1## 2## Example config file for the Clam AV daemon 3## Please read the clamd.conf(5) manual before editing this file. 4## 5 6 7# Comment or remove the line below. 8#Example 9 10# Uncomment this option to enable logging. 11# LogFile must be writable for the user running daemon. 12# A full path is required. 13# Default: disabled 14LogFile /var/log/clamav/clamd.log 15 16# By default the log file is locked for writing - the lock protects against 17# running clamd multiple times (if want to run another clamd, please 18# copy the configuration file, change the LogFile variable, and run 19# the daemon with --config-file option). 20# This option disables log file locking. 21# Default: no 22#LogFileUnlock yes 23 24# Maximum size of the log file. 25# Value of 0 disables the limit. 26# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) 27# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size 28# in bytes just don't use modifiers. If LogFileMaxSize is enabled, log 29# rotation (the LogRotate option) will always be enabled. 30# Default: 1M 31#LogFileMaxSize 2M 32 33# Log time with each message. 34# Default: no 35#LogTime yes 36 37# Also log clean files. Useful in debugging but drastically increases the 38# log size. 39# Default: no 40#LogClean yes 41 42# Use system logger (can work together with LogFile). 43# Default: no 44#LogSyslog yes 45 46# Specify the type of syslog messages - please refer to 'man syslog' 47# for facility names. 48# Default: LOG_LOCAL6 49#LogFacility LOG_MAIL 50 51# Enable verbose logging. 52# Default: no 53#LogVerbose yes 54 55# Enable log rotation. Always enabled when LogFileMaxSize is enabled. 56# Default: no 57#LogRotate yes 58 59# Enable Prelude output. 60# Default: no 61#PreludeEnable yes 62# 63# Set the name of the analyzer used by prelude-admin. 64# Default: ClamAV 65#PreludeAnalyzerName ClamAV 66 67# Log additional information about the infected file, such as its 68# size and hash, together with the virus name. 69#ExtendedDetectionInfo yes 70 71# This option allows you to save a process identifier of the listening 72# daemon (main thread). 73# This file will be owned by root, as long as clamd was started by root. 74# It is recommended that the directory where this file is stored is 75# also owned by root to keep other users from tampering with it. 76# Default: disabled 77PidFile /var/run/clamav/clamd.pid 78 79# Optional path to the global temporary directory. 80# Default: system specific (usually /tmp or /var/tmp). 81#TemporaryDirectory /var/tmp 82 83# Path to the database directory. 84# Default: hardcoded (depends on installation options) 85DatabaseDirectory /var/db/clamav 86 87# Only load the official signatures published by the ClamAV project. 88# Default: no 89#OfficialDatabaseOnly no 90 91# The daemon can work in local mode, network mode or both. 92# Due to security reasons we recommend the local mode. 93 94# Path to a local socket file the daemon will listen on. 95# Default: disabled (must be specified by a user) 96LocalSocket /var/run/clamav/clamd.sock 97 98# Sets the group ownership on the unix socket. 99# Default: disabled (the primary group of the user running clamd) 100#LocalSocketGroup virusgroup 101 102# Sets the permissions on the unix socket to the specified mode. 103# Default: disabled (socket is world accessible) 104#LocalSocketMode 660 105 106# Remove stale socket after unclean shutdown. 107# Default: yes 108FixStaleSocket yes 109 110# TCP port address. 111# Default: no 112#TCPSocket 3310 113 114# TCP address. 115# By default we bind to INADDR_ANY, probably not wise. 116# Enable the following to provide some degree of protection 117# from the outside world. This option can be specified multiple 118# times if you want to listen on multiple IPs. IPv6 is now supported. 119# Default: no 120#TCPAddr localhost 121 122# Maximum length the queue of pending connections may grow to. 123# Default: 200 124#MaxConnectionQueueLength 30 125 126# Clamd uses FTP-like protocol to receive data from remote clients. 127# If you are using clamav-milter to balance load between remote clamd daemons 128# on firewall servers you may need to tune the options below. 129 130# Close the connection when the data size limit is exceeded. 131# The value should match your MTA's limit for a maximum attachment size. 132# Default: 25M 133#StreamMaxLength 10M 134 135# Limit port range. 136# Default: 1024 137#StreamMinPort 30000 138# Default: 2048 139#StreamMaxPort 32000 140 141# Maximum number of threads running at the same time. 142# Default: 10 143#MaxThreads 20 144 145# Waiting for data from a client socket will timeout after this time (seconds). 146# Default: 120 147#ReadTimeout 300 148 149# This option specifies the time (in seconds) after which clamd should 150# timeout if a client doesn't provide any initial command after connecting. 151# Default: 30 152#CommandReadTimeout 30 153 154# This option specifies how long to wait (in milliseconds) if the send buffer 155# is full. 156# Keep this value low to prevent clamd hanging. 157# 158# Default: 500 159#SendBufTimeout 200 160 161# Maximum number of queued items (including those being processed by 162# MaxThreads threads). 163# It is recommended to have this value at least twice MaxThreads if possible. 164# WARNING: you shouldn't increase this too much to avoid running out of file 165# descriptors, the following condition should hold: 166# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual 167# max is 1024). 168# 169# Default: 100 170#MaxQueue 200 171 172# Waiting for a new job will timeout after this time (seconds). 173# Default: 30 174#IdleTimeout 60 175 176# Don't scan files and directories matching regex 177# This directive can be used multiple times 178# Default: scan all 179#ExcludePath ^/proc/ 180#ExcludePath ^/sys/ 181 182# Maximum depth directories are scanned at. 183# Default: 15 184#MaxDirectoryRecursion 20 185 186# Follow directory symlinks. 187# Default: no 188#FollowDirectorySymlinks yes 189 190# Follow regular file symlinks. 191# Default: no 192#FollowFileSymlinks yes 193 194# Scan files and directories on other filesystems. 195# Default: yes 196#CrossFilesystems yes 197 198# Perform a database check. 199# Default: 600 (10 min) 200#SelfCheck 600 201 202# Enable non-blocking (multi-threaded/concurrent) database reloads. 203# This feature will temporarily load a second scanning engine while scanning 204# continues using the first engine. Once loaded, the new engine takes over. 205# The old engine is removed as soon as all scans using the old engine have 206# completed. 207# This feature requires more RAM, so this option is provided in case users are 208# willing to block scans during reload in exchange for lower RAM requirements. 209# Default: yes 210#ConcurrentDatabaseReload no 211 212# Execute a command when virus is found. In the command string %v will 213# be replaced with the virus name and %f will be replaced with the file name. 214# Additionally, two environment variables will be defined: $CLAM_VIRUSEVENT_FILENAME 215# and $CLAM_VIRUSEVENT_VIRUSNAME. 216# Default: no 217#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f" 218 219# Run as another user (clamd must be started by root for this option to work) 220# Default: don't drop privileges 221User clamav 222 223# Stop daemon when libclamav reports out of memory condition. 224#ExitOnOOM yes 225 226# Don't fork into background. 227# Default: no 228#Foreground yes 229 230# Enable debug messages in libclamav. 231# Default: no 232#Debug yes 233 234# Do not remove temporary files (for debug purposes). 235# Default: no 236#LeaveTemporaryFiles yes 237 238# Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject 239# any ALLMATCHSCAN command as invalid. 240# Default: yes 241#AllowAllMatchScan no 242 243# Detect Possibly Unwanted Applications. 244# Default: no 245#DetectPUA yes 246 247# Exclude a specific PUA category. This directive can be used multiple times. 248# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for 249# the complete list of PUA categories. 250# Default: Load all categories (if DetectPUA is activated) 251#ExcludePUA NetTool 252#ExcludePUA PWTool 253 254# Only include a specific PUA category. This directive can be used multiple 255# times. 256# Default: Load all categories (if DetectPUA is activated) 257#IncludePUA Spy 258#IncludePUA Scanner 259#IncludePUA RAT 260 261# This option causes memory or nested map scans to dump the content to disk. 262# If you turn on this option, more data is written to disk and is available 263# when the LeaveTemporaryFiles option is enabled. 264#ForceToDisk yes 265 266# This option allows you to disable the caching feature of the engine. By 267# default, the engine will store an MD5 in a cache of any files that are 268# not flagged as virus or that hit limits checks. Disabling the cache will 269# have a negative performance impact on large scans. 270# Default: no 271#DisableCache yes 272 273# In some cases (eg. complex malware, exploits in graphic files, and others), 274# ClamAV uses special algorithms to detect abnormal patterns and behaviors that 275# may be malicious. This option enables alerting on such heuristically 276# detected potential threats. 277# Default: yes 278#HeuristicAlerts yes 279 280# Allow heuristic alerts to take precedence. 281# When enabled, if a heuristic scan (such as phishingScan) detects 282# a possible virus/phish it will stop scan immediately. Recommended, saves CPU 283# scan-time. 284# When disabled, virus/phish detected by heuristic scans will be reported only 285# at the end of a scan. If an archive contains both a heuristically detected 286# virus/phish, and a real malware, the real malware will be reported 287# 288# Keep this disabled if you intend to handle "Heuristics.*" viruses 289# differently from "real" malware. 290# If a non-heuristically-detected virus (signature-based) is found first, 291# the scan is interrupted immediately, regardless of this config option. 292# 293# Default: no 294#HeuristicScanPrecedence yes 295 296 297## 298## Heuristic Alerts 299## 300 301# With this option clamav will try to detect broken executables (both PE and 302# ELF) and alert on them with the Broken.Executable heuristic signature. 303# Default: no 304#AlertBrokenExecutables yes 305 306# With this option clamav will try to detect broken media file (JPEG, 307# TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature. 308# Default: no 309#AlertBrokenMedia yes 310 311# Alert on encrypted archives _and_ documents with heuristic signature 312# (encrypted .zip, .7zip, .rar, .pdf). 313# Default: no 314#AlertEncrypted yes 315 316# Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, 317# .rar). 318# Default: no 319#AlertEncryptedArchive yes 320 321# Alert on encrypted archives with heuristic signature (encrypted .pdf). 322# Default: no 323#AlertEncryptedDoc yes 324 325# With this option enabled OLE2 files containing VBA macros, which were not 326# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". 327# Default: no 328#AlertOLE2Macros yes 329 330# Alert on SSL mismatches in URLs, even if the URL isn't in the database. 331# This can lead to false positives. 332# Default: no 333#AlertPhishingSSLMismatch yes 334 335# Alert on cloaked URLs, even if URL isn't in database. 336# This can lead to false positives. 337# Default: no 338#AlertPhishingCloak yes 339 340# Alert on raw DMG image files containing partition intersections 341# Default: no 342#AlertPartitionIntersection yes 343 344 345## 346## Executable files 347## 348 349# PE stands for Portable Executable - it's an executable file format used 350# in all 32 and 64-bit versions of Windows operating systems. This option 351# allows ClamAV to perform a deeper analysis of executable files and it's also 352# required for decompression of popular executable packers such as UPX, FSG, 353# and Petite. If you turn off this option, the original files will still be 354# scanned, but without additional processing. 355# Default: yes 356#ScanPE yes 357 358# Certain PE files contain an authenticode signature. By default, we check 359# the signature chain in the PE file against a database of trusted and 360# revoked certificates if the file being scanned is marked as a virus. 361# If any certificate in the chain validates against any trusted root, but 362# does not match any revoked certificate, the file is marked as trusted. 363# If the file does match a revoked certificate, the file is marked as virus. 364# The following setting completely turns off authenticode verification. 365# Default: no 366#DisableCertCheck yes 367 368# Executable and Linking Format is a standard format for UN*X executables. 369# This option allows you to control the scanning of ELF files. 370# If you turn off this option, the original files will still be scanned, but 371# without additional processing. 372# Default: yes 373#ScanELF yes 374 375 376## 377## Documents 378## 379 380# This option enables scanning of OLE2 files, such as Microsoft Office 381# documents and .msi files. 382# If you turn off this option, the original files will still be scanned, but 383# without additional processing. 384# Default: yes 385#ScanOLE2 yes 386 387# This option enables scanning within PDF files. 388# If you turn off this option, the original files will still be scanned, but 389# without decoding and additional processing. 390# Default: yes 391#ScanPDF yes 392 393# This option enables scanning within SWF files. 394# If you turn off this option, the original files will still be scanned, but 395# without decoding and additional processing. 396# Default: yes 397#ScanSWF yes 398 399# This option enables scanning xml-based document files supported by libclamav. 400# If you turn off this option, the original files will still be scanned, but 401# without additional processing. 402# Default: yes 403#ScanXMLDOCS yes 404 405# This option enables scanning of HWP3 files. 406# If you turn off this option, the original files will still be scanned, but 407# without additional processing. 408# Default: yes 409#ScanHWP3 yes 410 411 412## 413## Mail files 414## 415 416# Enable internal e-mail scanner. 417# If you turn off this option, the original files will still be scanned, but 418# without parsing individual messages/attachments. 419# Default: yes 420ScanMail yes 421 422# Scan RFC1341 messages split over many emails. 423# You will need to periodically clean up $TemporaryDirectory/clamav-partial 424# directory. 425# WARNING: This option may open your system to a DoS attack. 426# Never use it on loaded servers. 427# Default: no 428#ScanPartialMessages yes 429 430# With this option enabled ClamAV will try to detect phishing attempts by using 431# HTML.Phishing and Email.Phishing NDB signatures. 432# Default: yes 433#PhishingSignatures no 434 435# With this option enabled ClamAV will try to detect phishing attempts by 436# analyzing URLs found in emails using WDB and PDB signature databases. 437# Default: yes 438#PhishingScanURLs no 439 440 441## 442## Data Loss Prevention (DLP) 443## 444 445# Enable the DLP module 446# Default: No 447#StructuredDataDetection yes 448 449# This option sets the lowest number of Credit Card numbers found in a file 450# to generate a detect. 451# Default: 3 452#StructuredMinCreditCardCount 5 453 454# With this option enabled the DLP module will search for valid Credit Card 455# numbers only. Debit and Private Label cards will not be searched. 456# Default: no 457#StructuredCCOnly yes 458 459# This option sets the lowest number of Social Security Numbers found 460# in a file to generate a detect. 461# Default: 3 462#StructuredMinSSNCount 5 463 464# With this option enabled the DLP module will search for valid 465# SSNs formatted as xxx-yy-zzzz 466# Default: yes 467#StructuredSSNFormatNormal yes 468 469# With this option enabled the DLP module will search for valid 470# SSNs formatted as xxxyyzzzz 471# Default: no 472#StructuredSSNFormatStripped yes 473 474 475## 476## HTML 477## 478 479# Perform HTML normalisation and decryption of MS Script Encoder code. 480# Default: yes 481# If you turn off this option, the original files will still be scanned, but 482# without additional processing. 483#ScanHTML yes 484 485 486## 487## Archives 488## 489 490# ClamAV can scan within archives and compressed files. 491# If you turn off this option, the original files will still be scanned, but 492# without unpacking and additional processing. 493# Default: yes 494#ScanArchive yes 495 496 497## 498## Limits 499## 500 501# The options below protect your system against Denial of Service attacks 502# using archive bombs. 503 504# This option sets the maximum amount of time to a scan may take. 505# In this version, this field only affects the scan time of ZIP archives. 506# Value of 0 disables the limit. 507# Note: disabling this limit or setting it too high may result allow scanning 508# of certain files to lock up the scanning process/threads resulting in a 509# Denial of Service. 510# Time is in milliseconds. 511# Default: 120000 512#MaxScanTime 300000 513 514# This option sets the maximum amount of data to be scanned for each input 515# file. Archives and other containers are recursively extracted and scanned 516# up to this value. 517# Value of 0 disables the limit 518# Note: disabling this limit or setting it too high may result in severe damage 519# to the system. 520# Default: 100M 521#MaxScanSize 150M 522 523# Files larger than this limit won't be scanned. Affects the input file itself 524# as well as files contained inside it (when the input file is an archive, a 525# document or some other kind of container). 526# Value of 0 disables the limit. 527# Note: disabling this limit or setting it too high may result in severe damage 528# to the system. 529# Technical design limitations prevent ClamAV from scanning files greater than 530# 2 GB at this time. 531# Default: 25M 532#MaxFileSize 30M 533 534# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR 535# file, all files within it will also be scanned. This options specifies how 536# deeply the process should be continued. 537# Note: setting this limit too high may result in severe damage to the system. 538# Default: 17 539#MaxRecursion 10 540 541# Number of files to be scanned within an archive, a document, or any other 542# container file. 543# Value of 0 disables the limit. 544# Note: disabling this limit or setting it too high may result in severe damage 545# to the system. 546# Default: 10000 547#MaxFiles 15000 548 549# Maximum size of a file to check for embedded PE. Files larger than this value 550# will skip the additional analysis step. 551# Note: disabling this limit or setting it too high may result in severe damage 552# to the system. 553# Default: 10M 554#MaxEmbeddedPE 10M 555 556# Maximum size of a HTML file to normalize. HTML files larger than this value 557# will not be normalized or scanned. 558# Note: disabling this limit or setting it too high may result in severe damage 559# to the system. 560# Default: 10M 561#MaxHTMLNormalize 10M 562 563# Maximum size of a normalized HTML file to scan. HTML files larger than this 564# value after normalization will not be scanned. 565# Note: disabling this limit or setting it too high may result in severe damage 566# to the system. 567# Default: 2M 568#MaxHTMLNoTags 2M 569 570# Maximum size of a script file to normalize. Script content larger than this 571# value will not be normalized or scanned. 572# Note: disabling this limit or setting it too high may result in severe damage 573# to the system. 574# Default: 5M 575#MaxScriptNormalize 5M 576 577# Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger 578# than this value will skip the step to potentially reanalyze as PE. 579# Note: disabling this limit or setting it too high may result in severe damage 580# to the system. 581# Default: 1M 582#MaxZipTypeRcg 1M 583 584# This option sets the maximum number of partitions of a raw disk image to be 585# scanned. 586# Raw disk images with more partitions than this value will have up to 587# the value number partitions scanned. Negative values are not allowed. 588# Note: setting this limit too high may result in severe damage or impact 589# performance. 590# Default: 50 591#MaxPartitions 128 592 593# This option sets the maximum number of icons within a PE to be scanned. 594# PE files with more icons than this value will have up to the value number 595# icons scanned. 596# Negative values are not allowed. 597# WARNING: setting this limit too high may result in severe damage or impact 598# performance. 599# Default: 100 600#MaxIconsPE 200 601 602# This option sets the maximum recursive calls for HWP3 parsing during 603# scanning. HWP3 files using more than this limit will be terminated and 604# alert the user. 605# Scans will be unable to scan any HWP3 attachments if the recursive limit 606# is reached. 607# Negative values are not allowed. 608# WARNING: setting this limit too high may result in severe damage or impact 609# performance. 610# Default: 16 611#MaxRecHWP3 16 612 613# This option sets the maximum calls to the PCRE match function during 614# an instance of regex matching. 615# Instances using more than this limit will be terminated and alert the user 616# but the scan will continue. 617# For more information on match_limit, see the PCRE documentation. 618# Negative values are not allowed. 619# WARNING: setting this limit too high may severely impact performance. 620# Default: 100000 621#PCREMatchLimit 20000 622 623# This option sets the maximum recursive calls to the PCRE match function 624# during an instance of regex matching. 625# Instances using more than this limit will be terminated and alert the user 626# but the scan will continue. 627# For more information on match_limit_recursion, see the PCRE documentation. 628# Negative values are not allowed and values > PCREMatchLimit are superfluous. 629# WARNING: setting this limit too high may severely impact performance. 630# Default: 2000 631#PCRERecMatchLimit 10000 632 633# This option sets the maximum filesize for which PCRE subsigs will be 634# executed. Files exceeding this limit will not have PCRE subsigs executed 635# unless a subsig is encompassed to a smaller buffer. 636# Negative values are not allowed. 637# Setting this value to zero disables the limit. 638# WARNING: setting this limit too high or disabling it may severely impact 639# performance. 640# Default: 25M 641#PCREMaxFileSize 100M 642 643# When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or 644# MaxRecursion limit will be flagged with the virus name starting with 645# "Heuristics.Limits.Exceeded". 646# Default: no 647#AlertExceedsMax yes 648 649## 650## On-access Scan Settings 651## 652 653# Don't scan files larger than OnAccessMaxFileSize 654# Value of 0 disables the limit. 655# Default: 5M 656#OnAccessMaxFileSize 10M 657 658# Max number of scanning threads to allocate to the OnAccess thread pool at 659# startup. These threads are the ones responsible for creating a connection 660# with the daemon and kicking off scanning after an event has been processed. 661# To prevent clamonacc from consuming all clamd's resources keep this lower 662# than clamd's max threads. 663# Default: 5 664#OnAccessMaxThreads 10 665 666# Max amount of time (in milliseconds) that the OnAccess client should spend 667# for every connect, send, and recieve attempt when communicating with clamd 668# via curl. 669# Default: 5000 (5 seconds) 670# OnAccessCurlTimeout 10000 671 672# Toggles dynamic directory determination. Allows for recursively watching 673# include paths. 674# Default: no 675#OnAccessDisableDDD yes 676 677# Set the include paths (all files inside them will be scanned). You can have 678# multiple OnAccessIncludePath directives but each directory must be added 679# in a separate line. 680# Default: disabled 681#OnAccessIncludePath /home 682#OnAccessIncludePath /students 683 684# Set the exclude paths. All subdirectories are also excluded. 685# Default: disabled 686#OnAccessExcludePath /home/user 687 688# Modifies fanotify blocking behaviour when handling permission events. 689# If off, fanotify will only notify if the file scanned is a virus, 690# and not perform any blocking. 691# Default: no 692#OnAccessPrevention yes 693 694# When using prevention, if this option is turned on, any errors that occur 695# during scanning will result in the event attempt being denied. This could 696# potentially lead to unwanted system behaviour with certain configurations, 697# so the client defaults this to off and prefers allowing access events in 698# case of scan or connection error. 699# Default: no 700#OnAccessDenyOnError yes 701 702# Toggles extra scanning and notifications when a file or directory is 703# created or moved. 704# Requires the DDD system to kick-off extra scans. 705# Default: no 706#OnAccessExtraScanning yes 707 708# Set the mount point to be scanned. The mount point specified, or the mount 709# point containing the specified directory will be watched. If any directories 710# are specified, this option will preempt (disable and ignore all options 711# related to) the DDD system. This option will result in verdicts only. 712# Note that prevention is explicitly disallowed to prevent common, fatal 713# misconfigurations. (e.g. watching "/" with prevention on and no exclusions 714# made on vital system directories) 715# It can be used multiple times. 716# Default: disabled 717#OnAccessMountPath / 718#OnAccessMountPath /home/user 719 720# With this option you can exclude the root UID (0). Processes run under 721# root with be able to access all files without triggering scans or 722# permission denied events. 723# Note that if clamd cannot check the uid of the process that generated an 724# on-access scan event (e.g., because OnAccessPrevention was not enabled, and 725# the process already exited), clamd will perform a scan. Thus, setting 726# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the 727# root user from triggering a scan (unless OnAccessPrevention is enabled). 728# Default: no 729#OnAccessExcludeRootUID no 730 731# With this option you can exclude specific UIDs. Processes with these UIDs 732# will be able to access all files without triggering scans or permission 733# denied events. 734# This option can be used multiple times (one per line). 735# Using a value of 0 on any line will disable this option entirely. 736# To exclude the root UID (0) please enable the OnAccessExcludeRootUID 737# option. 738# Also note that if clamd cannot check the uid of the process that generated an 739# on-access scan event (e.g., because OnAccessPrevention was not enabled, and 740# the process already exited), clamd will perform a scan. Thus, setting 741# OnAccessExcludeUID is not *guaranteed* to prevent every access by the 742# specified uid from triggering a scan (unless OnAccessPrevention is enabled). 743# Default: disabled 744#OnAccessExcludeUID -1 745 746# This option allows exclusions via user names when using the on-access 747# scanning client. It can be used multiple times. 748# It has the same potential race condition limitations of the 749# OnAccessExcludeUID option. 750# Default: disabled 751#OnAccessExcludeUname clamav 752 753# Number of times the OnAccess client will retry a failed scan due to 754# connection problems (or other issues). 755# Default: 0 756#OnAccessRetryAttempts 3 757 758## 759## Bytecode 760## 761 762# With this option enabled ClamAV will load bytecode from the database. 763# It is highly recommended you keep this option on, otherwise you'll miss 764# detections for many new viruses. 765# Default: yes 766#Bytecode yes 767 768# Set bytecode security level. 769# Possible values: 770# None - No security at all, meant for debugging. 771# DO NOT USE THIS ON PRODUCTION SYSTEMS. 772# This value is only available if clamav was built 773# with --enable-debug! 774# TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert 775# runtime safety checks for bytecode loaded from other sources. 776# Paranoid - Don't trust any bytecode, insert runtime checks for all. 777# Recommended: TrustSigned, because bytecode in .cvd files already has these 778# checks. 779# Note that by default only signed bytecode is loaded, currently you can only 780# load unsigned bytecode in --enable-debug mode. 781# 782# Default: TrustSigned 783#BytecodeSecurity TrustSigned 784 785# Allow loading bytecode from outside digitally signed .c[lv]d files. 786# **Caution**: You should NEVER run bytecode signatures from untrusted sources. 787# Doing so may result in arbitrary code execution. 788# Default: no 789#BytecodeUnsigned yes 790 791# Set bytecode timeout in milliseconds. 792# 793# Default: 5000 794# BytecodeTimeout 1000 795