1##
2## Example config file for the Clam AV daemon
3## Please read the clamd.conf(5) manual before editing this file.
4##
5
6
7# Comment or remove the line below.
8#Example
9
10# Uncomment this option to enable logging.
11# LogFile must be writable for the user running daemon.
12# A full path is required.
13# Default: disabled
14LogFile /var/log/clamav/clamd.log
15
16# By default the log file is locked for writing - the lock protects against
17# running clamd multiple times (if want to run another clamd, please
18# copy the configuration file, change the LogFile variable, and run
19# the daemon with --config-file option).
20# This option disables log file locking.
21# Default: no
22#LogFileUnlock yes
23
24# Maximum size of the log file.
25# Value of 0 disables the limit.
26# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
27# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
28# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
29# rotation (the LogRotate option) will always be enabled.
30# Default: 1M
31#LogFileMaxSize 2M
32
33# Log time with each message.
34# Default: no
35#LogTime yes
36
37# Also log clean files. Useful in debugging but drastically increases the
38# log size.
39# Default: no
40#LogClean yes
41
42# Use system logger (can work together with LogFile).
43# Default: no
44#LogSyslog yes
45
46# Specify the type of syslog messages - please refer to 'man syslog'
47# for facility names.
48# Default: LOG_LOCAL6
49#LogFacility LOG_MAIL
50
51# Enable verbose logging.
52# Default: no
53#LogVerbose yes
54
55# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
56# Default: no
57#LogRotate yes
58
59# Enable Prelude output.
60# Default: no
61#PreludeEnable yes
62#
63# Set the name of the analyzer used by prelude-admin.
64# Default: ClamAV
65#PreludeAnalyzerName ClamAV
66
67# Log additional information about the infected file, such as its
68# size and hash, together with the virus name.
69#ExtendedDetectionInfo yes
70
71# This option allows you to save a process identifier of the listening
72# daemon (main thread).
73# This file will be owned by root, as long as clamd was started by root.
74# It is recommended that the directory where this file is stored is
75# also owned by root to keep other users from tampering with it.
76# Default: disabled
77PidFile /var/run/clamav/clamd.pid
78
79# Optional path to the global temporary directory.
80# Default: system specific (usually /tmp or /var/tmp).
81#TemporaryDirectory /var/tmp
82
83# Path to the database directory.
84# Default: hardcoded (depends on installation options)
85DatabaseDirectory /var/db/clamav
86
87# Only load the official signatures published by the ClamAV project.
88# Default: no
89#OfficialDatabaseOnly no
90
91# The daemon can work in local mode, network mode or both.
92# Due to security reasons we recommend the local mode.
93
94# Path to a local socket file the daemon will listen on.
95# Default: disabled (must be specified by a user)
96LocalSocket /var/run/clamav/clamd.sock
97
98# Sets the group ownership on the unix socket.
99# Default: disabled (the primary group of the user running clamd)
100#LocalSocketGroup virusgroup
101
102# Sets the permissions on the unix socket to the specified mode.
103# Default: disabled (socket is world accessible)
104#LocalSocketMode 660
105
106# Remove stale socket after unclean shutdown.
107# Default: yes
108FixStaleSocket yes
109
110# TCP port address.
111# Default: no
112#TCPSocket 3310
113
114# TCP address.
115# By default we bind to INADDR_ANY, probably not wise.
116# Enable the following to provide some degree of protection
117# from the outside world. This option can be specified multiple
118# times if you want to listen on multiple IPs. IPv6 is now supported.
119# Default: no
120#TCPAddr localhost
121
122# Maximum length the queue of pending connections may grow to.
123# Default: 200
124#MaxConnectionQueueLength 30
125
126# Clamd uses FTP-like protocol to receive data from remote clients.
127# If you are using clamav-milter to balance load between remote clamd daemons
128# on firewall servers you may need to tune the options below.
129
130# Close the connection when the data size limit is exceeded.
131# The value should match your MTA's limit for a maximum attachment size.
132# Default: 25M
133#StreamMaxLength 10M
134
135# Limit port range.
136# Default: 1024
137#StreamMinPort 30000
138# Default: 2048
139#StreamMaxPort 32000
140
141# Maximum number of threads running at the same time.
142# Default: 10
143#MaxThreads 20
144
145# Waiting for data from a client socket will timeout after this time (seconds).
146# Default: 120
147#ReadTimeout 300
148
149# This option specifies the time (in seconds) after which clamd should
150# timeout if a client doesn't provide any initial command after connecting.
151# Default: 30
152#CommandReadTimeout 30
153
154# This option specifies how long to wait (in milliseconds) if the send buffer
155# is full.
156# Keep this value low to prevent clamd hanging.
157#
158# Default: 500
159#SendBufTimeout 200
160
161# Maximum number of queued items (including those being processed by
162# MaxThreads threads).
163# It is recommended to have this value at least twice MaxThreads if possible.
164# WARNING: you shouldn't increase this too much to avoid running out  of file
165# descriptors, the following condition should hold:
166# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
167# max is 1024).
168#
169# Default: 100
170#MaxQueue 200
171
172# Waiting for a new job will timeout after this time (seconds).
173# Default: 30
174#IdleTimeout 60
175
176# Don't scan files and directories matching regex
177# This directive can be used multiple times
178# Default: scan all
179#ExcludePath ^/proc/
180#ExcludePath ^/sys/
181
182# Maximum depth directories are scanned at.
183# Default: 15
184#MaxDirectoryRecursion 20
185
186# Follow directory symlinks.
187# Default: no
188#FollowDirectorySymlinks yes
189
190# Follow regular file symlinks.
191# Default: no
192#FollowFileSymlinks yes
193
194# Scan files and directories on other filesystems.
195# Default: yes
196#CrossFilesystems yes
197
198# Perform a database check.
199# Default: 600 (10 min)
200#SelfCheck 600
201
202# Enable non-blocking (multi-threaded/concurrent) database reloads.
203# This feature will temporarily load a second scanning engine while scanning
204# continues using the first engine. Once loaded, the new engine takes over.
205# The old engine is removed as soon as all scans using the old engine have
206# completed.
207# This feature requires more RAM, so this option is provided in case users are
208# willing to block scans during reload in exchange for lower RAM requirements.
209# Default: yes
210#ConcurrentDatabaseReload no
211
212# Execute a command when virus is found. In the command string %v will
213# be replaced with the virus name and %f will be replaced with the file name.
214# Additionally, two environment variables will be defined: $CLAM_VIRUSEVENT_FILENAME
215# and $CLAM_VIRUSEVENT_VIRUSNAME.
216# Default: no
217#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f"
218
219# Run as another user (clamd must be started by root for this option to work)
220# Default: don't drop privileges
221User clamav
222
223# Stop daemon when libclamav reports out of memory condition.
224#ExitOnOOM yes
225
226# Don't fork into background.
227# Default: no
228#Foreground yes
229
230# Enable debug messages in libclamav.
231# Default: no
232#Debug yes
233
234# Do not remove temporary files (for debug purposes).
235# Default: no
236#LeaveTemporaryFiles yes
237
238# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
239# any ALLMATCHSCAN command as invalid.
240# Default: yes
241#AllowAllMatchScan no
242
243# Detect Possibly Unwanted Applications.
244# Default: no
245#DetectPUA yes
246
247# Exclude a specific PUA category. This directive can be used multiple times.
248# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
249# the complete list of PUA categories.
250# Default: Load all categories (if DetectPUA is activated)
251#ExcludePUA NetTool
252#ExcludePUA PWTool
253
254# Only include a specific PUA category. This directive can be used multiple
255# times.
256# Default: Load all categories (if DetectPUA is activated)
257#IncludePUA Spy
258#IncludePUA Scanner
259#IncludePUA RAT
260
261# This option causes memory or nested map scans to dump the content to disk.
262# If you turn on this option, more data is written to disk and is available
263# when the LeaveTemporaryFiles option is enabled.
264#ForceToDisk yes
265
266# This option allows you to disable the caching feature of the engine. By
267# default, the engine will store an MD5 in a cache of any files that are
268# not flagged as virus or that hit limits checks. Disabling the cache will
269# have a negative performance impact on large scans.
270# Default: no
271#DisableCache yes
272
273# In some cases (eg. complex malware, exploits in graphic files, and others),
274# ClamAV uses special algorithms to detect abnormal patterns and behaviors that
275# may be malicious.  This option enables alerting on such heuristically
276# detected potential threats.
277# Default: yes
278#HeuristicAlerts yes
279
280# Allow heuristic alerts to take precedence.
281# When enabled, if a heuristic scan (such as phishingScan) detects
282# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
283# scan-time.
284# When disabled, virus/phish detected by heuristic scans will be reported only
285# at the end of a scan. If an archive contains both a heuristically detected
286# virus/phish, and a real malware, the real malware will be reported
287#
288# Keep this disabled if you intend to handle "Heuristics.*" viruses
289# differently from "real" malware.
290# If a non-heuristically-detected virus (signature-based) is found first,
291# the scan is interrupted immediately, regardless of this config option.
292#
293# Default: no
294#HeuristicScanPrecedence yes
295
296
297##
298## Heuristic Alerts
299##
300
301# With this option clamav will try to detect broken executables (both PE and
302# ELF) and alert on them with the Broken.Executable heuristic signature.
303# Default: no
304#AlertBrokenExecutables yes
305
306# With this option clamav will try to detect broken media file (JPEG,
307# TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature.
308# Default: no
309#AlertBrokenMedia yes
310
311# Alert on encrypted archives _and_ documents with heuristic signature
312# (encrypted .zip, .7zip, .rar, .pdf).
313# Default: no
314#AlertEncrypted yes
315
316# Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip,
317# .rar).
318# Default: no
319#AlertEncryptedArchive yes
320
321# Alert on encrypted archives with heuristic signature (encrypted .pdf).
322# Default: no
323#AlertEncryptedDoc yes
324
325# With this option enabled OLE2 files containing VBA macros, which were not
326# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
327# Default: no
328#AlertOLE2Macros yes
329
330# Alert on SSL mismatches in URLs, even if the URL isn't in the database.
331# This can lead to false positives.
332# Default: no
333#AlertPhishingSSLMismatch yes
334
335# Alert on cloaked URLs, even if URL isn't in database.
336# This can lead to false positives.
337# Default: no
338#AlertPhishingCloak yes
339
340# Alert on raw DMG image files containing partition intersections
341# Default: no
342#AlertPartitionIntersection yes
343
344
345##
346## Executable files
347##
348
349# PE stands for Portable Executable - it's an executable file format used
350# in all 32 and 64-bit versions of Windows operating systems. This option
351# allows ClamAV to perform a deeper analysis of executable files and it's also
352# required for decompression of popular executable packers such as UPX, FSG,
353# and Petite. If you turn off this option, the original files will still be
354# scanned, but without additional processing.
355# Default: yes
356#ScanPE yes
357
358# Certain PE files contain an authenticode signature. By default, we check
359# the signature chain in the PE file against a database of trusted and
360# revoked certificates if the file being scanned is marked as a virus.
361# If any certificate in the chain validates against any trusted root, but
362# does not match any revoked certificate, the file is marked as trusted.
363# If the file does match a revoked certificate, the file is marked as virus.
364# The following setting completely turns off authenticode verification.
365# Default: no
366#DisableCertCheck yes
367
368# Executable and Linking Format is a standard format for UN*X executables.
369# This option allows you to control the scanning of ELF files.
370# If you turn off this option, the original files will still be scanned, but
371# without additional processing.
372# Default: yes
373#ScanELF yes
374
375
376##
377## Documents
378##
379
380# This option enables scanning of OLE2 files, such as Microsoft Office
381# documents and .msi files.
382# If you turn off this option, the original files will still be scanned, but
383# without additional processing.
384# Default: yes
385#ScanOLE2 yes
386
387# This option enables scanning within PDF files.
388# If you turn off this option, the original files will still be scanned, but
389# without decoding and additional processing.
390# Default: yes
391#ScanPDF yes
392
393# This option enables scanning within SWF files.
394# If you turn off this option, the original files will still be scanned, but
395# without decoding and additional processing.
396# Default: yes
397#ScanSWF yes
398
399# This option enables scanning xml-based document files supported by libclamav.
400# If you turn off this option, the original files will still be scanned, but
401# without additional processing.
402# Default: yes
403#ScanXMLDOCS yes
404
405# This option enables scanning of HWP3 files.
406# If you turn off this option, the original files will still be scanned, but
407# without additional processing.
408# Default: yes
409#ScanHWP3 yes
410
411
412##
413## Mail files
414##
415
416# Enable internal e-mail scanner.
417# If you turn off this option, the original files will still be scanned, but
418# without parsing individual messages/attachments.
419# Default: yes
420ScanMail yes
421
422# Scan RFC1341 messages split over many emails.
423# You will need to periodically clean up $TemporaryDirectory/clamav-partial
424# directory.
425# WARNING: This option may open your system to a DoS attack.
426#	   Never use it on loaded servers.
427# Default: no
428#ScanPartialMessages yes
429
430# With this option enabled ClamAV will try to detect phishing attempts by using
431# HTML.Phishing and Email.Phishing NDB signatures.
432# Default: yes
433#PhishingSignatures no
434
435# With this option enabled ClamAV will try to detect phishing attempts by
436# analyzing URLs found in emails using WDB and PDB signature databases.
437# Default: yes
438#PhishingScanURLs no
439
440
441##
442## Data Loss Prevention (DLP)
443##
444
445# Enable the DLP module
446# Default: No
447#StructuredDataDetection yes
448
449# This option sets the lowest number of Credit Card numbers found in a file
450# to generate a detect.
451# Default: 3
452#StructuredMinCreditCardCount 5
453
454# With this option enabled the DLP module will search for valid Credit Card
455# numbers only. Debit and Private Label cards will not be searched.
456# Default: no
457#StructuredCCOnly yes
458
459# This option sets the lowest number of Social Security Numbers found
460# in a file to generate a detect.
461# Default: 3
462#StructuredMinSSNCount 5
463
464# With this option enabled the DLP module will search for valid
465# SSNs formatted as xxx-yy-zzzz
466# Default: yes
467#StructuredSSNFormatNormal yes
468
469# With this option enabled the DLP module will search for valid
470# SSNs formatted as xxxyyzzzz
471# Default: no
472#StructuredSSNFormatStripped yes
473
474
475##
476## HTML
477##
478
479# Perform HTML normalisation and decryption of MS Script Encoder code.
480# Default: yes
481# If you turn off this option, the original files will still be scanned, but
482# without additional processing.
483#ScanHTML yes
484
485
486##
487## Archives
488##
489
490# ClamAV can scan within archives and compressed files.
491# If you turn off this option, the original files will still be scanned, but
492# without unpacking and additional processing.
493# Default: yes
494#ScanArchive yes
495
496
497##
498## Limits
499##
500
501# The options below protect your system against Denial of Service attacks
502# using archive bombs.
503
504# This option sets the maximum amount of time to a scan may take.
505# In this version, this field only affects the scan time of ZIP archives.
506# Value of 0 disables the limit.
507# Note: disabling this limit or setting it too high may result allow scanning
508# of certain files to lock up the scanning process/threads resulting in a
509# Denial of Service.
510# Time is in milliseconds.
511# Default: 120000
512#MaxScanTime 300000
513
514# This option sets the maximum amount of data to be scanned for each input
515# file. Archives and other containers are recursively extracted and scanned
516# up to this value.
517# Value of 0 disables the limit
518# Note: disabling this limit or setting it too high may result in severe damage
519# to the system.
520# Default: 100M
521#MaxScanSize 150M
522
523# Files larger than this limit won't be scanned. Affects the input file itself
524# as well as files contained inside it (when the input file is an archive, a
525# document or some other kind of container).
526# Value of 0 disables the limit.
527# Note: disabling this limit or setting it too high may result in severe damage
528# to the system.
529# Technical design limitations prevent ClamAV from scanning files greater than
530# 2 GB at this time.
531# Default: 25M
532#MaxFileSize 30M
533
534# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
535# file, all files within it will also be scanned. This options specifies how
536# deeply the process should be continued.
537# Note: setting this limit too high may result in severe damage to the system.
538# Default: 17
539#MaxRecursion 10
540
541# Number of files to be scanned within an archive, a document, or any other
542# container file.
543# Value of 0 disables the limit.
544# Note: disabling this limit or setting it too high may result in severe damage
545# to the system.
546# Default: 10000
547#MaxFiles 15000
548
549# Maximum size of a file to check for embedded PE. Files larger than this value
550# will skip the additional analysis step.
551# Note: disabling this limit or setting it too high may result in severe damage
552# to the system.
553# Default: 10M
554#MaxEmbeddedPE 10M
555
556# Maximum size of a HTML file to normalize. HTML files larger than this value
557# will not be normalized or scanned.
558# Note: disabling this limit or setting it too high may result in severe damage
559# to the system.
560# Default: 10M
561#MaxHTMLNormalize 10M
562
563# Maximum size of a normalized HTML file to scan. HTML files larger than this
564# value after normalization will not be scanned.
565# Note: disabling this limit or setting it too high may result in severe damage
566# to the system.
567# Default: 2M
568#MaxHTMLNoTags 2M
569
570# Maximum size of a script file to normalize. Script content larger than this
571# value will not be normalized or scanned.
572# Note: disabling this limit or setting it too high may result in severe damage
573# to the system.
574# Default: 5M
575#MaxScriptNormalize 5M
576
577# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
578# than this value will skip the step to potentially reanalyze as PE.
579# Note: disabling this limit or setting it too high may result in severe damage
580# to the system.
581# Default: 1M
582#MaxZipTypeRcg 1M
583
584# This option sets the maximum number of partitions of a raw disk image to be
585# scanned.
586# Raw disk images with more partitions than this value will have up to
587# the value number partitions scanned. Negative values are not allowed.
588# Note: setting this limit too high may result in severe damage or impact
589# performance.
590# Default: 50
591#MaxPartitions 128
592
593# This option sets the maximum number of icons within a PE to be scanned.
594# PE files with more icons than this value will have up to the value number
595# icons scanned.
596# Negative values are not allowed.
597# WARNING: setting this limit too high may result in severe damage or impact
598# performance.
599# Default: 100
600#MaxIconsPE 200
601
602# This option sets the maximum recursive calls for HWP3 parsing during
603# scanning. HWP3 files using more than this limit will be terminated and
604# alert the user.
605# Scans will be unable to scan any HWP3 attachments if the recursive limit
606# is reached.
607# Negative values are not allowed.
608# WARNING: setting this limit too high may result in severe damage or impact
609# performance.
610# Default: 16
611#MaxRecHWP3 16
612
613# This option sets the maximum calls to the PCRE match function during
614# an instance of regex matching.
615# Instances using more than this limit will be terminated and alert the user
616# but the scan will continue.
617# For more information on match_limit, see the PCRE documentation.
618# Negative values are not allowed.
619# WARNING: setting this limit too high may severely impact performance.
620# Default: 100000
621#PCREMatchLimit 20000
622
623# This option sets the maximum recursive calls to the PCRE match function
624# during an instance of regex matching.
625# Instances using more than this limit will be terminated and alert the user
626# but the scan will continue.
627# For more information on match_limit_recursion, see the PCRE documentation.
628# Negative values are not allowed and values > PCREMatchLimit are superfluous.
629# WARNING: setting this limit too high may severely impact performance.
630# Default: 2000
631#PCRERecMatchLimit 10000
632
633# This option sets the maximum filesize for which PCRE subsigs will be
634# executed. Files exceeding this limit will not have PCRE subsigs executed
635# unless a subsig is encompassed to a smaller buffer.
636# Negative values are not allowed.
637# Setting this value to zero disables the limit.
638# WARNING: setting this limit too high or disabling it may severely impact
639# performance.
640# Default: 25M
641#PCREMaxFileSize 100M
642
643# When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or
644# MaxRecursion limit will be flagged with the virus name starting with
645# "Heuristics.Limits.Exceeded".
646# Default: no
647#AlertExceedsMax yes
648
649##
650## On-access Scan Settings
651##
652
653# Don't scan files larger than OnAccessMaxFileSize
654# Value of 0 disables the limit.
655# Default: 5M
656#OnAccessMaxFileSize 10M
657
658# Max number of scanning threads to allocate to the OnAccess thread pool at
659# startup. These threads are the ones responsible for creating a connection
660# with the daemon and kicking off scanning after an event has been processed.
661# To prevent clamonacc from consuming all clamd's resources keep this lower
662# than clamd's max threads.
663# Default: 5
664#OnAccessMaxThreads 10
665
666# Max amount of time (in milliseconds) that the OnAccess client should spend
667# for every connect, send, and recieve attempt when communicating with clamd
668# via curl.
669# Default: 5000 (5 seconds)
670# OnAccessCurlTimeout 10000
671
672# Toggles dynamic directory determination. Allows for recursively watching
673# include paths.
674# Default: no
675#OnAccessDisableDDD yes
676
677# Set the include paths (all files inside them will be scanned). You can have
678# multiple OnAccessIncludePath directives but each directory must be added
679# in a separate line.
680# Default: disabled
681#OnAccessIncludePath /home
682#OnAccessIncludePath /students
683
684# Set the exclude paths. All subdirectories are also excluded.
685# Default: disabled
686#OnAccessExcludePath /home/user
687
688# Modifies fanotify blocking behaviour when handling permission events.
689# If off, fanotify will only notify if the file scanned is a virus,
690# and not perform any blocking.
691# Default: no
692#OnAccessPrevention yes
693
694# When using prevention, if this option is turned on, any errors that occur
695# during scanning will result in the event attempt being denied. This could
696# potentially lead to unwanted system behaviour with certain configurations,
697# so the client defaults this to off and prefers allowing access events in
698# case of scan or connection error.
699# Default: no
700#OnAccessDenyOnError yes
701
702# Toggles extra scanning and notifications when a file or directory is
703# created or moved.
704# Requires the  DDD system to kick-off extra scans.
705# Default: no
706#OnAccessExtraScanning yes
707
708# Set the  mount point to be scanned. The mount point specified, or the mount
709# point containing the specified directory will be watched. If any directories
710# are specified, this option will preempt (disable and ignore all options
711# related to) the DDD system. This option will result in verdicts only.
712# Note that prevention is explicitly disallowed to prevent common, fatal
713# misconfigurations. (e.g. watching "/" with prevention on and no exclusions
714# made on vital system directories)
715# It can be used multiple times.
716# Default: disabled
717#OnAccessMountPath /
718#OnAccessMountPath /home/user
719
720# With this option you can exclude the root UID (0). Processes run under
721# root with be able to access all files without triggering scans or
722# permission denied events.
723# Note that if clamd cannot check the uid of the process that generated an
724# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
725# the process already exited), clamd will perform a scan.  Thus, setting
726# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
727# root user from triggering a scan (unless OnAccessPrevention is enabled).
728# Default: no
729#OnAccessExcludeRootUID no
730
731# With this option you can exclude specific UIDs. Processes with these UIDs
732# will be able to access all files without triggering scans or permission
733# denied events.
734# This option can be used multiple times (one per line).
735# Using a value of 0 on any line will disable this option entirely.
736# To exclude the root UID (0) please enable the OnAccessExcludeRootUID
737# option.
738# Also note that if clamd cannot check the uid of the process that generated an
739# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
740# the process already exited), clamd will perform a scan.  Thus, setting
741# OnAccessExcludeUID is not *guaranteed* to prevent every access by the
742# specified uid from triggering a scan (unless OnAccessPrevention is enabled).
743# Default: disabled
744#OnAccessExcludeUID -1
745
746# This option allows exclusions via user names when using the on-access
747# scanning client. It can be used multiple times.
748# It has the same potential race condition limitations of the
749# OnAccessExcludeUID option.
750# Default: disabled
751#OnAccessExcludeUname clamav
752
753# Number of times the OnAccess client will retry a failed scan due to
754# connection problems (or other issues).
755# Default: 0
756#OnAccessRetryAttempts 3
757
758##
759## Bytecode
760##
761
762# With this option enabled ClamAV will load bytecode from the database.
763# It is highly recommended you keep this option on, otherwise you'll miss
764# detections for many new viruses.
765# Default: yes
766#Bytecode yes
767
768# Set bytecode security level.
769# Possible values:
770#   None -      No security at all, meant for debugging.
771#               DO NOT USE THIS ON PRODUCTION SYSTEMS.
772#               This value is only available if clamav was built
773#               with --enable-debug!
774#   TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
775#               runtime safety checks for bytecode loaded from other sources.
776#   Paranoid -  Don't trust any bytecode, insert runtime checks for all.
777# Recommended: TrustSigned, because bytecode in .cvd files already has these
778# checks.
779# Note that by default only signed bytecode is loaded, currently you can only
780# load unsigned bytecode in --enable-debug mode.
781#
782# Default: TrustSigned
783#BytecodeSecurity TrustSigned
784
785# Allow loading bytecode from outside digitally signed .c[lv]d files.
786# **Caution**: You should NEVER run bytecode signatures from untrusted sources.
787# Doing so may result in arbitrary code execution.
788# Default: no
789#BytecodeUnsigned yes
790
791# Set bytecode timeout in milliseconds.
792#
793# Default: 5000
794# BytecodeTimeout 1000
795