension="wsf" /> <!-- Windows scripting file --> 94 <include extension="wsh" /> <!-- Windows Scripting Host file --> 95 </blacklist> 96 97 <!-- How many entries to keep in cache and for how long --> 98 <cache entries="65536" expire="10800000" /> <!-- time in ms, 3h --> 99 100 <!-- Statistics module keep track of filesystem & memory usage --> 101 <stats memory="no" atexit="yes" every="3600" /> <!-- time in sec, 1h --> 102 103 <!-- Logging method (stdout, syslog or file) --> 104 <!-- <log method="stdout" verbose="yes" /> --> 105 <log method="syslog" /> 106 <!-- <log method="file" filename="/var/log/clamfs.log" verbose="no" /> --> 107 108 <!-- Send mail when virus is found --> 109 <!-- <mail server="localhost" to="root@localhost" from="clamfs@localhost" 110 subject="ClamFS: Virus detected" /> --> 111 <!-- subject="ClamFS: Virus detected on @@HOSTNAME@@" /> --> 112 113 <!-- Debug settings --> 114 <!-- <debug threads="no" fork="no" /> --> 115</clamfs> 116