1## 2## Example config file for the Clam AV daemon 3## Please read the clamd.conf(5) manual before editing this file. 4## 5 6 7# Comment or remove the line below. 8#Example 9 10# Uncomment this option to enable logging. 11# LogFile must be writable for the user running daemon. 12# A full path is required. 13# Default: disabled 14LogFile /var/log/clamav/clamd.log 15 16# By default the log file is locked for writing - the lock protects against 17# running clamd multiple times (if want to run another clamd, please 18# copy the configuration file, change the LogFile variable, and run 19# the daemon with --config-file option). 20# This option disables log file locking. 21# Default: no 22#LogFileUnlock yes 23 24# Maximum size of the log file. 25# Value of 0 disables the limit. 26# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) 27# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size 28# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log 29# rotation (the LogRotate option) will always be enabled. 30# Default: 1M 31#LogFileMaxSize 2M 32 33# Log time with each message. 34# Default: no 35#LogTime yes 36 37# Also log clean files. Useful in debugging but drastically increases the 38# log size. 39# Default: no 40#LogClean yes 41 42# Use system logger (can work together with LogFile). 43# Default: no 44#LogSyslog yes 45 46# Specify the type of syslog messages - please refer to 'man syslog' 47# for facility names. 48# Default: LOG_LOCAL6 49#LogFacility LOG_MAIL 50 51# Enable verbose logging. 52# Default: no 53#LogVerbose yes 54 55# Enable log rotation. Always enabled when LogFileMaxSize is enabled. 56# Default: no 57#LogRotate yes 58 59# Enable Prelude output. 60# Default: no 61#PreludeEnable yes 62# 63# Set the name of the analyzer used by prelude-admin. 64# Default: ClamAV 65#PreludeAnalyzerName ClamAV 66 67# Log additional information about the infected file, such as its 68# size and hash, together with the virus name. 69#ExtendedDetectionInfo yes 70 71# This option allows you to save a process identifier of the listening 72# daemon (main thread). 73# This file will be owned by root, as long as clamd was started by root. 74# It is recommended that the directory where this file is stored is 75# also owned by root to keep other users from tampering with it. 76# Default: disabled 77PidFile /var/run/clamav/clamd.pid 78 79# Optional path to the global temporary directory. 80# Default: system specific (usually /tmp or /var/tmp). 81#TemporaryDirectory /var/tmp 82 83# Path to the database directory. 84# Default: hardcoded (depends on installation options) 85DatabaseDirectory /var/db/clamav 86 87# Only load the official signatures published by the ClamAV project. 88# Default: no 89#OfficialDatabaseOnly no 90 91# The daemon can work in local mode, network mode or both. 92# Due to security reasons we recommend the local mode. 93 94# Path to a local socket file the daemon will listen on. 95# Default: disabled (must be specified by a user) 96LocalSocket /var/run/clamav/clamd.sock 97 98# Sets the group ownership on the unix socket. 99# Default: disabled (the primary group of the user running clamd) 100#LocalSocketGroup virusgroup 101 102# Sets the permissions on the unix socket to the specified mode. 103# Default: disabled (socket is world accessible) 104#LocalSocketMode 660 105 106# Remove stale socket after unclean shutdown. 107# Default: yes 108FixStaleSocket yes 109 110# TCP port address. 111# Default: no 112#TCPSocket 3310 113 114# TCP address. 115# By default we bind to INADDR_ANY, probably not wise. 116# Enable the following to provide some degree of protection 117# from the outside world. This option can be specified multiple 118# times if you want to listen on multiple IPs. IPv6 is now supported. 119# Default: no 120#TCPAddr 127.0.0.1 121 122# Maximum length the queue of pending connections may grow to. 123# Default: 200 124#MaxConnectionQueueLength 30 125 126# Clamd uses FTP-like protocol to receive data from remote clients. 127# If you are using clamav-milter to balance load between remote clamd daemons 128# on firewall servers you may need to tune the options below. 129 130# Close the connection when the data size limit is exceeded. 131# The value should match your MTA's limit for a maximum attachment size. 132# Default: 25M 133#StreamMaxLength 10M 134 135# Limit port range. 136# Default: 1024 137#StreamMinPort 30000 138# Default: 2048 139#StreamMaxPort 32000 140 141# Maximum number of threads running at the same time. 142# Default: 10 143#MaxThreads 20 144 145# Waiting for data from a client socket will timeout after this time (seconds). 146# Default: 120 147#ReadTimeout 300 148 149# This option specifies the time (in seconds) after which clamd should 150# timeout if a client doesn't provide any initial command after connecting. 151# Default: 30 152#CommandReadTimeout 30 153 154# This option specifies how long to wait (in milliseconds) if the send buffer 155# is full. 156# Keep this value low to prevent clamd hanging. 157# 158# Default: 500 159#SendBufTimeout 200 160 161# Maximum number of queued items (including those being processed by 162# MaxThreads threads). 163# It is recommended to have this value at least twice MaxThreads if possible. 164# WARNING: you shouldn't increase this too much to avoid running out of file 165# descriptors, the following condition should hold: 166# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual 167# max is 1024). 168# 169# Default: 100 170#MaxQueue 200 171 172# Waiting for a new job will timeout after this time (seconds). 173# Default: 30 174#IdleTimeout 60 175 176# Don't scan files and directories matching regex 177# This directive can be used multiple times 178# Default: scan all 179#ExcludePath ^/proc/ 180#ExcludePath ^/sys/ 181 182# Maximum depth directories are scanned at. 183# Default: 15 184#MaxDirectoryRecursion 20 185 186# Follow directory symlinks. 187# Default: no 188#FollowDirectorySymlinks yes 189 190# Follow regular file symlinks. 191# Default: no 192#FollowFileSymlinks yes 193 194# Scan files and directories on other filesystems. 195# Default: yes 196#CrossFilesystems yes 197 198# Perform a database check. 199# Default: 600 (10 min) 200#SelfCheck 600 201 202# Enable non-blocking (multi-threaded/concurrent) database reloads. 203# This feature will temporarily load a second scanning engine while scanning 204# continues using the first engine. Once loaded, the new engine takes over. 205# The old engine is removed as soon as all scans using the old engine have 206# completed. 207# This feature requires more RAM, so this option is provided in case users are 208# willing to block scans during reload in exchange for lower RAM requirements. 209# Default: yes 210#ConcurrentDatabaseReload no 211 212# Execute a command when virus is found. In the command string %v will 213# be replaced with the virus name. 214# Default: no 215#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" 216 217# Run as another user (clamd must be started by root for this option to work) 218# Default: don't drop privileges 219User clamav 220 221# Stop daemon when libclamav reports out of memory condition. 222#ExitOnOOM yes 223 224# Don't fork into background. 225# Default: no 226#Foreground yes 227 228# Enable debug messages in libclamav. 229# Default: no 230#Debug yes 231 232# Do not remove temporary files (for debug purposes). 233# Default: no 234#LeaveTemporaryFiles yes 235 236# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject 237# any ALLMATCHSCAN command as invalid. 238# Default: yes 239#AllowAllMatchScan no 240 241# Detect Possibly Unwanted Applications. 242# Default: no 243#DetectPUA yes 244 245# Exclude a specific PUA category. This directive can be used multiple times. 246# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for 247# the complete list of PUA categories. 248# Default: Load all categories (if DetectPUA is activated) 249#ExcludePUA NetTool 250#ExcludePUA PWTool 251 252# Only include a specific PUA category. This directive can be used multiple 253# times. 254# Default: Load all categories (if DetectPUA is activated) 255#IncludePUA Spy 256#IncludePUA Scanner 257#IncludePUA RAT 258 259# This option causes memory or nested map scans to dump the content to disk. 260# If you turn on this option, more data is written to disk and is available 261# when the LeaveTemporaryFiles option is enabled. 262#ForceToDisk yes 263 264# This option allows you to disable the caching feature of the engine. By 265# default, the engine will store an MD5 in a cache of any files that are 266# not flagged as virus or that hit limits checks. Disabling the cache will 267# have a negative performance impact on large scans. 268# Default: no 269#DisableCache yes 270 271# In some cases (eg. complex malware, exploits in graphic files, and others), 272# ClamAV uses special algorithms to detect abnormal patterns and behaviors that 273# may be malicious. This option enables alerting on such heuristically 274# detected potential threats. 275# Default: yes 276#HeuristicAlerts yes 277 278# Allow heuristic alerts to take precedence. 279# When enabled, if a heuristic scan (such as phishingScan) detects 280# a possible virus/phish it will stop scan immediately. Recommended, saves CPU 281# scan-time. 282# When disabled, virus/phish detected by heuristic scans will be reported only 283# at the end of a scan. If an archive contains both a heuristically detected 284# virus/phish, and a real malware, the real malware will be reported 285# 286# Keep this disabled if you intend to handle "Heuristics.*" viruses 287# differently from "real" malware. 288# If a non-heuristically-detected virus (signature-based) is found first, 289# the scan is interrupted immediately, regardless of this config option. 290# 291# Default: no 292#HeuristicScanPrecedence yes 293 294 295## 296## Heuristic Alerts 297## 298 299# With this option clamav will try to detect broken executables (both PE and 300# ELF) and alert on them with the Broken.Executable heuristic signature. 301# Default: no 302#AlertBrokenExecutables yes 303 304# With this option clamav will try to detect broken media file (JPEG, 305# TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature. 306# Default: no 307#AlertBrokenMedia yes 308 309# Alert on encrypted archives _and_ documents with heuristic signature 310# (encrypted .zip, .7zip, .rar, .pdf). 311# Default: no 312#AlertEncrypted yes 313 314# Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, 315# .rar). 316# Default: no 317#AlertEncryptedArchive yes 318 319# Alert on encrypted archives with heuristic signature (encrypted .pdf). 320# Default: no 321#AlertEncryptedDoc yes 322 323# With this option enabled OLE2 files containing VBA macros, which were not 324# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". 325# Default: no 326#AlertOLE2Macros yes 327 328# Alert on SSL mismatches in URLs, even if the URL isn't in the database. 329# This can lead to false positives. 330# Default: no 331#AlertPhishingSSLMismatch yes 332 333# Alert on cloaked URLs, even if URL isn't in database. 334# This can lead to false positives. 335# Default: no 336#AlertPhishingCloak yes 337 338# Alert on raw DMG image files containing partition intersections 339# Default: no 340#AlertPartitionIntersection yes 341 342 343## 344## Executable files 345## 346 347# PE stands for Portable Executable - it's an executable file format used 348# in all 32 and 64-bit versions of Windows operating systems. This option 349# allows ClamAV to perform a deeper analysis of executable files and it's also 350# required for decompression of popular executable packers such as UPX, FSG, 351# and Petite. If you turn off this option, the original files will still be 352# scanned, but without additional processing. 353# Default: yes 354#ScanPE yes 355 356# Certain PE files contain an authenticode signature. By default, we check 357# the signature chain in the PE file against a database of trusted and 358# revoked certificates if the file being scanned is marked as a virus. 359# If any certificate in the chain validates against any trusted root, but 360# does not match any revoked certificate, the file is marked as whitelisted. 361# If the file does match a revoked certificate, the file is marked as virus. 362# The following setting completely turns off authenticode verification. 363# Default: no 364#DisableCertCheck yes 365 366# Executable and Linking Format is a standard format for UN*X executables. 367# This option allows you to control the scanning of ELF files. 368# If you turn off this option, the original files will still be scanned, but 369# without additional processing. 370# Default: yes 371#ScanELF yes 372 373 374## 375## Documents 376## 377 378# This option enables scanning of OLE2 files, such as Microsoft Office 379# documents and .msi files. 380# If you turn off this option, the original files will still be scanned, but 381# without additional processing. 382# Default: yes 383#ScanOLE2 yes 384 385# This option enables scanning within PDF files. 386# If you turn off this option, the original files will still be scanned, but 387# without decoding and additional processing. 388# Default: yes 389#ScanPDF yes 390 391# This option enables scanning within SWF files. 392# If you turn off this option, the original files will still be scanned, but 393# without decoding and additional processing. 394# Default: yes 395#ScanSWF yes 396 397# This option enables scanning xml-based document files supported by libclamav. 398# If you turn off this option, the original files will still be scanned, but 399# without additional processing. 400# Default: yes 401#ScanXMLDOCS yes 402 403# This option enables scanning of HWP3 files. 404# If you turn off this option, the original files will still be scanned, but 405# without additional processing. 406# Default: yes 407#ScanHWP3 yes 408 409 410## 411## Mail files 412## 413 414# Enable internal e-mail scanner. 415# If you turn off this option, the original files will still be scanned, but 416# without parsing individual messages/attachments. 417# Default: yes 418ScanMail yes 419 420# Scan RFC1341 messages split over many emails. 421# You will need to periodically clean up $TemporaryDirectory/clamav-partial 422# directory. 423# WARNING: This option may open your system to a DoS attack. 424# Never use it on loaded servers. 425# Default: no 426#ScanPartialMessages yes 427 428# With this option enabled ClamAV will try to detect phishing attempts by using 429# HTML.Phishing and Email.Phishing NDB signatures. 430# Default: yes 431#PhishingSignatures no 432 433# With this option enabled ClamAV will try to detect phishing attempts by 434# analyzing URLs found in emails using WDB and PDB signature databases. 435# Default: yes 436#PhishingScanURLs no 437 438 439## 440## Data Loss Prevention (DLP) 441## 442 443# Enable the DLP module 444# Default: No 445#StructuredDataDetection yes 446 447# This option sets the lowest number of Credit Card numbers found in a file 448# to generate a detect. 449# Default: 3 450#StructuredMinCreditCardCount 5 451 452# With this option enabled the DLP module will search for valid Credit Card 453# numbers only. Debit and Private Label cards will not be searched. 454# Default: no 455#StructuredCCOnly yes 456 457# This option sets the lowest number of Social Security Numbers found 458# in a file to generate a detect. 459# Default: 3 460#StructuredMinSSNCount 5 461 462# With this option enabled the DLP module will search for valid 463# SSNs formatted as xxx-yy-zzzz 464# Default: yes 465#StructuredSSNFormatNormal yes 466 467# With this option enabled the DLP module will search for valid 468# SSNs formatted as xxxyyzzzz 469# Default: no 470#StructuredSSNFormatStripped yes 471 472 473## 474## HTML 475## 476 477# Perform HTML normalisation and decryption of MS Script Encoder code. 478# Default: yes 479# If you turn off this option, the original files will still be scanned, but 480# without additional processing. 481#ScanHTML yes 482 483 484## 485## Archives 486## 487 488# ClamAV can scan within archives and compressed files. 489# If you turn off this option, the original files will still be scanned, but 490# without unpacking and additional processing. 491# Default: yes 492#ScanArchive yes 493 494 495## 496## Limits 497## 498 499# The options below protect your system against Denial of Service attacks 500# using archive bombs. 501 502# This option sets the maximum amount of time to a scan may take. 503# In this version, this field only affects the scan time of ZIP archives. 504# Value of 0 disables the limit. 505# Note: disabling this limit or setting it too high may result allow scanning 506# of certain files to lock up the scanning process/threads resulting in a 507# Denial of Service. 508# Time is in milliseconds. 509# Default: 120000 510#MaxScanTime 300000 511 512# This option sets the maximum amount of data to be scanned for each input 513# file. Archives and other containers are recursively extracted and scanned 514# up to this value. 515# Value of 0 disables the limit 516# Note: disabling this limit or setting it too high may result in severe damage 517# to the system. 518# Default: 100M 519#MaxScanSize 150M 520 521# Files larger than this limit won't be scanned. Affects the input file itself 522# as well as files contained inside it (when the input file is an archive, a 523# document or some other kind of container). 524# Value of 0 disables the limit. 525# Note: disabling this limit or setting it too high may result in severe damage 526# to the system. 527# Technical design limitations prevent ClamAV from scanning files greater than 528# 2 GB at this time. 529# Default: 25M 530#MaxFileSize 30M 531 532# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR 533# file, all files within it will also be scanned. This options specifies how 534# deeply the process should be continued. 535# Note: setting this limit too high may result in severe damage to the system. 536# Default: 17 537#MaxRecursion 10 538 539# Number of files to be scanned within an archive, a document, or any other 540# container file. 541# Value of 0 disables the limit. 542# Note: disabling this limit or setting it too high may result in severe damage 543# to the system. 544# Default: 10000 545#MaxFiles 15000 546 547# Maximum size of a file to check for embedded PE. Files larger than this value 548# will skip the additional analysis step. 549# Note: disabling this limit or setting it too high may result in severe damage 550# to the system. 551# Default: 10M 552#MaxEmbeddedPE 10M 553 554# Maximum size of a HTML file to normalize. HTML files larger than this value 555# will not be normalized or scanned. 556# Note: disabling this limit or setting it too high may result in severe damage 557# to the system. 558# Default: 10M 559#MaxHTMLNormalize 10M 560 561# Maximum size of a normalized HTML file to scan. HTML files larger than this 562# value after normalization will not be scanned. 563# Note: disabling this limit or setting it too high may result in severe damage 564# to the system. 565# Default: 2M 566#MaxHTMLNoTags 2M 567 568# Maximum size of a script file to normalize. Script content larger than this 569# value will not be normalized or scanned. 570# Note: disabling this limit or setting it too high may result in severe damage 571# to the system. 572# Default: 5M 573#MaxScriptNormalize 5M 574 575# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger 576# than this value will skip the step to potentially reanalyze as PE. 577# Note: disabling this limit or setting it too high may result in severe damage 578# to the system. 579# Default: 1M 580#MaxZipTypeRcg 1M 581 582# This option sets the maximum number of partitions of a raw disk image to be 583# scanned. 584# Raw disk images with more partitions than this value will have up to 585# the value number partitions scanned. Negative values are not allowed. 586# Note: setting this limit too high may result in severe damage or impact 587# performance. 588# Default: 50 589#MaxPartitions 128 590 591# This option sets the maximum number of icons within a PE to be scanned. 592# PE files with more icons than this value will have up to the value number 593# icons scanned. 594# Negative values are not allowed. 595# WARNING: setting this limit too high may result in severe damage or impact 596# performance. 597# Default: 100 598#MaxIconsPE 200 599 600# This option sets the maximum recursive calls for HWP3 parsing during 601# scanning. HWP3 files using more than this limit will be terminated and 602# alert the user. 603# Scans will be unable to scan any HWP3 attachments if the recursive limit 604# is reached. 605# Negative values are not allowed. 606# WARNING: setting this limit too high may result in severe damage or impact 607# performance. 608# Default: 16 609#MaxRecHWP3 16 610 611# This option sets the maximum calls to the PCRE match function during 612# an instance of regex matching. 613# Instances using more than this limit will be terminated and alert the user 614# but the scan will continue. 615# For more information on match_limit, see the PCRE documentation. 616# Negative values are not allowed. 617# WARNING: setting this limit too high may severely impact performance. 618# Default: 100000 619#PCREMatchLimit 20000 620 621# This option sets the maximum recursive calls to the PCRE match function 622# during an instance of regex matching. 623# Instances using more than this limit will be terminated and alert the user 624# but the scan will continue. 625# For more information on match_limit_recursion, see the PCRE documentation. 626# Negative values are not allowed and values > PCREMatchLimit are superfluous. 627# WARNING: setting this limit too high may severely impact performance. 628# Default: 2000 629#PCRERecMatchLimit 10000 630 631# This option sets the maximum filesize for which PCRE subsigs will be 632# executed. Files exceeding this limit will not have PCRE subsigs executed 633# unless a subsig is encompassed to a smaller buffer. 634# Negative values are not allowed. 635# Setting this value to zero disables the limit. 636# WARNING: setting this limit too high or disabling it may severely impact 637# performance. 638# Default: 25M 639#PCREMaxFileSize 100M 640 641# When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or 642# MaxRecursion limit will be flagged with the virus name starting with 643# "Heuristics.Limits.Exceeded". 644# Default: no 645#AlertExceedsMax yes 646 647## 648## On-access Scan Settings 649## 650 651# Don't scan files larger than OnAccessMaxFileSize 652# Value of 0 disables the limit. 653# Default: 5M 654#OnAccessMaxFileSize 10M 655 656# Max number of scanning threads to allocate to the OnAccess thread pool at 657# startup. These threads are the ones responsible for creating a connection 658# with the daemon and kicking off scanning after an event has been processed. 659# To prevent clamonacc from consuming all clamd's resources keep this lower 660# than clamd's max threads. 661# Default: 5 662#OnAccessMaxThreads 10 663 664# Max amount of time (in milliseconds) that the OnAccess client should spend 665# for every connect, send, and recieve attempt when communicating with clamd 666# via curl. 667# Default: 5000 (5 seconds) 668# OnAccessCurlTimeout 10000 669 670# Toggles dynamic directory determination. Allows for recursively watching 671# include paths. 672# Default: no 673#OnAccessDisableDDD yes 674 675# Set the include paths (all files inside them will be scanned). You can have 676# multiple OnAccessIncludePath directives but each directory must be added 677# in a separate line. 678# Default: disabled 679#OnAccessIncludePath /home 680#OnAccessIncludePath /students 681 682# Set the exclude paths. All subdirectories are also excluded. 683# Default: disabled 684#OnAccessExcludePath /home/user 685 686# Modifies fanotify blocking behaviour when handling permission events. 687# If off, fanotify will only notify if the file scanned is a virus, 688# and not perform any blocking. 689# Default: no 690#OnAccessPrevention yes 691 692# When using prevention, if this option is turned on, any errors that occur 693# during scanning will result in the event attempt being denied. This could 694# potentially lead to unwanted system behaviour with certain configurations, 695# so the client defaults this to off and prefers allowing access events in 696# case of scan or connection error. 697# Default: no 698#OnAccessDenyOnError yes 699 700# Toggles extra scanning and notifications when a file or directory is 701# created or moved. 702# Requires the DDD system to kick-off extra scans. 703# Default: no 704#OnAccessExtraScanning yes 705 706# Set the mount point to be scanned. The mount point specified, or the mount 707# point containing the specified directory will be watched. If any directories 708# are specified, this option will preempt (disable and ignore all options 709# related to) the DDD system. This option will result in verdicts only. 710# Note that prevention is explicitly disallowed to prevent common, fatal 711# misconfigurations. (e.g. watching "/" with prevention on and no exclusions 712# made on vital system directories) 713# It can be used multiple times. 714# Default: disabled 715#OnAccessMountPath / 716#OnAccessMountPath /home/user 717 718# With this option you can whitelist the root UID (0). Processes run under 719# root with be able to access all files without triggering scans or 720# permission denied events. 721# Note that if clamd cannot check the uid of the process that generated an 722# on-access scan event (e.g., because OnAccessPrevention was not enabled, and 723# the process already exited), clamd will perform a scan. Thus, setting 724# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the 725# root user from triggering a scan (unless OnAccessPrevention is enabled). 726# Default: no 727#OnAccessExcludeRootUID no 728 729# With this option you can whitelist specific UIDs. Processes with these UIDs 730# will be able to access all files without triggering scans or permission 731# denied events. 732# This option can be used multiple times (one per line). 733# Using a value of 0 on any line will disable this option entirely. 734# To whitelist the root UID (0) please enable the OnAccessExcludeRootUID 735# option. 736# Also note that if clamd cannot check the uid of the process that generated an 737# on-access scan event (e.g., because OnAccessPrevention was not enabled, and 738# the process already exited), clamd will perform a scan. Thus, setting 739# OnAccessExcludeUID is not *guaranteed* to prevent every access by the 740# specified uid from triggering a scan (unless OnAccessPrevention is enabled). 741# Default: disabled 742#OnAccessExcludeUID -1 743 744# This option allows exclusions via user names when using the on-access 745# scanning client. It can be used multiple times. 746# It has the same potential race condition limitations of the 747# OnAccessExcludeUID option. 748# Default: disabled 749#OnAccessExcludeUname clamav 750 751# Number of times the OnAccess client will retry a failed scan due to 752# connection problems (or other issues). 753# Default: 0 754#OnAccessRetryAttempts 3 755 756## 757## Bytecode 758## 759 760# With this option enabled ClamAV will load bytecode from the database. 761# It is highly recommended you keep this option on, otherwise you'll miss 762# detections for many new viruses. 763# Default: yes 764#Bytecode yes 765 766# Set bytecode security level. 767# Possible values: 768# None - No security at all, meant for debugging. 769# DO NOT USE THIS ON PRODUCTION SYSTEMS. 770# This value is only available if clamav was built 771# with --enable-debug! 772# TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert 773# runtime safety checks for bytecode loaded from other sources. 774# Paranoid - Don't trust any bytecode, insert runtime checks for all. 775# Recommended: TrustSigned, because bytecode in .cvd files already has these 776# checks. 777# Note that by default only signed bytecode is loaded, currently you can only 778# load unsigned bytecode in --enable-debug mode. 779# 780# Default: TrustSigned 781#BytecodeSecurity TrustSigned 782 783# Allow loading bytecode from outside digitally signed .c[lv]d files. 784# **Caution**: You should NEVER run bytecode signatures from untrusted sources. 785# Doing so may result in arbitrary code execution. 786# Default: no 787#BytecodeUnsigned yes 788 789# Set bytecode timeout in milliseconds. 790# 791# Default: 5000 792# BytecodeTimeout 1000 793